All news with #oracle tag

Hackers Target Unpatched Oracle E-Business Suite Flaws

⚠️ Oracle has warned customers that attackers may be exploiting unpatched instances of Oracle E-Business Suite, following alerts from the Google Threat Intelligence Group and reports of extortion emails sent to company executives. The vendor’s investigation points to vulnerabilities addressed in the July 2025 Critical Patch Update, and it urges organizations to apply those fixes immediately. The July update fixed nine EBS flaws, including three critical issues and several that can be exploited remotely without authentication, raising urgent remediation priorities for affected deployments. Security teams should verify patch status, hunt for indicators of compromise, and validate account integrity.

Cl0p-linked Extortion Targets Oracle E-Business Suite

🔒 Researchers at Halcyon, Google, and Mandiant report an extortion campaign attributed to actors likely affiliated with the Cl0p gang, targeting Oracle E‑Business Suite (EBS) via exposed local login pages. Attackers allegedly abused the AppsLocalLogin.jsp password‑reset workflow to obtain local credentials that bypass SSO and often lack MFA, then sent executive extortion demands with proof samples. Demands range into seven and eight figures, reportedly up to $50 million; defenders are advised to restrict public EBS access, enforce MFA, and review logs immediately.

Google, Mandiant Probe Extortion Claims Targeting Oracle EBS

📧 Google Mandiant and the Google Threat Intelligence Group report a new high-volume extortion campaign that claims stolen data from Oracle E-Business Suite. The operation began on or before September 29, 2025, uses hundreds of compromised accounts, and includes contact addresses verified on the Cl0p data leak site. Mandiant notes at least one sending account has ties to FIN11, a TA505 subset. Investigations are ongoing and organizations are urged to inspect for compromise.

Clop-Linked Extortion Emails Claim Oracle E-Business Theft

📧 Mandiant and Google are tracking a high-volume extortion email campaign that began on or before September 29, 2025, in which executives received messages claiming sensitive data was stolen from Oracle E-Business Suite systems. The emails are being sent from hundreds of compromised accounts and include contact addresses tied to the Clop data leak site, indicating a potential connection to the Clop/FIN11 extortion operation. Investigators caution there is not yet sufficient evidence to confirm actual data theft and recommend organizations check their Oracle environments for unusual access or compromise.

U.S. Investors to Take Over and Restructure TikTok Operations

🔐 President Trump has signed an executive order approving a plan to separate TikTok’s U.S. operations from Chinese owner ByteDance, enabling a new U.S.-based joint venture to manage the service domestically. The agreement covers TikTok and related apps such as Lemon8 and CapCut and limits ByteDance to under 20% ownership. Oracle and other American investors will control algorithms, data storage, and content moderation while security partners monitor code and data flows.

Amazon RDS for Oracle Adds Support for Bare Metal Instances

🆕 Amazon RDS for Oracle and Amazon RDS Custom for Oracle now support a range of bare metal instance types, with pricing at about 25% below equivalent virtualized instances. Supported families include M7i, R7i, X2iedn, X2idn, X2iezn, M6i, M6id, M6in, R6i, R6id, and R6in. Using the Multi-tenant feature you can consolidate multiple databases onto a single bare metal instance to reduce infrastructure cost, and you may also be able to lower commercial Oracle licensing and support fees because bare metal provides full visibility into CPU cores and sockets. Bare metal is available with Bring Your Own License (BYOL) for Oracle Enterprise Edition; consult RDS pricing and your licensing partner for region and configuration availability.

Amazon RDS for Oracle adds ECC384 CA and ECDSA ciphers

🔒 Amazon RDS for Oracle now supports an ECC384 Certificate Authority and two new ECDSA cipher suites for SSL and OEM Agent options on Oracle Database 19c and 21c. The added cipher suites — TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 and TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 — offer security comparable to RSA with shorter keys and lower CPU usage. To enable them, select rds-ca-ecc384-g1 as the CA for your DB instances and follow the documented steps to add SSL or modify OEM Agent settings.

Amazon RDS for Oracle: Redo Transport Compression Now

⚙️ Amazon RDS for Oracle now supports Redo Transport Compression, which compresses redo data before it is transmitted to standby databases to reduce network traffic and improve redo transport performance. Because transport is faster, customers can achieve a lower Recovery Point Objective (RPO). Compression and decompression consume CPU on both primary and standby instances, so ensure adequate CPU capacity before enabling. Enable the feature by setting the redo_compression parameter in the instance Parameter Group; it supports mounted and read replicas and requires Oracle Enterprise Edition with Oracle Advanced Compression licensing.

Migrating Oracle TDE Keystore on EC2 to AWS CloudHSM

🔐 This AWS Security Blog post, republished July 30, 2025, demonstrates how to migrate an Oracle 19c Transparent Data Encryption (TDE) keystore on Amazon EC2 from a file-based wallet to AWS CloudHSM using the CloudHSM Client SDK 5. It walks through prerequisites—CloudHSM cluster, CloudHSM admin and crypto users, network connectivity—and stepwise commands to install the client and PKCS#11 library, adjust Oracle WALLET_ROOT/TDE_CONFIGURATION, and run the ADMINISTER KEY MANAGEMENT migration. The guide also covers creating an auto-login keystore, verifying V$ENCRYPTION_WALLET status, and outlines benefits such as FIPS-validated hardware, centralized management, and improved compliance.