All news with #oracle tag

🔒 Oracle said some customers received extortion emails tied to its E-Business Suite and linked the campaign to vulnerabilities patched in the July 2025 Critical Patch Update. While Oracle did not attribute the activity to a specific ransomware group, its investigation found potential use of previously identified EBS flaws, including three that were remotely exploitable. Security firms reported executives began receiving ransom demands on or before September 29, 2025. Oracle urged customers to apply the latest patches and contact support if they need assistance.

⚠️ Oracle has warned customers that attackers may be exploiting unpatched instances of Oracle E-Business Suite, following alerts from the Google Threat Intelligence Group and reports of extortion emails sent to company executives. The vendor’s investigation points to vulnerabilities addressed in the July 2025 Critical Patch Update, and it urges organizations to apply those fixes immediately. The July update fixed nine EBS flaws, including three critical issues and several that can be exploited remotely without authentication, raising urgent remediation priorities for affected deployments. Security teams should verify patch status, hunt for indicators of compromise, and validate account integrity.

🔒 Researchers at Halcyon, Google, and Mandiant report an extortion campaign attributed to actors likely affiliated with the Cl0p gang, targeting Oracle E‑Business Suite (EBS) via exposed local login pages. Attackers allegedly abused the AppsLocalLogin.jsp password‑reset workflow to obtain local credentials that bypass SSO and often lack MFA, then sent executive extortion demands with proof samples. Demands range into seven and eight figures, reportedly up to $50 million; defenders are advised to restrict public EBS access, enforce MFA, and review logs immediately.

📧 Google Mandiant and the Google Threat Intelligence Group report a new high-volume extortion campaign that claims stolen data from Oracle E-Business Suite. The operation began on or before September 29, 2025, uses hundreds of compromised accounts, and includes contact addresses verified on the Cl0p data leak site. Mandiant notes at least one sending account has ties to FIN11, a TA505 subset. Investigations are ongoing and organizations are urged to inspect for compromise.

📧 Mandiant and Google are tracking a high-volume extortion email campaign that began on or before September 29, 2025, in which executives received messages claiming sensitive data was stolen from Oracle E-Business Suite systems. The emails are being sent from hundreds of compromised accounts and include contact addresses tied to the Clop data leak site, indicating a potential connection to the Clop/FIN11 extortion operation. Investigators caution there is not yet sufficient evidence to confirm actual data theft and recommend organizations check their Oracle environments for unusual access or compromise.

🔐 President Trump has signed an executive order approving a plan to separate TikTok’s U.S. operations from Chinese owner ByteDance, enabling a new U.S.-based joint venture to manage the service domestically. The agreement covers TikTok and related apps such as Lemon8 and CapCut and limits ByteDance to under 20% ownership. Oracle and other American investors will control algorithms, data storage, and content moderation while security partners monitor code and data flows.

🔐 This AWS Security Blog post, republished July 30, 2025, demonstrates how to migrate an Oracle 19c Transparent Data Encryption (TDE) keystore on Amazon EC2 from a file-based wallet to AWS CloudHSM using the CloudHSM Client SDK 5. It walks through prerequisites—CloudHSM cluster, CloudHSM admin and crypto users, network connectivity—and stepwise commands to install the client and PKCS#11 library, adjust Oracle WALLET_ROOT/TDE_CONFIGURATION, and run the ADMINISTER KEY MANAGEMENT migration. The guide also covers creating an auto-login keystore, verifying V$ENCRYPTION_WALLET status, and outlines benefits such as FIPS-validated hardware, centralized management, and improved compliance.