✨ Explore this must-read post from TechCrunch 📖
📂 **Category**: Security,hackers,oracle,hacking,cybercrime,data breach,shinyhunters
📌 **What You’ll Learn**:
Oracle has warned its corporate customers of a critical vulnerability in its PeopleSoft software, which large companies use to manage payroll and human resources, a day after a cybercrime group took credit for exploiting the flaw as part of a mass hacking campaign.
The company published the security advisory on Thursday after hacking group ShinyHunters claimed to have hacked more than 100 organizations using PeopleSoft servers.
Mandiant, the Google-owned security unit that investigates cyberattacks, warned in a blog post that the new Oracle flaw is the same one being exploited by the ShinyHunters group in a hacking campaign targeting PeopleSoft customers.
Oracle, which has not released a patch for the vulnerability at the time of writing, said in the advisory that the vulnerability can be exploited online without requiring any authentication, such as a password.
The tech giant recommended that customers using PeopleSoft implement its mitigations to prevent exploitation.
On Wednesday, a ShinyHunters member told TechCrunch that the gang harmed companies by exploiting an unpatched flaw in PeopleSoft’s servers. The bug is known as “zero day” because the affected company, in this case Oracle, did not have time to fix it before it was discovered and exploited.
Mandiant confirmed that it had also notified more than “100 global organizations”, most of them in the United States, in an attempt to restrict access to their potentially vulnerable systems. About two-thirds of these organizations are in higher education, the cybersecurity group said, which is consistent with what ShinyHunters previously claimed.
“While many organizations were successful in blocking activity or remediating vulnerabilities, others experienced a breach, which resulted in stolen data being published on ShinyHunters.” [Data Leak Website]Mandiant wrote.
Oracle did not respond to TechCrunch’s request for comment.
Contact us
Do you have more information about this hacking campaign? Or other data breaches? We would love to hear from you. From a device and network outside of work, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, via Telegram and Keybase @lorenzofb, or email.
A ShinyHunters member told TechCrunch this week that some of the organizations that were hacked were universities and colleges.
The hacker shared a message they said was sent to one of the victim schools, in which the hackers claimed to have stolen “hundreds of thousands of student records containing full name, home address, phone, email, date of birth, gender, race, enrollment status, GPA, major, and student ID across all universities,” among other data.
PeopleSoft and its customers are the latest victims in a long line of hacking campaigns in which the ShinyHunters gang has targeted organizations that all share the same vulnerable software.
Last year, the group targeted several companies that use Salesforce and Gainsight, as well as software provided by education giant Instructure, among others.
Once hackers identify vulnerable software and companies using it, they attempt to steal company or customer data and then threaten to release it unless victims pay a ransom.
Earlier this year, education technology company Instructure said it paid hackers after they breached the company’s systems twice. As part of the hacking campaign, ShinyHunters defaced the login pages of several schools that use Instructure’s popular school information portal Canvas.
When you buy through links in our articles, we may earn a small commission. This does not affect our editorial independence.
🔥 **What’s your take?**
Share your thoughts in the comments below!
#️⃣ **#Oracle #warns #security #flaw #hackers #exploited #compromise #companies**
🕒 **Posted on**: 1781214295
🌟 **Want more?** Click here for more info! 🌟
