There is a reason why one of the biggest initiatives in the tech industry right now is Project Glasswing. Run by Anthropic and several other big tech firms, it seeks to identify vulnerabilities in critical software than other AI could exploit.
It is something that could have served Oracle well, but unfortunately, the company has discovered that its software has been compromised and utilised to hack more than 100 of its customers.
The hacking group in question is ShinyHunters, which claimed to have breached more than 100 organisations via the vulnerability in Orcale’s PeopleSoft servers.
“This vulnerability is remotely exploitable without authentication. If successfully exploited, this vulnerability may result in remote code execution. We consider implementation of the recommended mitigations to be a high-priority risk reduction measure and strongly recommend immediate action to address the identified exposure,” it explained in a security advisory alert.
As Mandiant, a cybersecurity group under Google that investigates such attacks, has pointed out, this exploit has been used by ShinyHunters for a little over a week, from late-May to early June.
“Upon becoming aware of active scanning and exploitation, we initiated notifications to over 100 global organizations whose IP addresses correlated with potentially vulnerable endpoints,” it outlined.
“Most of these organizations were based in the United States, and 68 percent operated within the higher education sector. Subsequently, public reports by @nahamike01 on X highlighted open attacker directories on the staging servers, allowing GTIG to perform a detailed triage of the threat actor’s operations,” it added.
Perhaps most concerning is that no patch or fix has been issued by Oracle at the time of writing, which means customers utilising PeopleSoft servers remain highly vulnerable to further attacks.
“We recommend that organizations running Oracle PeopleSoft take the following immediate actions to best defend themselves,” Mandiant emphasised.
“Prior to the discovery of the open staging directories, we began an effort to alert over 100 exposed organizations to assist in restricting access to vulnerable endpoints. These organizations are significantly concentrated in the Higher Education sector; 68 percent are academic institutions, including universities and colleges worldwide. While several organizations successfully blocked the activity or remediated the vulnerabilities, others experienced compromise, resulting in stolen data being published on the ShinyHunters DLS,” it continued.
The company also detailed potential steps that organisations could take in order to address this issue.
This is not a good look for Oracle, which has still remain relatively silent on this vulnerability, outside of issuing an alert, begging the question, whether more vulnerabilities are still being discovered.
[Image – Photo by BoliviaInteligente on Unsplash]
Get the tech news you want to read. Take our reader survey and tell us how we can help you better.
Click Here For The Original Source
