Oracle Still Denies Breach as Researchers Persist
Evidence suggests an attacker gained access to the company's cloud infrastructure environment, but Oracle insists that didn't happen.
Oracle develops databases, cloud services, and business software; vulnerabilities in these products can expose sensitive data and systems.
Search across headline titles and summaries.
Background for this topic.
Oracle is an enterprise technology ecosystem best known in security contexts for Oracle Database, along with Java, application servers, business applications, and cloud services. These products often process sensitive business and personal data, so the tag commonly covers vulnerabilities, insecure configurations, and security updates affecting Oracle software and its integrations.
Material risks include exposed database listeners or management interfaces, excessive privileges, weak authentication, SQL injection, and vulnerable components that may permit unauthorized queries or code execution. Practitioners should inventory Oracle versions and dependencies, apply relevant security updates through controlled testing, restrict network access, enforce least privilege and encryption, and monitor database activity. Advisories should be assessed against the exact product and release, exploit prerequisites, and available mitigations; unsupported versions may remain exposed to known flaws.
Evidence suggests an attacker gained access to the company's cloud infrastructure environment, but Oracle insists that didn't happen.
A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers. [...]
Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid. [...]
Customers come forward claiming info was swiped from prod Oracle Cloud's denial of a digital break-in is now in clear dispute. A infosec researcher working on validating claims that the cloud provider's login servers were compromised earlier this year says some customers have confirmed data allegedly stolen and leaked from the database giant is genuine.…
Allcargo Gati's CIO on Enhancing System Uptime and Scaling the Tech StackAllcargo Gati is transforming its logistics operations with Oracle Cloud, reducing system uptime and boosting efficiency by 20%. The move was designed to enhance application performance, reduce latency and enable seamless scalability.
A threat actor posted data on Breachforums from an alleged supply-chain attack that affected more than 140K tenants, claiming to have compromised the cloud via a zero-day flaw in WebLogic, researchers say.
Despite evidence to the contrary as alleged pilfered info goes on sale Oracle has straight up denied claims by a miscreant that its public cloud offering has been compromised and information stolen.…