https://community.isc2.org/t5/Threats/Oracle-Cloud-breach-may-impact-140-000-enterprise-customers/m-p/78603#M1572 <P>And now, oracle is starting to <A href="https://www.theregister.com/2025/04/08/oracle_cloud_compromised/" target="_blank" rel="noopener">fess up</A>.&nbsp; The fundamental problem appears to be their failure to apply their own security patches on a timely basis.&nbsp; The&nbsp;<A href="https://nvd.nist.gov/vuln/detail/cve-2021-35587" target="_blank" rel="noopener">vulnerability</A> has a 9.8 (out of 10) CVSS score.</P><P>&nbsp;</P><P>So much for the theory that one of the primary advantages of using a manufacturer's own cloud infrastructure is that they have advance notice and can apply maintenance even before the patch is publicly released.</P> Tue, 08 Apr 2025 04:51:50 GMT denbesten 2025-04-08T04:51:50Z https://community.isc2.org/t5/Threats/Oracle-Cloud-breach-may-impact-140-000-enterprise-customers/m-p/78398#M1561 <P>Hi All</P><P>&nbsp;</P><P>A threat actor has targeted the login infrastructure of Oracle Cloud, exploiting middleware vulnerability, and demanding ransom from over 140,000 tenants.</P><P>&nbsp;</P><P>Don't pay the ransom!</P><H2><FONT face="arial,helvetica,sans-serif" size="3"><A href="https://www.csoonline.com/article/3852643/oracle-cloud-breach-may-impact-140000-enterprise-html" target="_blank" rel="noopener">https://www.csoonline.com/article/3852643/oracle-cloud-breach-may-impact-140000-enterprise-html</A></FONT></H2><P>&nbsp;</P><P><FONT face="arial,helvetica,sans-serif" size="3">Regards</FONT></P><P>&nbsp;</P><P><FONT face="arial,helvetica,sans-serif" size="3">Caute_Cautim</FONT></P> Mon, 31 Mar 2025 21:28:32 GMT https://community.isc2.org/t5/Threats/Oracle-Cloud-breach-may-impact-140-000-enterprise-customers/m-p/78398#M1561 Caute_cautim 2025-03-31T21:28:32Z https://community.isc2.org/t5/Threats/Oracle-Cloud-breach-may-impact-140-000-enterprise-customers/m-p/78427#M1568 <P>Oracle continues to deny there has been a breach, yet (anonymous) customers have confirmed the disclosed creds did belong to them and were uniquely used with Oracle.&nbsp;&nbsp;</P> Tue, 01 Apr 2025 20:35:15 GMT https://community.isc2.org/t5/Threats/Oracle-Cloud-breach-may-impact-140-000-enterprise-customers/m-p/78427#M1568 denbesten 2025-04-01T20:35:15Z https://community.isc2.org/t5/Threats/Oracle-Cloud-breach-may-impact-140-000-enterprise-customers/m-p/78603#M1572 <P>And now, oracle is starting to <A href="https://www.theregister.com/2025/04/08/oracle_cloud_compromised/" target="_blank" rel="noopener">fess up</A>.&nbsp; The fundamental problem appears to be their failure to apply their own security patches on a timely basis.&nbsp; The&nbsp;<A href="https://nvd.nist.gov/vuln/detail/cve-2021-35587" target="_blank" rel="noopener">vulnerability</A> has a 9.8 (out of 10) CVSS score.</P><P>&nbsp;</P><P>So much for the theory that one of the primary advantages of using a manufacturer's own cloud infrastructure is that they have advance notice and can apply maintenance even before the patch is publicly released.</P> Tue, 08 Apr 2025 04:51:50 GMT https://community.isc2.org/t5/Threats/Oracle-Cloud-breach-may-impact-140-000-enterprise-customers/m-p/78603#M1572 denbesten 2025-04-08T04:51:50Z