BusinessCybersecurityNewswireTechnologyWhat's Buzzing

Oracle Warns: Active Hack Exploit Used to Breach 100+ Firms

▼ Summary

– Oracle warned customers of a critical vulnerability in PeopleSoft software after the ShinyHunters hacking group claimed to have breached over 100 organizations using it.
– The flaw is a zero-day bug exploitable over the internet without authentication, and Oracle has not yet released a patch, only mitigations.
– Mandiant confirmed the same bug is being used in ShinyHunters’ campaign and notified over 100 global organizations, mostly in U.S. higher education.
– ShinyHunters stole data from some victims, including student records with personal details, and published it on their data leak site.
– The group targets organizations using common vulnerable software like PeopleSoft, Salesforce, and Instructure, often demanding ransom after data theft.

Oracle has issued an urgent security alert to its enterprise clients regarding a critical vulnerability in PeopleSoft, the widely used platform for payroll and human resources management. The warning follows a claim by the notorious cybercrime group ShinyHunters that it exploited this flaw to compromise over 100 organizations.

The advisory, released on Thursday, comes one day after ShinyHunters took credit for a mass-hacking campaign targeting PeopleSoft users. Mandiant, the Google-owned cybersecurity firm, confirmed in a blog post that the vulnerability being abused is the same bug Oracle flagged. At the time of this writing, Oracle has not released a patch for the flaw, which can be exploited remotely without any authentication, such as a password. The company urged customers to apply available mitigations to block potential attacks.

A ShinyHunters member told TechCrunch on Wednesday that the group breached companies by exploiting an unpatched zero-day vulnerability in PeopleSoft servers. A zero-day is a bug that the software vendor, in this case Oracle, had no prior opportunity to fix before it was discovered and weaponized by attackers.

Mandiant reported that it has already notified more than 100 global organizations, the majority based in the United States, to help restrict access to vulnerable systems. About two-thirds of these entities are in higher education, aligning with ShinyHunters’ earlier claims. “While several organizations successfully blocked the activity or remediated the vulnerabilities, others experienced compromise, resulting in stolen data being published on the ShinyHunters [Data Leak Website],” Mandiant wrote.

Oracle did not respond to a request for comment.

The ShinyHunters member shared details of a ransom note sent to one victim school, claiming the hackers had stolen “hundreds of thousands of student records containing full name, home address, phone, email, date of birth, gender, ethnicity, enrollment status, GPA, major, and student ID across all campuses,” among other sensitive data.

This campaign is the latest in a pattern for ShinyHunters, which has previously targeted organizations using Salesforce, Gainsight, and software from education giant Instructure. The group typically identifies vulnerable software and its users, then attempts to steal corporate or customer data and extort victims for ransom. Earlier this year, Instructure confirmed it paid hackers after they breached its systems twice. As part of that campaign, ShinyHunters defaced login pages for several schools using Instructure’s popular Canvas portal.

(Source: TechCrunch)

Topics

oracle peoplesoft vulnerability 98% shinyhunters hacking campaign 95% zero-day exploitation 92% mandiant incident response 88% higher education targets 86% data breach consequences 84% mass-hacking campaign 82% authentication bypass 80% oracle security advisory 78% ransomware extortion 76%