CyberSecurityBoard
Sponsor Register Login

CISA warns of increased breach risks following Oracle Cloud leak

BleepingComputer ​​​​​has separately confirmed with multiple Oracle customers that leaked data samples (including associated LDAP display names, email addresses, given names, and other identifying information) received from the threat actor were valid. Last month, BleepingComputer first reported that Oracle also issued private customer notifications regarding another January breach at Oracle Health (a SaaS company previously known as Cerner) that impacted patient data at multiple U.S. healthcare organizations and hospitals. The U.S. cybersecurity agency also released guidance to mitigate the risks linked to the resulting credential leak, urging network defenders to reset affected users' passwords, replace hardcoded or embedded credentials with secure authentication methods, enforce phishing-resistant multi-factor authentication (MFA) wherever possible, and monitor authentication logs for suspicious activity. In late March, cybersecurity firm CybelAngel also revealed that Oracle told customers that an attacker deployed a web shell and additional malware on some of its Gen 1 (also known as Oracle Cloud Classic) servers as early as January 2025. On Wednesday, CISA warned of heightened breach risks after the compromise of legacy Oracle Cloud servers earlier this year and highlighted the significant threat to enterprise networks. Until the breach was detected in late February, the attacker allegedly stole data from the Oracle Identity Manager (IDM) database, which included hashed passwords, usernames, and user emails. ​Oracle also privately acknowledged in calls with some of its clients that attackers stole old client credentials after breaching a "legacy environment" last used in 2017. The compromise of credential material, including usernames, emails, passwords, authentication tokens, and encryption keys, can pose significant risk to enterprise environments," it added. However, Oracle added that its Oracle Cloud servers were not compromised, and the incident didn't impact its cloud services or customer data.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 17 Apr 2025 11:25:09 +0000


Cyber News related to CISA warns of increased breach risks following Oracle Cloud leak

Multi-Cloud vs. Hybrid Cloud: The Main Difference - The proliferation of cloud technologies is particularly confusing to businesses new to cloud adoption, and they're sometimes baffled by the distinction between multi-cloud and hybrid cloud. Although the public cloud infrastructure and public cloud ...
1 year ago Techtarget.com
What is a Cloud Architect and How Do You Become One? - A cloud architect is an IT professional who is responsible for overseeing a company's cloud computing strategy. This includes cloud adoption plans, cloud application design, and cloud management and monitoring. Cloud architects oversee application ...
1 year ago Techtarget.com
2023 Cloud Security Report - Security concerns remain a critical barrier to cloud adoption, showing little signs of improvement in the perception of cloud security professionals. Cloud adoption is further inhibited by a number of related challenges that prevent the faster and ...
1 year ago Cybersecurity-insiders.com
Top Cloud Security Issues: Threats, Risks, Challenges & Solutions - Cloud security issues refer to the threats, risks, and challenges in the cloud environment. To combat these cloud security issues, develop a robust cloud security strategy that addresses all three to provide comprehensive protection. Cloud security ...
10 months ago Esecurityplanet.com
The 10 Best Cloud Security Certifications for IT Pros in 2024 - Many professionals seeking a career in cloud security turn to certifications to advance their learning and prove.... their knowledge to potential employers. The number of cloud security certifications has increased in recent years making it difficult ...
1 year ago Techtarget.com
Cloud Security: Stats and Strategies - An interesting aspect in O'Reilly's latest Cloud Adoption report based on a global survey conducted is that 90% of the responders are using the cloud to support their business. One of the key takeaways from the State of the Cloud report from Flexera ...
1 year ago Feeds.dzone.com
What Is Cloud Security Management? Types & Strategies - Cloud security management is the process of safeguarding cloud data and operations from attacks and vulnerabilities through a set of cloud strategies, tools, and practices. The cloud security manager and the IT team are generally responsible for ...
10 months ago Esecurityplanet.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
10 months ago Securityaffairs.com
6 Best Cloud Security Companies & Vendors in 2024 - Cloud security companies specialize in protecting cloud-based assets, data, and applications against cyberattacks. To help you choose, we've analyzed a range of cybersecurity companies offering cloud security products and threat protection services. ...
1 year ago Esecurityplanet.com
CrowdStrike Enhances Cloud Asset Visualization to Accelerate Risk Prioritization - The massive increase in cloud adoption has driven adversaries to focus their efforts on cloud environments - a shift that led to cloud intrusions increasing by 75% in 2023, emphasizing the need for stronger cloud security. As organizations increase ...
11 months ago Crowdstrike.com
Oracle says "obsolete servers" hacked, denies cloud breach - BleepingComputer has also separately confirmed with multiple Oracle customers that samples of the leaked data (including associated LDAP display names, email addresses, given names, and other identifying information) received from the threat actor ...
1 week ago Bleepingcomputer.com
7 Considerations for Multi-Cluster Kubernetes - A hybrid cloud is a cloud computing environment that combines public and private clouds, allowing organizations to utilize the benefits of both. In a hybrid cloud, an organization can store and process critical data and applications in its private ...
1 year ago Feeds.dzone.com
What Is Cloud Workload Security? Ultimate Guide - Cloud workload security, or cloud workload protection, refers to the tools and policies used to protect apps, services, and resources that run on cloud infrastructure. Your organization can manage cloud workload security through coordination across ...
9 months ago Esecurityplanet.com
Master Cloud Computing Risks with a Proactive, End-to-End Approach - These guiding principles have provided a foundation for Accenture's public cloud security offerings since they were introduced in 2018. With the release of the Prisma® Cloud Darwin update, Palo Alto Networks dramatically simplifies risk mitigation ...
1 year ago Paloaltonetworks.com Inception
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
1 year ago Securityboulevard.com
What is cloud load balancing? - Cloud load balancing is the process of distributing workloads across computing resources in a cloud computing environment and carefully balancing the network traffic accessing those resources. Cloud load balancing helps enterprises achieve ...
1 year ago Techtarget.com
Cloud Security: Ensuring Data Protection in the Cloud - Data Encryption: Protecting sensitive data is a top priority in cloud security. Cloud security is of utmost importance when it comes to protecting and ensuring the confidentiality of data stored and transmitted in the cloud. Data protection in the ...
1 year ago Securityzap.com
Managing the Requirements of a MultiCloud System - The use of digital technology has advanced to include cloud computing in the delivery of services, cost reduction, increased agility, and improved security. The emergence of various cloud solutions has led organizations to move their assets from ...
2 years ago Blog.isc2.org
4 types of cloud security tools organizations need in 2024 - By now, organizations know which on-premises security tools they need, but when it comes to securing the cloud, they don't always understand which cloud security tools to implement. While many traditional on-premises tools and controls work in the ...
1 year ago Techtarget.com
Middle East CISOs Fear Disruptive Cloud Breach - As organizations in the Middle East increasingly adopt cloud services, business leaders worry that their cloud-security measures are falling short. Running in the Cloud The worries arise as organizations in the Middle East accelerate their cloud ...
1 year ago Darkreading.com
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
6 months ago Therecord.media
Oracle privately confirms Cloud breach to customers - This comes after a threat actor (known as rose87168) put up for sale 6 million data records on BreachForums on March 20 and released multiple text files containing a sample database, LDAP information, and a list of the companies as proof that the ...
2 weeks ago Bleepingcomputer.com
Oracle privately confirms Cloud breach to customers - This comes after a threat actor (known as rose87168) put up for sale 6 million data records on BreachForums on March 20 and released multiple text files containing a sample database, LDAP information, and a list of the companies as proof that the ...
2 weeks ago Bleepingcomputer.com
Surge in Cloud Threats Spikes Rapid Adoption of CNAPPs for Cloud-Native Security - CNAPPs integrate multiple previously separate technologies—including Cloud Security Posture Management (CSPM), Cloud Workload Protection Platforms (CWPP), Cloud Infrastructure Entitlement Management (CIEM), Kubernetes Security Posture Management ...
4 days ago Cybersecuritynews.com
CISA warns of increased breach risks following Oracle Cloud leak - BleepingComputer ​​​​​has separately confirmed with multiple Oracle customers that leaked data samples (including associated LDAP display names, email addresses, given names, and other identifying information) received ...
1 day ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)