Threat Actors Leverage Oracle Database Scheduler to Execute Malicious Code

Recent cybersecurity investigations have revealed that threat actors are exploiting the Oracle Database Scheduler to execute malicious code, posing significant risks to enterprise environments. This technique allows attackers to leverage legitimate database functionalities to maintain persistence and evade detection. The Oracle Database Scheduler, designed to automate and schedule database tasks, has become a vector for executing unauthorized commands and scripts. Attackers exploit vulnerabilities and misconfigurations within Oracle databases to gain elevated privileges, enabling them to deploy malware or conduct further lateral movement within networks. This emerging threat highlights the importance of securing database environments, applying timely patches, and monitoring for unusual scheduler activities. Organizations using Oracle databases should implement strict access controls, audit scheduler jobs regularly, and employ advanced threat detection solutions to mitigate these risks. Understanding the tactics, techniques, and procedures (TTPs) used by threat actors in this context is critical for cybersecurity teams aiming to protect sensitive data and maintain operational integrity. This article delves into the methods attackers use to exploit Oracle Database Scheduler, the potential impact on affected organizations, and best practices for defense and remediation.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 22 Sep 2025 18:00:34 +0000

Cyber News related to Threat Actors Leverage Oracle Database Scheduler to Execute Malicious Code

Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
1 year ago Microsoft.com Kimsuky

Threat Actors Leverage Oracle Database Scheduler to Execute Malicious Code - Recent cybersecurity investigations have revealed that threat actors are exploiting the Oracle Database Scheduler to execute malicious code, posing significant risks to enterprise environments. This technique allows attackers to leverage legitimate ...
4 months ago Cybersecuritynews.com CVE-2023-21839

25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
6 months ago Cybersecuritynews.com

CVE-2016-0635 - Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, ...
6 years ago

TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
2 years ago Feeds.fortinet.com CVE-2023-42793 APT29

Operation Morpheus took down 593 Cobalt Strike servers used by threat actors - Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Experts released PoC exploit code for a critical bug in Progress Telerik Report Servers. Threat actors may have exploited a zero-day in older iPhones, Apple warns. Nation-state ...
1 year ago Securityaffairs.com CVE-2024-0769 CVE-2022-38028 CVE-2023-49103 CVE-2023-46747 CVE-2023-46748 CVE-2023-4966 APT28

15 PostgreSQL Monitoring Tools - 2025 - What is Good?What Could Be Better?Monitoring application performance, user experience, and errors.Some users find the pricing high, especially for larger environments.Continuous server, database, and infrastructure monitoring.The extensive feature ...
8 months ago Cybersecuritynews.com

Threat actors misuse OAuth applications to automate financially driven attacks - Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious ...
2 years ago Microsoft.com

Major Database Security Threats and How to Prevent Them | Tripwire - Cybercriminals can also attempt to seize control of the organization’s data management system, altering privileges so they can gain database access at any time. Data loss prevention (DLP) solutions can do a lot to prevent occurrences like ...
1 year ago Tripwire.com

Oracle’s First Security Update for 2023 Includes 327 New Patches - Oracle has released its first security update of 2023, delivering 327 new security fixes and patching a range of critical vulnerabilities. This update covers products spanning across Oracle’s Cloud portfolio, Fusion Middleware, Hyperion, E-Business ...
3 years ago Securityweek.com

Oracle says "obsolete servers" hacked, denies cloud breach - BleepingComputer has also separately confirmed with multiple Oracle customers that samples of the leaked data (including associated LDAP display names, email addresses, given names, and other identifying information) received from the threat actor ...
9 months ago Bleepingcomputer.com

Oracle privately confirms Cloud breach to customers - This comes after a threat actor (known as rose87168) put up for sale 6 million data records on BreachForums on March 20 and released multiple text files containing a sample database, LDAP information, and a list of the companies as proof that the ...
9 months ago Bleepingcomputer.com

Automating Threat Intelligence Enrichment In Your SIEM With MISP - In conclusion, automating threat intelligence enrichment between MISP and your SIEM using Python is a transformative step for any security operations center. This article explores how to architect, implement, and operationalize automated threat ...
9 months ago Cybersecuritynews.com

How to Use Threat Intelligence Feeds for SOC/DFIR Teams - Threat intelligence feeds provide real-time updates on indicators of compromise, such as malicious IPs and URLs. Security systems can then ingest these IOCs to identify and block potential threats, which essentially grants organizations immunity to ...
1 year ago Cybersecuritynews.com

What Is Cyber Threat Hunting? - Cyber threat hunting involves proactively searching for threats on an organization's network that are unknown to traditional cybersecurity solutions. A recent report from Armis found that cyber attack attempts increased by 104% in 2023, underscoring ...
1 year ago Techrepublic.com

Database Security - In today's rapidly evolving digital landscape, marked by the ascendancy of Artificial Intelligence and the ubiquity of cloud computing, the importance of database security has never been more pronounced. Effective database security strategies not ...
2 years ago Feeds.dzone.com

CVE-2025-21702 - In the Linux kernel, the following vulnerability has been resolved: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Expected behaviour: In case we reach scheduler's limit, pfifo_tail_enqueue() will drop a packet in scheduler's queue and ...
11 months ago Tenable.com

How to Overcome the Most Common Challenges with Threat Intelligence - Today's typical approach to threat intelligence isn't putting organizations in a place to do that. Instead, many threat intelligence tools are delivering too much uncurated and irrelevant information that arrives too late to act upon. Organizations ...
2 years ago Cyberdefensemagazine.com Hunters

Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours - In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol host, leading to data exfiltration and the deployment of Trigona ransomware. On Christmas Eve, within just three hours of gaining initial access, ...
1 year ago Thedfirreport.com Trigona

What Is Threat Modeling? - Threat modeling emerges as a pivotal process in this landscape, offering a structured approach to identify, assess, and address potential security threats. Threat Modeling Adoption and Implementation The successful adoption of threat modeling within ...
2 years ago Feeds.dzone.com

Top 7 Cyber Threat Hunting Tools for 2024 - Cyber threat hunting is a proactive security measure taken to detect and neutralize potential threats on a network before they cause significant damage. To seek out this type of threat, security professionals use cyber threat-hunting tools. With ...
1 year ago Techrepublic.com

Companies Must Strengthen Cyber Defense in Face of Shifting Threat Actor Strategies - Critical for organizations to understand attackers' tactics, techniques, and procedures. The 2023 mid-year cyber threat report card portends an ominous outlook with staggering data including the fact that 332 million cryptojacking attacks were ...
2 years ago Cyberdefensemagazine.com

Best MDR (Managed Detection & Response) Solutions - 2025 - Cybereason Managed Detection and Response solutions provide 24/7 threat monitoring, advanced endpoint protection, and rapid incident response. Cynet MDR solutions provide automated threat detection and response, ensuring comprehensive security ...
10 months ago Cybersecuritynews.com

CVE-2009-1993 - Unspecified vulnerability in the Application Express component in Oracle Database 3.0.1 allows remote authenticated users to affect confidentiality and integrity, related to FLOWS_030000.WWV_EXECUTE_IMMEDIATE. Per: ...
13 years ago