CISA warns of increased breach risks following Oracle Cloud leak

pFBI Scammers pose as FBI IC3 employees to help recover lost fundsppSonicWall SMA VPN devices targeted in attacks since JanuaryppMicrosoft Entra account lockouts caused by user token logging mishapppPhishers abuse Google OAuth to spoof Google in DKIM replay attackppThis refurbished Lenovo chromebook is now 80 in this dealppMicrosoft Entra account lockouts caused by user token logging mishapppWordPress adfraud plugins generated 14 billion ad requests per dayppGet started as an ethical hacker with this 35 course bundle dealppHow to access the Dark Web using the Tor BrowserppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppRemove the Theonlinesearchcom Search RedirectppRemove the Smartwebfindercom Search RedirectppHow to remove the PBlock adware browser extensionppRemove the Toksearchesxyz Search RedirectppRemove Security Tool and SecurityTool Uninstall GuideppHow to Remove WinFixer Virtumonde Msevents TrojanvundoppHow to remove Antivirus 2009 Uninstall InstructionsppHow to remove Google Redirects or the TDSS TDL3 or Alureon rootkit using TDSSKillerppLocky Ransomware Information Help Guide and FAQppCryptoLocker Ransomware Information Guide and FAQppCryptorBit and HowDecrypt Information Guide and FAQppCryptoDefense and HowDecrypt Ransomware Information Guide and FAQppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppeLearningppIT Certification CoursesppGear GadgetsppSecurityppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppppOn Wednesday CISA warned of heightened breach risks after the compromise of legacy Oracle Cloud servers earlier this year and highlighted the significant threat to enterprise networksppCISA said the nature of the reported activity presents potential risk to organizations and individuals particularly where credential material may be exposed reused across separate unaffiliated systems or embedded ie hardcoded into scripts applications infrastructure templates or automation tools even though the scope and impact remains unconfirmedppWhen credential material is embedded it is difficult to discover and can enable longterm unauthorized access if exposed The compromise of credential material including usernames emails passwords authentication tokens and encryption keys can pose significant risk to enterprise environments it addedppThe US cybersecurity agency also released guidance to mitigate the risks linked to the resulting credential leak urging network defenders to reset affected users passwords replace hardcoded or embedded credentials with secure authentication methods enforce phishingresistant multifactor authentication MFA wherever possible and monitor authentication logs for suspicious activityppThis warning comes after Oracle confirmed in email notifications sent to customers that a threat actor leaked credentials stolen from what the company described as two obsolete serversppHowever Oracle added that its Oracle Cloud servers were not compromised and the incident didnt impact its cloud services or customer datappOracle also privately acknowledged in calls with some of its clients that attackers stole old client credentials after breaching a legacy environment last used in 2017 However the hacker behind the breach posted newer records from 2025 on BreachForums and shared data with BleepingComputer from the end of 2024ppBleepingComputer has separately confirmed with multiple Oracle customers that leaked data samples including associated LDAP display names email addresses given names and other identifying information received from the threat actor were validppIn late March cybersecurity firm CybelAngel also revealed that Oracle told customers that an attacker deployed a web shell and additional malware on some of its Gen 1 also known as Oracle Cloud Classic servers as early as January 2025ppUntil the breach was detected in late February the attacker allegedly stole data from the Oracle Identity Manager IDM database which included hashed passwords usernames and user emailsppLast month BleepingComputer first reported that Oracle also issued private customer notifications regarding another January breach at Oracle Health a SaaS company previously known as Cerner that impacted patient data at multiple US healthcare organizations and hospitalsppOracle privately confirms Cloud breach to customersppCISA tags SonicWall VPN flaw as actively exploited in attacksppOracle says obsolete servers hacked denies cloud breachppOracle customers confirm data stolen in alleged cloud breach is validppOracle denies breach after hacker claims theft of 6 million data recordsppGiven CISA now has a major blindspot to Russia we no longer rely on it as a credible cybersecurity sourceppNot a member yet Register NowppWidespread Microsoft Entra lockouts tied to new security feature rolloutppNew Android malware steals your credit cards for NFC relay attacksppPhishers abuse Google OAuth to spoof Google in DKIM replay attackppRethinking Automated Penetration Testing Why Validation Changes EverythingppEnhancing your DevSecOps with Wazuh the open source XDR platformppView your organizations attack surface digital frauds at no cost Register now for CTM360s Community EditionppOverdue a password healthcheck Audit your Active Directory for freeppOverdue a password healthcheck Audit your Active Directory for freeppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2025 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp