Yazılar

Oracle Confirms Extortion Campaign Targeting Its E-Business Suite Customers

/in /tarafından

has confirmed that some users of its E-Business Suite software have received extortion emails from hackers, validating a warning first issued by Google earlier this week. In a Thursday blog post, the California-based tech giant said its internal investigation revealed potential exploitation of previously known software vulnerabilities and urged customers to upgrade their systems immediately.

The company did not specify how many clients were impacted, but Google described the campaign as “high volume”, suggesting a broad wave of attacks against enterprise users.

Cybersecurity experts have linked the operation to the ransomware group Cl0p, a notorious Russia-linked or Russian-speaking collective that operates under a ransomware-as-a-service model—leasing its malware tools to other cybercriminals for a share of the profits. In a message to Reuters, the group said “Oracle bugged up,” but declined to provide further details.

According to Halcyon’s Ransomware Research Center chief Cynthia Kaiser, recent extortion demands connected to the campaign range from millions to tens of millions of dollars, with the highest reaching $50 million.

Trend Micro, a Japanese cybersecurity firm, previously labeled Cl0p as a “trendsetter for its ever-changing tactics,” noting its rapid adaptation to new vulnerabilities and defenses.

The attacks come amid a surge in corporate cyber-extortion incidents, targeting firms with complex enterprise software systems that handle sensitive financial and operational data. Oracle’s swift public acknowledgment—unusual in such cases—signals the seriousness of the threat and the company’s attempt to reassure customers that patches and updates remain their best defense.

UK Renews Push for Apple to Open Cloud Access for British User Data

/in /tarafından

The British government has issued a new order to Apple (AAPL.O) demanding the creation of a backdoor into its iCloud storage service — this time limited to British users’ data, the Financial Times reported on Wednesday.

The move marks the government’s second attempt to gain access to encrypted data stored by Apple, following the company’s appeal earlier this year against a broader order that sought access to both UK and U.S. citizens’ data. The earlier mandate was dropped after U.S. intelligence officials, including Director of National Intelligence Tulsi Gabbard, warned that such access could expose sensitive personal data to cybercriminals and foreign governments.

APPLE MAINTAINS REFUSAL TO CREATE BACKDOOR

Apple reiterated its long-standing position that it will not build a backdoor into its systems, citing user privacy and global security risks. “We have never built a backdoor or master key to any of our products or services — and we never will,” Apple said in a statement on Wednesday.

The company also confirmed that it was forced to withdraw its Advanced Data Protection (ADP) feature for UK users in February due to the government’s demands. The feature, which offers end-to-end encryption for iCloud data, ensures that only the user — not even Apple — can decrypt stored information.

“Apple is still unable to offer Advanced Data Protection in the United Kingdom to new users, and current users will eventually need to disable this feature,” the company said. “ADP protects iCloud data with end-to-end encryption, meaning only the user can access it on trusted devices.”

GOVERNMENT DEFENDS SECURITY ACTIONS

A spokesperson for the UK government declined to confirm the existence of the new order but said:

“We will always take all actions necessary at the domestic level to keep UK citizens safe.”

The latest demand comes under Britain’s Investigatory Powers Act, often called the “Snooper’s Charter,” which allows the government to compel tech firms to provide access to encrypted communications under certain conditions.

Apple’s ongoing appeal against the earlier order is being heard by the Investigatory Powers Tribunal (IPT), the UK’s top court for intelligence-related cases.

The standoff underscores the growing global tension between governments seeking digital surveillance capabilities and technology companies defending encryption as a cornerstone of privacy and cybersecurity.

Singapore Threatens Meta With Fines Over Facebook Impersonation Scams

/in /tarafından

The Singapore government has given Meta Platforms until the end of this month to introduce stronger safeguards, including facial recognition technology, to combat impersonation scams on Facebook—or face steep fines.

The Ministry of Home Affairs said on Thursday that Meta could be fined up to S$1 million ($776,639) if it fails to comply “without reasonable excuse.” After the deadline, Meta would face additional penalties of S$100,000 per day until measures are implemented.

The directive, issued Wednesday, follows a surge in scams involving fake ads, accounts, and business pages impersonating government officials. Authorities say incidents of such scams rose sharply between June 2024 and June 2025.

A Meta spokesperson said impersonation and deceptive ads are against company policy, adding: “We remove these when detected.” The spokesperson noted that Meta uses specialized systems to catch fraudulent accounts and “celeb-bait” ads, and works with law enforcement to pursue legal action against scammers.

Earlier this month, Singapore police ordered Meta to step up anti-scam measures on Facebook, but that directive did not include a compliance deadline.

Officials said this is the first enforcement order under Singapore’s Online Criminal Harms Act, which came into effect in February 2024. The law gives regulators new powers to hold platforms accountable for online scams and harmful digital activity.

“While Meta has taken steps to address impersonation scams globally, including in Singapore, the Ministry of Home Affairs and police remain concerned by the prevalence of such scams locally,” the ministry said.