Yazılar

Oracle Confirms Extortion Campaign Targeting Its E-Business Suite Customers

/in /tarafından

has confirmed that some users of its E-Business Suite software have received extortion emails from hackers, validating a warning first issued by Google earlier this week. In a Thursday blog post, the California-based tech giant said its internal investigation revealed potential exploitation of previously known software vulnerabilities and urged customers to upgrade their systems immediately.

The company did not specify how many clients were impacted, but Google described the campaign as “high volume”, suggesting a broad wave of attacks against enterprise users.

Cybersecurity experts have linked the operation to the ransomware group Cl0p, a notorious Russia-linked or Russian-speaking collective that operates under a ransomware-as-a-service model—leasing its malware tools to other cybercriminals for a share of the profits. In a message to Reuters, the group said “Oracle bugged up,” but declined to provide further details.

According to Halcyon’s Ransomware Research Center chief Cynthia Kaiser, recent extortion demands connected to the campaign range from millions to tens of millions of dollars, with the highest reaching $50 million.

Trend Micro, a Japanese cybersecurity firm, previously labeled Cl0p as a “trendsetter for its ever-changing tactics,” noting its rapid adaptation to new vulnerabilities and defenses.

The attacks come amid a surge in corporate cyber-extortion incidents, targeting firms with complex enterprise software systems that handle sensitive financial and operational data. Oracle’s swift public acknowledgment—unusual in such cases—signals the seriousness of the threat and the company’s attempt to reassure customers that patches and updates remain their best defense.

FBI Investigating Cyberattack at Oracle Involving Patient Data Theft

/in /tarafından

The FBI is currently investigating a cyberattack at Oracle that resulted in the theft of patient data, according to a Bloomberg News report. The attack, which occurred after January 22, compromised Oracle’s servers, where hackers copied patient data to an external location. The breach is believed to have been an attempt to extort multiple medical providers in the United States.

Oracle, which acquired Cerner Corp. in 2022 for $28 billion, notified its healthcare customers about the breach earlier this month. However, it remains unclear how many patient records were affected and which healthcare providers were targeted. The breach involved older Cerner servers, where data had not yet been transferred to Oracle’s cloud storage.

While the FBI has declined to comment, Oracle confirmed it became aware of the breach on February 20. Oracle has not yet responded to further inquiries. The company’s involvement in healthcare IT through its Cerner acquisition has likely increased its exposure to cybersecurity risks in the healthcare sector.

Rhode Island Faces Data Breach as Hackers Demand Ransom

/in /tarafından

Rhode Island has been struck by a significant data breach, potentially compromising the personal and financial information of hundreds of thousands of residents. The breach, attributed to an international cybercriminal group, involves stolen sensitive data, including Social Security numbers, and has led to extortion demands. The hackers have threatened to release the information unless a ransom is paid, state officials reported on Saturday.

Governor Dan McKee confirmed that the breach affects individuals enrolled in the state’s government assistance programs, such as the Supplemental Nutrition Assistance Program (SNAP), Temporary Assistance for Needy Families (TANF), and healthcare services provided through HealthSource RI. The attack targeted the state’s RIBridges portal, an online platform for accessing social services, which was breached earlier this month.

Although the breach was initially detected, it was only confirmed on Friday after the state’s vendor, Deloitte, validated the hacking incident. The governor’s office stated that Deloitte had confirmed a high probability that a cybercriminal had accessed files containing personally identifiable information.

The breach may affect anyone who has applied for or received assistance through these programs since 2016. In response to the threat, RIBridges has been temporarily shut down, and those applying for new benefits will be required to use paper applications until the system is secured and restored.

Households believed to be affected by the breach will receive official notification from the state, along with guidance on how to protect their personal and financial data.