This audio is automatically generated. Do us know if you have comments.
According to security researchers, the threat actor who claimed the responsibility of an alleged breach of data at Oracle Cloud is threatening to publish or sell the data.
The threat actor, identified as Rose87168, published on Sunday a threat to filter stolen data and stated that Oracle does not collaborate with the demands of computer pirate. Linkedin post For Alon Gal, co -founder and CTO in Hudson Rock.
The threat actor previously took credit for the Oracle Cloud incident, claiming that he had access to 6 million data records, affecting more than 140,000 tenants.
After initially denying that there was a breach, Oracle has remained silent about breach and refused to respond to numerous applications to comment on the incident. In the meantime, security researchers have revealed that the tests grow supporting claims of data breach.
Cloudsek security researchers The tests published last week that supported the threat actor’s claims about breach. The researchers said that they believed that the computer pirate exploited a vulnerability or a mistaken conflict in the process of authentication OAUTH2.
The alleged breach was related to a critical vulnerability, listed as CVE-201-35587A vulnerability in the Oracle Product Access Manager of Oracle Fusion Middleware. The vulnerability, which has a CVSS score of 9.8, allows an attacker not authenticated with access to the network through HTTP to compromise the Oracle Access Manager.
Stolen data include unique login credentials, light directory access protocol passwords, OAUTH2 keys and tenant data, according to Cloudsek.
Cloudsek researchers have been analyzing a sample provided by computer pirate.
Trustwave Spiderlabs Spiderlabs researchers published a post on the blog last week Confirm the computer pirate is threatening to sell stolen data and offer multiple purchasing options, based on the company’s name, hashed credentials and other criteria.
“Basing on our research and analysis and that of other researchers, we believe that this is a legitimate breach,” said Trustwave researchers at Cybersecurity DIVE by email.
