computer-science
Oracle warns of security bug that hackers abused to breach 100+ companies
Key takeaways
- The company published the security advisory on Thursday after the hacking group Shiny Hunters claimed to have breached more than 100 organizations that use People Soft servers.
- Oracle, which has not released a patch for the vulnerability at the time of writing, said in the advisory that the bug can be exploited over the internet without needing any authentication, such as a password.
- The tech giant recommended that customers who use PeopleSoft software apply its mitigations to prevent exploitation.
Oracle warned its corporate customers that there is a critical-rated vulnerability in its People Soft software, which is used by large companies to manage payroll and human resources, a day after a cybercrime group took credit for abusing the flaw as part of a mass-hacking campaign.
The company published the security advisory on Thursday after the hacking group Shiny Hunters claimed to have breached more than 100 organizations that use People Soft servers.
Mandiant, the Google-owned security unit that investigates cyberattacks, warned in a blog post that the new Oracle flaw is the same bug that the ShinyHunters group is abusing in its hacking campaign targeting PeopleSoft customers.
Article preview — originally published by TechCrunch. Full story at the source.
Read full story on TechCrunch →
More top stories
Also covered by
Aggregated and edited by the Scoop newsroom. We surface news from TechCrunch alongside other reporting so you can compare coverage in one place.
Editorial policy · Corrections · About Scoop