Organizations have been warned by the Cybersecurity and Infrastructure Security Agency regarding the threat of credential exposure stemming from the compromise of a legacy Oracle cloud environment, which the company has only reported to clients in private, reports The Record, a news site by cybersecurity firm Recorded Future.
"When credential material is embedded, it is difficult to discover and can enable long-term unauthorized access if exposed. The compromise of credential material, including usernames, emails, passwords, authentication tokens, and encryption keys, can pose significant risk to enterprise environments," said CISA. With such data potentially enabling phishing and business email compromise intrusions, cloud and identity management system breaches, and other illicit cyber activity, organizations have been recommended immediately reset impacted services' passwords, evaluate their source code and authentication logs, and report suspicious network activity. Such an alert comes as Oracle was reported by Bloomberg and BleepingComputer to have confirmed an attack against obsolete servers that were not part of the Oracle Cloud Infrastructure following threat actor rose87168's sale of six million records from Oracle Cloud's federated single sign-on servers.
"When credential material is embedded, it is difficult to discover and can enable long-term unauthorized access if exposed. The compromise of credential material, including usernames, emails, passwords, authentication tokens, and encryption keys, can pose significant risk to enterprise environments," said CISA. With such data potentially enabling phishing and business email compromise intrusions, cloud and identity management system breaches, and other illicit cyber activity, organizations have been recommended immediately reset impacted services' passwords, evaluate their source code and authentication logs, and report suspicious network activity. Such an alert comes as Oracle was reported by Bloomberg and BleepingComputer to have confirmed an attack against obsolete servers that were not part of the Oracle Cloud Infrastructure following threat actor rose87168's sale of six million records from Oracle Cloud's federated single sign-on servers.
