"And over the weekend, exploit code for the recently patched flaw was made public, making it even easier for other attackers to make use of it. "It's likely that almost no one patched over the weekend," noted Jake Knott, principal security researcher at watchTowr. "So we're waking up to a critical vulnerability with public exploit code and unpatched systems everywhere. Based on the evidence, we believe this is Cl0p activity, and we fully expect to see mass, indiscriminate exploitation from multiple groups within days.""
"Oracle has rolled out an emergency patch for a flaw in its E-Business Suite (EBS), a week after Google warned executives were facing extortion threats from a notorious ransomware gang using data leaked from that software. Last week, Google revealed companies were receiving emailed threats claiming Oracle's EBS had been hacked, demanding a ransom payment or risk data being leaked."
Oracle released an emergency patch for a flaw in E-Business Suite (EBS) after Google warned of extortion threats tied to leaked EBS data. The emergency patch addresses a single vulnerability while attackers appear to be chaining multiple flaws, including another fixed in July. Public exploit code for the recently patched flaw has been released, increasing the risk to unpatched systems. Security researchers attribute the activity to Cl0p and warn of imminent mass exploitation. The UK NCSC and the FBI urge immediate patching, aggressive hunting, and tightened controls, especially for internet-exposed EBS environments.
Read at IT Pro
Unable to calculate read time
Collection
[
|
...
]