"Oracle has finally broken its silence on those Clop-linked extortion emails, but only to tell customers what they already should have known: patch your damn systems. The database giant posted an impressively short blog post overnight, confirming that some E-Business Suite (EBS) users have been targeted by cybercriminals claiming to have siphoned off sensitive data, adding that the crooks appear to be exploiting holes Oracle already plugged in July."
"Mandiant and Google's Threat Intelligence Group, both of which are monitoring the campaign, stated on Thursday that there's no indication yet that Oracle itself has been compromised. However, anti-ransomware outfit Halcyon, which has also been keeping an eye on the goings-on at Oracle, says it's 'highly likely' that Clop ransomware operators are actively extorting victims through the local login pages on internet-facing Oracle EBS portals."
Some Oracle E-Business Suite (EBS) users have been targeted by extortion emails claiming theft of sensitive data. Attackers appear to be exploiting vulnerabilities addressed in the July 2025 Critical Patch Update. Oracle recommends applying the latest fixes. Mandiant and Google's Threat Intelligence Group report no indication that Oracle itself has been compromised. Halcyon reports attackers likely exploit internet-facing EBS local login pages, compromising user email, abusing default password-reset functions, and leveraging local accounts that bypass SSO and often lack MFA. Attackers have circulated screenshots and file trees and demanded ransoms up to $50 million.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]