Kevin Beaumont reports on Oracle's denial of a security breach despite strong evidence to the contrary. The company claims no breach occurred and that published credentials are unrelated to Oracle Cloud services. However, a threat actor claims to have gained internal access, sharing an internal meeting recording and other compelling evidence. Beaumont criticizes Oracle's vague and misleading language, stating the company must openly address the incident to maintain customer trust. Additionally, Oracle's recent rebranding efforts may obscure the truth regarding their cloud services' security issues.
"Oracle are attempting to wordsmith statements around Oracle Cloud and use very specific words to avoid responsibility. This is not okay. Oracle need to clearly, openly and publicly communicate what happened, how it impacts customers, and what they're doing about it."
"The threat actor then posted an archive.org URL and provided it to Bleeping Computer, strongly suggesting they had write access to login.us2.oraclecloud.com, a service using Oracle Access Manager."
Collection
[
|
...
]