Oracle issued a warning to its corporate clients about a critical vulnerability in your PeopleSoft software which allowed hackers to infiltrate more than 100 companies. The notice, published on Thursday, comes after the cybercriminal group’s public statement ShinyHunterswhich claimed to have exploited this flaw in the context of a massive attack campaign. The information was confirmed by the security unit Mandiantowned by Google, which investigates these types of incidents on a global scale.
The vulnerability affects the software PeopleSoftused by large companies for payroll and human resources management. According to what was reported by Oraclethe flaw can be exploited over the Internet without requiring authentication, meaning that a password is not needed to access compromised systems. This characteristic turns vulnerability into a considerable risk for organizations that use said technological solution.
The group ShinyHunters told TechCrunch that he managed to access the systems of more than a hundred companies by taking advantage of a “zero-day vulnerability”, that is, a breach that has not yet been patched by the affected company. Oracle has not yet released a security update that fixes this issue, although it recommended its customers implement mitigation measures to reduce exposure.
According to Mandiantapproximately two-thirds of the organizations notified after the attack are in the IT sector. higher educationmainly in USA. The cybersecurity company stated that it has contacted more than 100 institutions with the aim of restricting access to their potentially vulnerable systems.
A member of ShinyHunters shared with the media a message addressed to one of the affected schools, where it claims to have obtained “hundreds of thousands of student records containing full name, home address, telephone number, email, date of birth, gender, ethnicity, enrollment status, grade point average, major, and student ID on all campuses.” Some of this stolen information was published on the data leak website managed by the group itself, as indicated Mandiant.
“While several organizations managed to block the activity or correct the vulnerabilities, others suffered leaks,” he explained. Mandiant on his blog, pointing out the publication of sensitive data after the attacks. The history of ShinyHunters includes previous actions against companies that shared vulnerable software, such as Salesforce, Gainsight and the educational giant Instructure.
At the beginning of this year, Instructure admitted that he paid a ransom after suffering two security incidents linked to this group. In this context, the attackers modified login pages of several schools that use Canvasthe well-known school information portal.
In his official notice, Oracle urged users PeopleSoft to apply the proposed mitigation measures until a definitive patch is available. The company stressed that the flaw can be exploited remotely and represents a risk to personal and corporate data stored on affected systems.
The incident highlights the importance of constantly updating systems and vigilance against possible zero-day vulnerabilities. The campaign of ShinyHunters It joins a series of attacks aimed at critical infrastructures in the private and educational sectors, which seek to obtain confidential information to subsequently extort organizations.
Mandiant warned that the publication of stolen data is already underway and recommended that affected companies review their systems and strengthen their security policies.
