Concerns over a possible vulnerability involving a vintage Oracle cloud environment have prompted the US Cybersecurity and Infrastructure Security Agency (CISA) to advise people and organizations to exercise caution. CISA noted persistent indications of inappropriate behaviour targeting Oracle customers in a notice sent on Wednesday. The agency identified a number of dangers, especially related to exposed or reused credentials, even if the entire extent of the issue is still unknown. 

According to the post on X, the organization is recommending that organizations do the following:

  • Users who may have been impacted should have their passwords reset, particularly in cases where central identity management systems aren’t used to maintain credentials.
  • Check for and replace any hard-coded credentials in scripts, code, or configuration files with safe authentication techniques.
  • Keep an eye out for any odd activity in the authentication logs, paying particular attention to accounts with elevated or administrative access.
  • Whenever feasible, use multifactor authentication that is resistant to phishing for both user and administrator accounts.

The warning comes in the wake of allegations in recent weeks of a massive hack that may have compromised up to 140,000 Oracle tenants and up to six million records. CloudSek researchers identified a weakness in Oracle Cloud’s login process, and TrustWave SpiderLabs said that their dataset analysis validated the breach allegations.

Oracle says that client data has not been impacted and has officially rejected any attempt to compromise Oracle Cloud Infrastructure (OCI). The business has not provided clients with official advice or open guidance in spite of the denials. According to security experts, Oracle has spoken privately with a few clients but has mostly kept quiet in public.

There are currently two lawsuits pending: one against Oracle Corporation in Texas and one involving Oracle Health in Missouri.

Organizations in the industry are urging Oracle to be more transparent. Oracle has not yet replied to an invitation to interact with the group’s members, according to Errol Weiss. He stated,

“We’re disappointed with Oracle’s lack of transparency.”

While stakeholders wait for more specific information, the CISA advice provides some guidance, according to Jonathan Braley, director of threat intelligence at IT-ISAC. Security professionals are nonetheless keeping an eye on the situation for the time being, calling Oracle repeatedly to provide its clients and the larger cybersecurity community more clarification.