Oracle has since requested Wayback Machine (Archive.org) to take down the archived URL. Unbiased cybersecurity researchers are taking to the web to criticize Oracle’s efforts at coverup. In the meantime, the menace actor posted an extended video of an inner Oracle assembly, presumably from the breach, solidifying their claims.
“In cybersecurity, denial doesn’t neutralize the hazard, transparency does,” CloudSEK co-founder and CEO Rahul Sassi instructed CSO. “This investigation just isn’t about blame, it’s about accountability. It’s about empowering each security group, each buyer, and each vendor within the provide chain to behave earlier than attackers do.” Affected information from the breach included JKS recordsdata, encrypted SSO passwords, key recordsdata, and enterprise supervisor JPS keys, in accordance with CloudSEK. Whereas SSO passwords could possibly be cracked with different breached recordsdata, LDAP passwords have been encrypted and the menace actor, of their publish, sought assist with decoding them in alternate for some compromised information.
