Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Security. Show all posts
US President
Chat Leak Cyber Security Signal Signalgate US President

Trump Claims Administration Learnt to Avoid Signal After Group Chat Leak

 

President Donald Trump stated that his administration has learnt from Signalgate. "I think we learnt: Maybe don't use Signal, okay?" Trump spoke about the messaging app in an interview with The Atlantic published Monday.

"If you want to know the truth. I would frankly tell these people not to use Signal, although it's been used by a lot of people," US president added. "But, whatever it is, whoever has it, whoever owns it, I wouldn't want to use it.”

Last month, The Atlantic's editor in chief, Jeffrey Goldberg, revealed that he had been inadvertently included in a Signal group discussion by White House national security adviser Mike Waltz. Goldberg stated that the group chat was called "Houthi PC small group" and included other officials such as Defence Secretary Pete Hegseth, Director of National Intelligence Tulsi Gabbard, and Secretary of State Marco Rubio. "PC" stood for "principals committee." 

"In the chat, Waltz and the other Trump officials were talking about specifics of a planned U.S. strike on Houthi rebels," Goldberg claimed. The authenticity of the group discussion was later verified by the National Security Council to Business Insider. At first, Trump denied knowing about the security failure. After the incident, he defended Waltz and Hegseth, stating that he would not fire them. 

Signal, which was first launched in 2014, is a non-profit, open-source encrypted messaging application. Last month, Signal stated in an X post that misinformation was "flying around that might drive people away from Signal and private communications.”

"One piece of misinformation we need to address is the claim that there are 'vulnerabilities' in Signal," it stated on March 25, citing an NPR report that quoted a Pentagon memo it received, alerting staff of a possible vulnerability in the messaging app. 

“The memo used the term 'vulnerability' in relation to Signal — but it had nothing to do with Signal's core tech. It was warning against phishing scams targeting Signal users,” Signal wrote in its post.
Read more »
zero Day vulnerability
Cyber intrusion Cyber Security CyberThreat DDoS FortiGate IoT IP Address Networkk Infrastructure ransomware-as-a-service (RaaS) VPN Vulnerabilities Firewalls zero Day vulnerability

Firewalls and VPNs Under Siege as Businesses Report Growing Cyber Intrusions

 


A security researcher has discovered an ongoing cyberattack that is active, exploiting a newly discovered vulnerability in Fortinet's FortiGate Firewalls to infiltrate corporate and enterprise networks and has been conducting this activity for some time. A security advisory published on Tuesday by Fortinet confirmed the existence of the critical security flaw known as CVE-2024-55591 and indicated that the vulnerability is currently being exploited in the wild. 

Nevertheless, cybersecurity experts are voicing their concerns over the possibility that malicious actors are exploiting this flaw as a zero-day vulnerability - a term that refers to a software vulnerability exploited before the vendor is made aware of or has issued a patch for it. According to a report by Fortinet, attackers may have actively targeted this vulnerability since at least December, many months before it was publicly disclosed and patched. 

In particular, organisations that heavily rely on FortiGate Firewalls for perimeter defence face a significant threat when the vulnerability is exploited by exploiting CVE-2024-55591. As a result of the vulnerability's criticality, enterprises should apply security updates as soon as possible and examine their systems for any indications of unauthorized access as soon as possible. Even though zero-day exploits remain a threat, this development highlights the fact that cybercriminals are increasingly focusing on foundational network infrastructure to gain a foothold in high-value environments. 

The use of virtual private networks (VPNs) as a critical defence mechanism against a variety of cyber threats has long been regarded as a crucial aspect of protecting digital communications from a wide range of threats. VPNs are effective in neutralising the risks associated with man-in-the-middle attacks, which involve unauthorised parties trying to intercept or manipulate data while it is in transit by encrypting the data transmissions. Through this layer of encryption, sensitive data remains secure, even across unsecured networks. 

One of the most prominent use cases for VPNs is that they serve the purpose of protecting people using public Wi-Fi networks, which are often vulnerable to unauthorised access. It has been shown that VPNs are significantly less likely to expose or compromise data in such situations because they route traffic through secure tunnels. Additionally, VPNs hide the IP addresses of users, thereby providing greater anonymity to users and reducing the possibility of malicious actors tracking or monitoring them. 

As a result of this concealment, network resources are also protected against distributed denial-of-service (DDoS) attacks, which often use IP addresses as a method of overloading network resources. Even though VPNs have been around for decades, their use today does not suffice as a standalone solution due to the increasingly complex threat landscape that exists in today's society. To ensure comprehensive protection against increasingly sophisticated attack vectors, it is important to integrate their capabilities with more advanced, adaptive cybersecurity measures. 

It seems that conventional security frameworks, such as Firewalls and VPN,s are becoming increasingly outpaced as the cybersecurity landscape continues to evolve due to the sophistication and frequency of modern threats, which have increased significantly over the past few years. Businesses across many industries are experiencing an increasing number of breaches and vulnerabilities, and traditional methods of addressing these vulnerabilities are no longer capable of doing so. 

Due to the widespread transition from on-premises infrastructure to remote and digitally distributed work environments, legacy security architectures have become increasingly vulnerable, forcing enterprises to reassess and update their defence strategies. Firewalls and VPNs were once considered to be the cornerstones of enterprise network security; however, in today's increasingly complex threat environment, they are having trouble meeting the demands. 

In the past, these technologies have played an important role in securing organisational boundaries, but today, the limitations of those technologies are becoming increasingly apparent as organisations transition to a cloud-based environment and undergo rapid digital transformation. In the year 2025, technological advances are expected to change the way industry operations are conducted—for instance, the adoption of generative artificial intelligence, automation, and the proliferation of Iot and OT systems. 

Despite these innovations, there are also unprecedented risks associated with them. For example, malicious actors use artificial intelligence to automate spear-phishing efforts, craft highly evasive malware, and exploit vulnerabilities more quickly and accurately than they could previously. In addition, as Ransomware-as-a-Service (Raas) is on the rise, the barrier to entry for hackers is dropping, enabling a broader set of threat actors to conduct sophisticated, scalable attacks on businesses. To respond effectively to the complexities of a digitally driven world, organisations must adopt proactive, adaptive cybersecurity models that are capable of responding to the challenges of this dynamic threat environment and moving beyond legacy security tools.

There has been a significant shift in cybersecurity dynamics that has led to a worrying trend: malicious actors are increasingly exploiting Virtual Private Networks (VPNs) as a strategy to gain an advantage over their adversaries. Since VPNs were originally developed as a way to enhance privacy and protect data, they are increasingly being repurposed by cybercriminals to facilitate complex attacks while masking their identity digitally. Because VPNs are dual-purpose devices, they have become instruments of exploitation, which poses a significant challenge for cybersecurity professionals as well as digital forensics teams to deal with. 

There is one particularly alarming technique for using VPN software to exploit vulnerabilities, which involves deliberately exploiting these vulnerabilities to bypass perimeter defences, infiltrate secure systems, and deploy malware without being it. When attackers identify and target these vulnerabilities, they can easily bypass perimeter defences, infiltrate secure systems, and deploy malware without being detected. 

Frequently, such breaches act as entry points into larger campaigns, such as coordinated phishing campaigns that attempt to trick individuals into revealing confidential information. Further, VPNs are known for the ability to mask the actual IP addresses of threat actors, a technique known as IP address masquerading, which enables them to evade geographical restrictions, mislead investigators, and remain anonymous when they launch cyberattacks.

In addition to enabling adversaries to circumvent Firewalls, VPNs also offer the option of encrypting and tunnelling, thus enabling them to penetrate networks that would otherwise be resistant to unauthorised access with greater ease. As a matter of fact, VPNs are often used as a means of spreading malicious software across unreliable networks. By using an encrypted VPN traffic, malware can be able to bypass traditional detection methods, thereby circumventing traditional detection methods. The shield of anonymity provided by VPNs can also be used by threat actors to impersonate legitimate organisations and initiate phishing campaigns, compromising the privacy and integrity of users. 

VPNs can also facilitate the spreading of Distributed Denial-of-Service (DDoS) attacks, which is equally troubling. As these networks are anonymised, it makes it difficult to trace the origin of such attacks, which hinders the development of appropriate response strategies and mitigation strategies. This paradox underscores the complexity of modern cybersecurity, since one security tool can serve both as a tool for cybercrime and a tool for security. 

Even though VPNs remain an important tool to keep users safe and anonymous, their misuse requires a proactive and multifaceted response. To combat this misuse, people need robust technological defences combined with ongoing awareness and education initiatives, which will help us address this misuse effectively. Only through such comprehensive measures can organisations ensure the integrity of VPN technology and ensure trust in the digital privacy infrastructure as long as the technology remains intact. 

Check Point has issued a formal warning regarding the active targeting of its VPN devices as part of an ongoing increase in cyber threats against enterprise infrastructure. As a result of this disclosure, people have been reminded again that there is a sustained campaign aimed at compromising remote access technologies and critical network defences. It is the second time in recent months that a major cybersecurity vendor has released such an alert in the past couple of months. 

According to Cisco, in April 2024, organisations are being warned about a widespread wave of brute-force attacks against VPNs and Secure Shell (SSH) services that are likely to impact several devices from Cisco, Check Point, SonicWall, Fortinet, and Ubiquiti, among others. In the first observed attack around March 18, attackers used anonymised tools, such as TOR exit nodes, proxy networks, and other techniques to obfuscate and avoid detection and block lists, to launch the attacks. 

In March of this year, Cisco had also noticed that passwords were being sprayed at their Secure Firewall appliances that were running Remote Access VPN (RAVPN) services. According to analysts, this is a reconnaissance phase, likely intended to lay the groundwork for more advanced intrusions to follow. Following a subsequent analysis by cybersecurity researcher Aaron Martin, these incidents were linked to a malware botnet dubbed "Brutus", which was previously undocumented. 

Over 20,000 IP addresses were found to be associated with this botnet that was deployed from both residential and cloud-hosted environments, which greatly complicated the process of attribution and mitigation. The threat landscape has only been compounded by Cisco's announcement that a state-sponsored hacker group, also known as UAT4356, has been utilising zero-day vulnerabilities found within its Firepower Threat Defence (FTD) and Adaptive Security Appliances to exploit zero-day vulnerabilities. 

Known by the codename ArcaneDoor, the cyber-espionage campaign has been ongoing since November 2023, targeting critical infrastructure networks as well as governments around the world as part of a broader cyber-espionage campaign. As the frequency and complexity of cyber attacks continue to increase, it is apparent that legacy perimeter defences are no longer adequate in terms of security. 

A layered, intelligence-driven approach to security includes detecting threats in real time, hardening systems continuously, and responding to incidents in a proactive manner. As well as strengthening cybersecurity resilience, fostering collaboration between public and private sectors, sharing threat intelligence, and providing ongoing training to employees can make sure that they remain ahead of their adversaries. There is no doubt that the future of secure enterprise operations is going to be determined by the ability to anticipate, adapt, and remain vigilant in this rapidly evolving digital age.
Read more »
User Privacy
Biosecurity Cyber Security DNA Sequencing Health Security User Privacy

Scientists Warn of Cybersecurity Threats in Next-Gen DNA Sequencing

 

Next-generation DNA sequencing (NGS) is under increasing criticism for its cyber risks. While NGS has transformed disciplines ranging from cancer diagnosis to infectious disease tracking, a recent study warns that the platforms that enable these advancements could also be used as a gateway by hackers and bad actors.

The study, published in IEEE Access and headed by Dr. Nasreen Anjum of the University of Portsmouth's School of Computing, is the first to systematically map cyber-biosecurity vulnerabilities throughout the NGS workflow. 

NGS technology, which enables rapid and cost-effective DNA and RNA sequencing, supports not only cancer research and medicine development, but also agricultural innovation and forensic science. Its ability to process millions to billions of DNA fragments at once has significantly reduced the cost and enhanced the speed of genome analysis, making it a standard in labs around the world. 

However, the study focuses on a less-discussed aspect of this technological advancement: the increasing number of vulnerabilities at each stage of the NGS pipeline. From sample preparation to sequencing and data processing, each stage requires specialised instruments, complicated software, and networked systems. 

According to Dr. Anjum, these interrelated processes generate several points where security might be compromised. As large genetic databases are being stored and shared online, cybercriminals are more likely to access and misuse this sensitive information. The report cautions that such breaches might lead to not only privacy violations or identity tracing, but potentially more serious possibilities like data manipulation or the fabrication of synthetic DNA-encoded malware. 

Experts from Anglia Ruskin University, the University of Gloucestershire, Najran University, and Shaheed Benazir Bhutto Women's University contributed to the research. The researchers discovered multiple emerging threats including AI-powered genomic data manipulation and improved re-identification techniques that could jeopardise individual privacy. These concerns, they suggest, transcend beyond the person and endanger scientific integrity and possibly national security. 

Despite these risks, Dr Anjum observes that cyber-biosecurity remains a neglected field, with fragmented safeguards and little collaboration between computer science, bioinformatics, biotechnology, and security. To address these challenges, the research suggests a number of feasible options, including secure sequencing procedures, secured data storage, and AI-powered anomaly detection systems. The authors recommend governments, regulatory agencies, and academic institutions to prioritise research, education, and policy development in order to close biosecurity gaps.
Read more »
Sensitive data
Chinese Hackers CISA Cyber Security Ghost MFA Sensitive data

Chinese Ghost Hackers Focus on Profits, Attack Key Sectors in the US and UK


 

In the world of cybercrime, criminals usually fall into two groups. Some target individuals, tricking them for money. Others go after important organizations like hospitals and companies, hoping for bigger payouts. Although attacks on healthcare are less common, they cause major harm when they happen. Incidents like the New York Blood Center hack, where hackers stole a million patient records, show how serious the risk is. Now, a new report warns about Chinese cybercriminals, known as Ghost, who are attacking government offices, power companies, banks, factories, and hospitals. Most of their attacks have affected North America and the United Kingdom.


Ghost Hackers Active in Over 70 Countries

According to research shared by Rebecca Harpur from Blackfog, the Ghost hacking group is based in China and acts on its own without links to the government. Their main goal is to make money, not to steal secrets. Over time, this group has changed its identity multiple times, previously using names like Cring, Crypt3r, Hello, and Phantom. By rebranding, they make it harder for law enforcement agencies to track them as one single group.

Despite their tricks, agencies like the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have raised alarms about the damage Ghost can cause. The Blackfog report explains that victims usually receive a message demanding money, threatening to either destroy stolen information or release it publicly if they refuse to pay.


How Ghost Carries Out Its Attacks

The way Ghost hackers break into systems usually follows the same pattern:

• They first find and exploit weaknesses in systems that are open to the internet, such as VPN devices, websites, and email servers.

• After getting inside, they install secret programs like Cobalt Strike and web shells to stay hidden. They often create fake accounts and disable security software once they have high-level access.

• With these privileges, they move across the network quietly and transfer sensitive data to their own servers.

• Once enough data is stolen, they release ransomware programs (often named Ghost.exe or Cring.exe) across the network. This encrypts files, destroys backup copies, and leaves a ransom note demanding payment.


Tips to Stay Protected

Although the FBI has provided detailed steps to defend against these attacks, Blackfog suggests a few important actions:

1. Keep backups of all important data and store them separately from your main network.

2. Always install the latest updates for your operating systems, applications, and firmware.

3. Use multi-factor authentication to add an extra layer of security to user accounts.

4. Divide your network into smaller parts to make it harder for hackers to move around freely if they break in.


The Ghost hacking group is not interested in spying — their focus is on making money. Organizations need to stay alert, strengthen their defenses, and act fast to prevent serious damage from these ongoing threats.






Read more »
Ransomware
Credentialstealing Cyber Security Cybersecurity IdentityTheft infostealers phishing Ransomware

Cybercriminals Shift Tactics Towards Stealth and Identity Theft: IBM X-Force 2025 Report

 

iThe IBM X-Force 2025 Threat Intelligence Index highlights a growing trend of cybercriminals adopting more covert attack strategies. Drawing from analysis of over 150 billion security events daily across 130+ countries, the report notes an 84% spike in email-delivered infostealers in 2024 compared to the previous year. This surge signals a marked pivot towards credential theft, even as enterprise-targeted ransomware attacks show a notable decline.

“Cybercriminals are most often breaking in without breaking anything – capitalising on identity gaps overflowing from complex hybrid cloud environments that offer attackers multiple access points,” said IBM cybersecurity services global managing partner Mark Hughes. “Businesses need to shift away from an ad-hoc prevention mindset and focus on proactive measures such as modernising authentication management, plugging multi-factor authentication holes and conducting real-time threat hunting to uncover hidden threats before they expose sensitive data.”

The report found that critical infrastructure organisations bore the brunt of attacks, accounting for 70% of incidents handled by IBM X-Force last year. More than a quarter of these breaches exploited system vulnerabilities. Data theft (18%) overtook encryption-based attacks (11%) as the preferred method, reflecting improvements in detection tools and increased law enforcement pressure, which have forced threat actors to rethink their strategies.

Asia and North America emerged as the primary targets, together representing almost 60% of all global attacks. Asia faced 34% of the incidents, while North America encountered 24%. For the fourth consecutive year, the manufacturing industry remained the most impacted sector, attributed to its sensitivity to operational disruptions and susceptibility to ransomware.

Emerging AI-related threats also garnered attention. Although no major AI-focused attacks surfaced in 2024, security teams are racing to find and patch vulnerabilities before they are exploited. A critical remote code execution flaw within an AI development framework is expected to gain traction in 2025 as adoption grows. Experts warn that attackers may soon develop dedicated toolkits aimed specifically at AI systems, underlining the urgent need to secure AI infrastructure.Persistent challenges in critical infrastructure security largely stem from outdated technologies and delayed patch management. IBM X-Force revealed that vulnerabilities accounted for over 25% of exploited incidents. Analyzing discussions on dark web forums showed that four of the ten most talked-about CVEs were associated with advanced threat groups, including state-sponsored actors, escalating the risks of disruption and extortion.

Research in collaboration with Red Hat Insights found that over 50% of Red Hat Enterprise Linux users had not patched at least one critical vulnerability, with 18% leaving five or more critical CVEs unaddressed. Moreover, ransomware variants like Akira, Lockbit, Clop, and RansomHub have expanded their capabilities to affect both Windows and Linux systems.

A sharp rise in phishing campaigns distributing infostealers was another key finding, with a 180% jump compared to 2023. The use of credential phishing and infostealers enables hackers to swiftly exfiltrate sensitive information while maintaining a low profile.

While ransomware still accounted for 28% of malware attacks in 2024, its overall prevalence declined compared to previous years. Cybercriminals are increasingly shifting towards identity-based attacks, adapting to countermeasures that have made traditional ransomware operations more difficult.
Read more »
War Plans
Cyber Security Data Leak Pentagon Head Signal Threat Intelligence War Plans

Pentagon Director Hegseth Revealed Key Yemen War Plans in Second Signal Chat, Source Claims

 

In a chat group that included his wife, brother, and personal attorney, U.S. Defence Secretary Pete Hegseth provided specifics of a strike on Yemen's Iran-aligned Houthis in March, a person familiar with the situation told Reuters earlier this week. 

Hegseth's use of an unclassified messaging system to share extremely sensitive security details is called into question by the disclosure of a second Signal chat. This comes at a particularly sensitive time for him, as senior officials were removed from the Pentagon last week as part of an internal leak investigation. 

In the second chat, Hegseth shared details of the attack, which were similar to those revealed last month by The Atlantic magazine after its editor-in-chief, Jeffrey Goldberg, was accidentally included in a separate chat on the Signal app, in an embarrassing incident involving all of President Donald Trump's most senior national security officials.

The individual familiar with the situation, who spoke on the condition of anonymity, stated that the second chat, which comprised around a dozen people, was set up during his confirmation process to discuss administrative concerns rather than real military planning. According to the insider, the chat included details about the air attack schedule. 

Jennifer, Hegseth's wife and a former Fox News producer, has attended classified meetings with foreign military counterparts, according to photographs released by the Pentagon. During a meeting with his British colleague at the Pentagon in March, Hegseth's wife was found sitting behind him. Hegseth's brother serves as a Department of Homeland Security liaison to the Pentagon.

The Trump administration has aggressively pursued leaks, which Hegseth has warmly supported in the Pentagon. Pentagon spokesperson Sean Parnell said, without evidence, that the media was "enthusiastically taking the grievances of disgruntled former employees as the sole sources for their article.” 

Hegeseth'S tumultuous moment 

Democratic lawmakers stated Hegseth could no longer continue in his position. "We keep learning how Pete Hegseth put lives at risk," Senate Minority Leader Chuck Schumer said in a post to X. "But Trump is still too weak to fire him. Pete Hegseth must be fired.”

Senator Tammy Duckworth, an Iraq War veteran who was severely injured in combat in 2004, stated that Hegseth "must resign in disgrace.” 

The latest disclosure comes just days after Dan Caldwell, one of Hegseth's top aides, was taken from the Pentagon after being identified during an investigation into leaks at the Department of Defence. Although Caldwell is not as well-known as other senior Pentagon officials, he has played an important role for Hegseth and was chosen the Pentagon's point of contact by the Secretary during the first Signal chat.
Read more »
phones
Computer Cyber Security Data Storage digital data phones

How Clearing Digital Mess Can Help You Save Money and Feel Better


 

Many people today are struggling with digital clutter. This means having too many files, photos, apps, and emails saved on phones or computers. A new survey shows that more than three out of four people have more digital data than they need.

The research, done in early 2025 by Compass Datacenters, asked 1,000 people about their digital habits. It found that digital overload is becoming a serious problem, and most people don’t know how to deal with it.


Why It Feels Overwhelming

Sorting through digital files can feel stressful. Around 33% of people said the thought of organizing their digital space made them feel uneasy or anxious. Only a small number—about 10% felt sure of how to clean up their digital mess.

People understand that too many saved files can slow down devices and make it hard to find what’s important. Yet, most don’t take the time to delete old data. This is often because they don’t know where to start or feel it will take too long.


The High Price of Keeping Everything

Holding on to unnecessary data isn’t just bad for your device— it can also hurt your wallet. Cloud storage services charge monthly fees, and these costs add up. The survey shared an example: If someone starts paying $20 per month for storage at age 25 and continues until they’re 85, they could spend about $40,000 in total.

Many younger people are choosing to buy more storage space instead of clearing files they no longer use.


Easy Ways to Start Cleaning

Cleaning your digital space doesn’t have to be difficult. Begin by checking your photo gallery. Delete pictures that are blurry, repeated, or no longer needed. Doing this once a month makes it easier.

Then, look at your apps. Are there any you haven’t opened in a long time? If yes, remove them. You can always download them again later.

Your downloads folder and email inbox can also hold a lot of junk. Old receipts, random files, and unread emails can take up space. Try removing emails with attachments first—they usually take up more storage.

Instead of paying every month for cloud storage, you can buy a hard drive once and store your files there. These drives offer lots of space at a one-time cost that can save you money over the years.


Make Digital Clean-Up a Routine

Just like cleaning your home, organizing your digital life works best when done regularly. Pick a day every few months to sort through your phone or computer. It may seem boring at first, but it feels great once done.

By cleaning your digital space often, you can keep your devices faster, reduce stress, and stop spending extra money on storage you might not need.


Read more »
Software
CISA Cyber Security Oracle Cloud Software

CISA Raises Alarm Over Oracle Cloud Security Leak

 



The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned organizations about growing digital threats after a security incident involving Oracle’s old cloud systems. The alert points to the danger of leaked login details falling into the wrong hands, even though the full damage is still being investigated.

What Caused the Concern

Earlier this year, Oracle found out that hackers had broken into two outdated servers that were no longer in use. These systems were part of older technology, not tied to the company's current cloud services. While Oracle says its newer systems are unaffected, attackers still managed to steal information like emails, usernames, passwords, and digital keys used for logging in.

Some of this stolen information was shared online, with parts of it appearing to be more recent than expected. Cybersecurity news sources also received samples from the attacker, which some Oracle clients confirmed were real.


Why This Is a Big Deal

CISA explained that when login details are hidden inside software or automated tools, they’re hard to find and fix. If stolen, these hidden credentials could let hackers into systems without being noticed for a long time. Even worse, people often use the same passwords for different tools, which can help attackers reach more places using just one stolen set of details.


What Organizations Should Do Now

To reduce the chance of harm, CISA advised companies to act quickly. Their suggestions include:

1. Change all possibly affected passwords right away  

2. Stop storing login details inside programs or scripts  

3. Use multi-factor authentication to add an extra layer of security  

4. Check recent login activity for anything unusual  


More Breaches Reported

Reports also say that hackers placed harmful software on other older Oracle servers in early 2025. These systems, called Oracle Cloud Classic, may have been targeted since January. During this time, the attackers reportedly accessed Oracle’s Identity Manager system, which stores user login data.

In a separate incident, Oracle Health — a company that handles medical records — was also affected. In January, patient data from several U.S. hospitals was reportedly exposed due to another breach.

Even though Oracle says its main services weren’t touched, these events show how risky old systems can be if they aren’t retired properly. Businesses are being reminded to strengthen their security, replace weak or hidden credentials, and keep an eye on their systems for any suspicious behavior.



Read more »
Subscribe to: Posts (Atom)