You might recall the recent Oracle cloud breach. If not, this and this will act as a refresher.
Related to that, the CISA has warned of potential unauthorized access to legacy Oracle cloud environments related to exposed credentials reused across separate, unaffiliated systems, or embedded (i.e., hardcoded into scripts, applications, infrastructure templates, or automation tools).
Details can be found here: https://www.cisa.gov/news-events/alerts/2025/04/16/cisa-releases-guidance-credential-risks-associated-potential-legacy-oracle-cloud-compromise
Jim Routh, Chief Trust Officer at Saviynt, provided the following comments:
“Software engineers often embed authentication credentials or scripts for convenience when applications are being tested before production. However, engineers often neglect to remove the embedded credentials once the code is put into production. This creates a vulnerability that threat actors actively exploit, giving them access to the application where they may escalate privileges, obtaining access to more sensitive information. There are now tools available that identify credentials in software code, but these tools are not widely used. The root cause of this problem for enterprises is to improve processes for credential management using more advanced privileged access management capabilities and seeking alternatives to credentials through passwordless authentication options.”
You can expect more warnings like this in the near future as this Oracle breach really has the potential to be THE breach of the year.
Related
This entry was posted on April 17, 2025 at 12:57 pm and is filed under Commentary with tags CISA, Oracle. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
CISA Warns of Credential Risks From Oracle Cloud Leak
You might recall the recent Oracle cloud breach. If not, this and this will act as a refresher.
Related to that, the CISA has warned of potential unauthorized access to legacy Oracle cloud environments related to exposed credentials reused across separate, unaffiliated systems, or embedded (i.e., hardcoded into scripts, applications, infrastructure templates, or automation tools).
Details can be found here: https://www.cisa.gov/news-events/alerts/2025/04/16/cisa-releases-guidance-credential-risks-associated-potential-legacy-oracle-cloud-compromise
Jim Routh, Chief Trust Officer at Saviynt, provided the following comments:
“Software engineers often embed authentication credentials or scripts for convenience when applications are being tested before production. However, engineers often neglect to remove the embedded credentials once the code is put into production. This creates a vulnerability that threat actors actively exploit, giving them access to the application where they may escalate privileges, obtaining access to more sensitive information. There are now tools available that identify credentials in software code, but these tools are not widely used. The root cause of this problem for enterprises is to improve processes for credential management using more advanced privileged access management capabilities and seeking alternatives to credentials through passwordless authentication options.”
You can expect more warnings like this in the near future as this Oracle breach really has the potential to be THE breach of the year.
Share this:
Like this:
Related
This entry was posted on April 17, 2025 at 12:57 pm and is filed under Commentary with tags CISA, Oracle. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.