Archive for November 11, 2025

The Washington Post Admits That It Was Pwned Via The Oracle E-Business Suite

Posted in Commentary with tags on November 11, 2025 by itnerd

The Washington Post has now joined the growing list of companies hacked via the apparent security issues with the Oracle E-Business Suite:

In a statement released on Thursday, the newspaper said it was one of those impacted “by the breach of the Oracle E-Business Suite platform.”

The paper did not provide further detail, but its statement comes after CL0P, the notorious ransomware group, said on its website that the Washington Post was among its victims. CL0P did not return messages seeking comment. Oracle pointed Reuters to a pair of security advisories issued last month.

Lidia Lopez, Senior Threat Intelligence Analyst at Outpost24 had this to say:

“The Oracle E-Business Suite exploitation confirms Cl0p’s continued shift from opportunistic ransomware to large-scale, coordinated data-theft operations targeting core business platforms. This is not an isolated case but part of a recurring pattern in which Cl0p identifies or acquires zero-day vulnerabilities in enterprise software, such as MOVEit, GoAnywhere, and now Oracle EBS, to compromise hundreds of organizations in a single, synchronized campaign. Strategically, it highlights how financially motivated actors are now pursuing the same mission-critical systems once primarily targeted by state-sponsored espionage.

Cl0p is a sophisticated ransomware and data-extortion group that often exploits zero-day or high-severity vulnerabilities in widely used enterprise software, such as managed file transfer platforms (MOVEit, GoAnywhere, Cleo) and business applications like Oracle E-Business Suite, to compromise multiple organizations simultaneously. They scan networks to identify vulnerable systems, gain initial access, establish persistence, move laterally, and quietly exfiltrate large volumes of sensitive data.

In recent campaigns, Cl0p has increasingly focused on data theft and extortion rather than encryption, threatening to publish stolen information on their Data Leak Site (DLS) to pressure victims into payment.

Unlike ransomware gangs that depend on large affiliate networks under Ransomware-as-a-Service (RaaS) models to conduct opportunistic attacks, Cl0p’s operations are centrally coordinated and technically sophisticated. This structure enables them to conduct large-scale, synchronized intrusion campaigns that exploit critical vulnerabilities before they are publicly disclosed or patched.”

Faik Emre Derin, Technical Content Manager at SOCRadar adds this comment: 

“The Oracle EBS breach affecting The Washington Post represents a continuation of systematic targeting of enterprise systems through CVE-2025-61882, a critical zero-day vulnerability with a CVSS score of 9.8. According to our threat intelligence data, this campaign has impacted dozens to over a hundred organizations globally since exploitation began in August 2025, well before Oracle’s emergency patch release on October 4.

What makes this campaign particularly concerning is the convergence of multiple threat actors. While Cl0p and FIN11 are conducting the primary extortion operations, our analysis indicates that the exploit was subsequently leaked by a separate collective called “Scattered Lapsus$ Hunters” on October 3, creating a broader threat landscape. The availability of public proof-of-concept exploits has significantly expanded the attack surface beyond the initial targeted campaign.

The vulnerability affects Oracle EBS versions 12.2.3 through 12.2.14, specifically targeting the BI Publisher Integration component within the Concurrent Processing module. This component’s unauthenticated remote code execution capability allows attackers to compromise systems without credentials, making internet-facing EBS deployments particularly vulnerable.

Organizations running Oracle EBS should prioritize several critical actions:

  • Immediate patching (ensuring the October 2023 CPU prerequisite is installed first)
  • Retroactive threat hunting dating back to August 2025
  • Examination of specific indicators of compromise including connections to IP addresses 200.107.207.26 and 185.181.60.11

Given the sophisticated nature of this campaign and the involvement of multiple financially motivated threat groups, we recommend organizations assume breach and conduct thorough forensic analysis even after patching.

The inclusion of prominent organizations like The Washington Post, Harvard University, and Schneider Electric in the victim list underscores that this is not an opportunistic attack but a calculated campaign targeting high-value enterprise data. The threat actors’ demonstrated ability to maintain persistent access for months before detection emphasizes the critical need for continuous monitoring and proactive threat hunting in enterprise environments.”

This is going to be this year’s MoveIT hack. That one was pretty bad. This is increasingly getting worse. And we’re not at the bottom of this yet. Which is bad for everyone.

Leave a comment »

Sage AI Trust Label Now Live for Tens of Thousands of Users

Posted in Commentary with tags on November 11, 2025 by itnerd

 Sage announced its AI Trust Label is now live in Sage Intacct for both US and UK customers. This first phase of a global rollout gives tens of thousands of users clearer insight into how AI is developed and used in business software, helping SMBs adopt AI with greater confidence.

Making AI easier to understand

The AI Trust Label provides transparent, accessible information about how AI functions across Sage’s products. It highlights key trust indicators, such as:

  • Global regulation compliance
  • Customer data usage
  • Systems monitoring accuracy and ethical performance

By simplifying complex technical details, Sage enables SMBs to understand the impact of AI in their business without needing technical expertise.

Built on a foundation of responsible innovation

The rollout of the AI Trust Label builds on Sage’s long-standing commitment to responsible technology development. In 2023, Sage published its AI and data ethics principles and adopted the US NIST AI Risk Management Framework globally. The company also signed the Pledge for Trustworthy AI in the World of Work to promote fairness and inclusion and implemented emerging standards such as the UK Government’s AI Cyber Security Code of Practice.

Why trust matters

Sage research shows a direct link between trust and AI adoption. While 94% of SMBs already using AI report seeing benefits, the majority (~70%) have yet to fully adopt the technology. The difference is trust.

Among those who trust AI, 85% say they actively use it in their business. Among those who don’t, that statistic drops to 48%. Less than half (43%) of SMBs say they have low trust in the companies building AI tools for business.

Now, Sage Intacct customers will see the AI Trust label within the product experience and can access additional details via Sage’s Trust & Security Hub.

Expanding across Europe and beyond

Following the successful rollout in the UK and US, Sage will extend the AI Trust Label across Europe as the next step in its roadmap. Future phases will expand the AI Trust Label to more products and markets globally.

Calling for collaboration in responsible AI

Sage continues to advocate for closer collaboration between industry and governments to establish a consistent and certified framework for AI labelling. The company is also exploring ways to share its own framework more broadly to help to accelerate AI adoption across the technology sector.

Leave a comment »

Starburst Teams Up with Snowflake and Industry Leaders 

Posted in Commentary with tags on November 11, 2025 by itnerd

Starburst today announced it is joining the Open Semantic Interchange (OSI), an open source initiative that creates a universal specification for all companies to standardize their fragmented data definitions with an open, vendor-neutral semantic model specification. OSI aims to enhance interoperability across various tools and platforms, offering enterprises a vendor-neutral specification that provides consistent metrics and definitions across dashboards, notebooks, and machine learning models. 

OSI is an open source initiative led by Snowflake, the AI Data Cloud company, and ecosystem partners across multiple domains and industries including business intelligence (BI), data governance, data engineering, AI, financial services, and manufacturing. Its goal is to create a common, vendor-agnostic specification that defines semantic metadata in a standard, open format. By facilitating seamless semantic metadata exchange, the initiative will accelerate the adoption of AI and BI tools to streamline operations and reduce complexity. This in turn allows organizations to unify their data definitions, leading to more comprehensive and accurate data analysis and data product sharing to fuel AI innovation.

As a member of OSI, Starburst is helping to build a transparent and community-driven standard for semantic model sharing, ensuring that business metrics and definitions remain consistent and interoperable.

OSI is poised to revolutionize interoperability within the data and AI ecosystem by providing a transparent, community-driven standard. This collaborative effort simplifies data operations, unlocks new possibilities for innovation, and gives organizations the flexibility and efficiency they need to build a future-ready data infrastructure.

To learn more about the Open Semantic Interchange visit Snowflake’s blog here

Leave a comment »

AI assistants can “sabotage” home cybersecurity says Cybernews

Posted in Commentary with tags on November 11, 2025 by itnerd

A Cybernews journalist ran a hands-on experiment that reveals how popular AI assistants like ChatGPT, Gemini, and Claude can unintentionally sabotage home network security.

“With the help of AI, I’ve spent nearly the whole day experimenting and setting up an NGINX reverse proxy,” the author writes. “My prompt was simple: ‘For my home lab, I registered a .com domain, so I can use secure TLS. But how do I do that?'”

The chatbots’ responses turned out to be dangerous.

“It then instructed that I need my public DNS to point to my home WAN. This is terrible advice. Not only does it expose my home IP address, but it also provides potential attackers with insights into the internal structure of my services and devices.”

“And it gets even worse. For this method to work, following the path down the road, you would need to further expose the network and run services on the open internet. The chatbots suggest exactly that – to open ports 80 and 443. Thousands of malicious bots scan each IP address every day for any exposed vulnerability.”

The experiment shows how AI tools can produce confident but unsafe recommendations, leading users to expose their systems online.

“Chatbots might be solving PhD-level problems in benchmarks,” the author notes, “but when it comes to real-life situations, they just produce generic advice that sometimes works, but neither optimally, nor will they ask about your specific situation to do better.”

For more information, here’s the full article: https://cybernews.com/security/experiment-ai-assistant-sabotaging-home-lab-security/ 

Leave a comment »

Angela Bai Joins Hammerspace as China Country Manager

Posted in Commentary with tags on November 11, 2025 by itnerd

 Hammerspace, the high-performance data platform for AI Anywhere, today announced the appointment of technology veteran Angela Bai as its China Country Manager, underscoring the company’s accelerated global expansion and commitment to one of the world’s most dynamic AI markets.

With more than 20 years of leadership experience driving strategic growth and channel development for major technology companies, including Quantum, Sun Microsystems and Impinj, Bai brings a proven track record of building high-impact teams and partnerships across China’s enterprise and hyperscale markets. She will lead Hammerspace’s operations, partnerships and customer success strategy in China, enabling organizations to harness distributed unstructured data for large-scale AI and high-performance computing (HPC) workloads.

Hammerspace entered the Chinese market earlier this year as part of its global growth strategy to make AI infrastructure more efficient and accessible. The company is seeing a surge in demand from Chinese hyperscalers and enterprises seeking to eliminate data silos and accelerate AI development with unified, high-performance data orchestration.
 

According to Morgan Stanley Research, China’s core AI industry is projected to reach $140 billion by 2030, expanding to $1.4 trillion when infrastructure and component ecosystems are included.

The Hammerspace Data Platform eliminates the need for costly infrastructure overhauls or new storage silos, enabling enterprises to seamlessly harness their existing data for accelerated AI computing.   Hammerspace, a member of the NVIDIA Inception program, unifies unstructured enterprise data across diverse storage architectures, geographies, and protocols, enabling organizations to convert raw data into AI-ready intelligence with unprecedented speed. By leveraging existing infrastructure and scaling seamlessly with growing needs, the platform delivers a robust foundation for Retrieval-Augmented Generation (RAG), complex agentic workflows, and the emerging era of physical AI. With Hammerspace, enterprises achieve AI-driven outcomes faster, driving innovation and competitive advantage.

Current open positions at Hammerspace are available on its Careers page.

Leave a comment »

A Follow Up To My WordPress Posting Issues

Posted in Commentary with tags on November 11, 2025 by itnerd

Last night I posted a story about a problem posting stories which wasn’t just affecting me, but some other people as well. While I had a workaround, it wasn’t optimal. That changed this morning when I got an email from a WordPress “happiness engineer” who I assume is their term for a tech support person. This is the email that I got:

Hi there!
 
We’ve recently received a tweet via X (Twitter) referring to an issue with posting on your site – itnerd.blog. Thank you for reaching out. I wanted to follow up here to make sure that’s addressed correctly 🙂
 
There seems to be a conflict with the new editor version and the AMP plugin. You can deactivate it from Plugins → Installed Plugins.
Our belief is the AMP plugin is no longer needed in most use cases, and you can keep it deactivated. But if you have a specific reason to re-enable please let me know and I can look into other solutions for you.
 
If you have any additional questions, don’t hesitate to let me know, I’d be happy to help!

So, the TL:DR is what this “happiness engineer” suggested worked. But let’s go into the weeds. AMP stands for Accelerated Mobile Pages. Google came up with this a few years ago to make pages load faster on mobile devices.

AMP has two basic components:

  1. A way of writing small web-pages
  2. A way of caching/loading those small web-pages to make them quicker to load.

But it’s fallen out of favor because In order to use AMP, you also need to agree to allow anyone to “cache” the AMP versions of you web-pages. This means that they can take a copy of the page and direct people to that copy, rather than the original version on your web-site. Which is a #fail if you are trying increase traffic to your website. And some big social media sites don’t like AMP at all. Reddit for example gives you a warning if you use an AMP link in a Reddit post.

So the suggestion from WordPress that AMP isn’t needed anymore has some degree of validity. Which is why I disabled it on my site. But the thing is that WordPress clearly broke something when they updated the post editor. Hopefully they don’t press the “easy button” and make this default solution for this issue because there’s clearly a bug that they need to fix. Plus it was working up until 1PM EST yesterday which supports the fact that they broke something. So here’s hoping that they do the right thing that will help users and themselves in the long term.

Leave a comment »