Google to Oracle customers: Apply emergency patches immediately

Google’s threat intelligence team and Mandiant have tracked a large-scale extortion campaign that began last month. The company’s security researchers have warned that in this campaign, hackers are targeting companies that use Oracle E-Business Suite (EBS). The threat actors, who claim an affiliation with the CL0P extortion brand, sent a high volume of emails to executives at numerous organisations. These messages falsely claimed that sensitive data had been stolen from the victims’ Oracle EBS environments. Oracle later reported that the hackers may have exploited vulnerabilities that were patched in July. Earlier this month, Oracle recommended that customers apply the latest critical patch updates. Now, a Google blog post has also advised Oracle customers to apply emergency patches immediately and has shared steps to know if they’ve been affected. The company asked Oracle customers to hunt for malicious database templates, restrict outbound internet access, monitor network logs for suspicious activity and use memory forensics to know their status.