Mastodawn

Kevin Beaumont Oct 6

Cl0p ransomware extortion gang have a zero day in Oracle E-Business Suite (component: BI Publisher Integration) - which they’ve been exploiting since last month to steal data.

https://www.bleepingcomputer.com/news/security/oracle-patches-ebs-zero-day-exploited-in-clop-data-theft-attacks/

Oracle patches EBS zero-day exploited in Clop data theft attacks

Oracle is warning about a critical E-Business Suite zero-day vulnerability tracked as CVE-2025-61882 that allows attackers to perform unauthenticated remote code execution, with the flaw actively exploited in Clop data theft attacks.

BleepingComputer

Kevin Beaumont Oct 6

A few days ago Oracle, via the media, blamed their own customers for not installing a July security update.. then when the media coverage stopped, quietly released a new security update for the actual exploited vulnerability. 🥴

Kevin Beaumont Oct 6

The details for the Oracle hack are as embarrassing as you'd imagine..

../

https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/

Kevin Beaumont Oct 7

Here's the original Oracle explanation - before the post mysteriously disappeared (even from Internet Archive etc).

Kevin Beaumont Oct 7

The craziest part of the Oracle story is they got the exploit chain via... LAPSUS$.

Before Oracle had an advisory, on Telegram LAPSUS$ posted a working zero day exploit - dated May 2025.

Yes, the teenagers at LAPSUS$ know more about Oracle's security vulnerabilities than Oracle.

-rw-r----- 1 root root 3713 Jun 15 18:19 exp.py
-rw-r--r-- 1 root root 2749 Oct 3 14:54 readme.md
-rw-r----- 1 root root 2651 May 16 10:07 server.py

Kevin Beaumont Oct 7

Having large corporations pay hundreds of millions of US dollars in Bitcoin to teenagers to cover up their data breaches is fucking stupid by the way, as said teens then spend the bitcoin on exploits* - we're in a race to the bottom to arm teens with rocket launchers.

* one of the LAPSUS kids also allegedly ordered pizza to his nans house with bitcoin

APTs aren't nation states anymore, they're Advanced Persistent Teenagers as covering up breaches has lowered the bar. Global gov inaction.

@GossiTheDog Its even more funny they don't even buy exploits that often (rather sell them) its a brain-race between the old capitalists and young bored digital-native teenagers xD check out stuff like darknetdiaries podcast (especially the xbox underground episodes for example) for more fun in that department ;)
Edit: and we don't "arm" teenagers. the old gov officials are just fighting with rocks and sticks against tanks ;) Tho your right with providing them with alot of cash does not help the problem.

Pope Bob the Unsane Oct 11

@snornik it really is wild what access a teenager has to the world, these days. I mean, I poked around and did things way back when, but there was so much less to exploit.

@bobdobberson @GossiTheDog
What in what days did you poke around? 2000 was basically a free for all deathmatch xD

Pope Bob the Unsane Oct 11

@snornik I missed out on that, I was keeping my nose clean in those days, and avoiding tempting knowledge that might get me behind bars.

@bobdobberson @GossiTheDog
I do get that... but modem times, pre DSL routers. no firewalls. remote exploits of win95 win98 xp. so many weak servers. its was hilarious. got better tho, way way better. still it was way more wild what you could do early 2k. than now.

Pope Bob the Unsane Oct 11

@snornik no doubt, however there were far fewer things on 'the net' to begin with.

And yeah, you get to the point near the end there; smaller attack surface, not as much infrastructure to get into, possible to get in through someone's modem, but modem -> net -> modem was painfully slow.

I also think there's more of an enticing cat-n-mouse challenge these days, as security has changed and learned a lot since the modem days. hell, we used to use rsh, or telnet.

@bobdobberson @GossiTheDog check out kevin mitnick's books.. back then was much much more to capture but different stuff like military, secret services etc. yeah security has changed but companies didn't. the vulnerable systems got less but are now much more valuable if you get one. it got much worse in that department. cause of data hoarding about millions on a single server. or a "cloud" or rather the whole cloud nonsense. catch one capture all is today's markup

@bobdobberson @GossiTheDog
in 2k even if there was a interesting server. it was not a catch-all with a single takeover.

@bobdobberson @GossiTheDog also telnet was not inertly insecure. if there wasnt a exploit out in the wild. they were just unencrypted. ftp was truly a easier and much more valuable target (and also unencrypted), not only by common exploits out in the wild but also cause of the files.. there is always a work/profit balance. 2k was easier but way less profit. the profit margins of a takeover are in my humble opinion the problem nowadays. ransomware would not exist if there would be not enough to demand a ransom about.

Pope Bob the Unsane Oct 11

@snornik getting access to a router rsh or telnet was going through got access to passwords. *shrug*

FTP holds a soft spot in my heart as I once caught an MP3 release crew in a honey-pot and hosted for them for a while. They were some interesting folks.

@bobdobberson @GossiTheDog
i am taking before routers existed *shrug* yeah open telnet on a router .... got damn i never have bought such a thing. btw. hosting a mp3 release group is punishable way harder than accessing a company. copyright is just sick

@bobdobberson @GossiTheDog
just FYI. to copy and sell a movie in germany is punished harder than pedophilia -.- for who knows what shitty reason. okay sry i know the reason cause money is worth more than a life.

Pope Bob the Unsane Oct 11

@snornik I feel that. It's really a shame that we've allowed corporations to have such control over things.

@bobdobberson @GossiTheDog
to come back to the original topic: at least there are the teens to put them into perspective xD I'm proud sometimes. those who didn't got it 40 years ago will never. but 15 year olds can punish them like its a joke today.

Pope Bob the Unsane Oct 11

@snornik I think it's a shame that the fallout from all of these exploits and hacks tends to affect the people, not the corporations.

@bobdobberson @GossiTheDog nah it does affect them it costs either alot of cash or loss of trust, corporate identity and customers. problem is alot of companies dont care, dont realise data hoarding is dangerous. fuck every privacy right of all humans. dont patch and don't spend any money on professionals until its to late. not the fault of the kids.

@bobdobberson @GossiTheDog
cause most of the bosses have problems of operating a phone and dont know shit bout any tech after 1945. even if their born 1980!
if FAX is a mystery for you just get out of society for the best for all.

Pope Bob the Unsane Oct 11

@snornik cronyism and the way business operates are definitely problems.

They eat the financial costs, insurance pays for some of it, the consumers pay for the rest. The stock-holders don't feel it, because if they did, they would roll heads.

Sure the company's name gets dragged through the mud, but it's another company tomorrow, and it's just commonplace, and people blame the hackers.

@bobdobberson @GossiTheDog yeah! a hack is like described as just bad weather from climate change. 🤪