Thoughts on the recent alleged breach of Oracle Cloud’s login servers? What are your initial reactions to Oracle’s denial of the breach now that some customers have validated the leaked data?

Threat Intelligence & Incident ResponseThreat & Vulnerability Management
2.2k viewscircle icon1 Upvotecircle icon3 Comments
Sort by:
CIO in Government3 months ago

Shameful! As the saying goes, it's not the crime, it's the cover up. 
Oracle knew for months of the breach but kept on denying it rather than notifying their customers. 

CISO and Head of Digital Channels in Healthcare and Biotech3 months ago

To mitigate risks, we assumed breach, adhering to IR playbooks and pressuring the vendor for accountability.

CIO in Banking4 months ago

Take identity and access management very seriously , require single sign on through Office365 Azure AD , think of rehearsing circuit breaking , and utilize conditional access to your cloud tenants , consult with Oracle team to help apply CIS benchmarks and security best practices

Lightbulb on1

Content you might like

What sorts of failsafe processes/controls, etc, do you rely on to make sure terminated or suspended employees’ access credentials are revoked immediately? Does your org generally rely on direct communications from HR or do you have an HRM or similar system to automate this?

Excluding CVE, what other vulnerability databases/info sources do you use currently? Have you developed any contingency plans to lean on in case the CVE program loses funding?

Are CISA's current recommendations for preventing Maui ransomware attacks sufficient?

Yes, if followed correctly.39%

Unsure38%

No, there is still a significant risk.19%

Other (please tell us in the comments)3%

View Results

What are you working on to improve your threat hunting program (whether near- or long-term)?

If your org’s using any virtual assistants with AI capabilities, are you concerned about indirect prompt injection attacks?

Extremely concerned — it’s a major risk18%

Somewhat concerned — it's a potential risk69%

Mildly concerned — it’s on my radar9%

Not particularly concerned — I doubt we’ll be impacted2%

View Results