CISA has issued a warning over the risk of data breaches following a security incident affecting legacy Oracle cloud environments, urging enterprises to shore up defences.
In an advisory published Wednesday 16th April, the security agency said the incident “presents a potential risk to organizations and individuals” despite unconfirmed reports on the scale of the breach.
CISA specifically highlighted risks for enterprises where credentials “may be exposed, reused across separate, unaffiliated systems, or embedded (i.e., hardcoded into scripts, applications, infrastructure templates, or automation tools)”.
“When credential material is embedded, it is difficult to discover and can enable long-term unauthorized access if exposed,” the agency added.
The advisory from CISA follows confirmation by Oracle that a threat actor leaked credentials sourced from what it referred to as “two obsolete servers” earlier this year.
In an email to affected customers, the cloud computing giant insisted the incident was limited to these impacted servers and not connected to Oracle Cloud Infrastructure or specific customer cloud environments.
“Oracle would like to state unequivocally that the Oracle Cloud – also known as Oracle Cloud Infrastructure or OCI – has NOT experienced a security breach”, the email read.
“No OCI customer environment has been penetrated,” it added. “No OCI customer data has been viewed or stolen. No OCI service has been interrupted or compromised in any way”.
How to shore up defenses after the Oracle incident
In its advisory, CISA also offered guidance to help enterprises mitigate any risk associated with the credential leak.
The agency urged organisations to reset passwords for affected users across the entirety of their network, adding that additional caution should be taken where credentials “may not be federated through enterprise identity solutions”.
Similarly, security personnel were advised to review source code, infrastructure as code templates, automation script, and configuration files for hardcoded or embedded credentials. These should be replaced with secure authentication methods, the agency insisted.
Further guidance included:
- Monitoring authentication logs for “anomalous activity, especially involving privileged, service, or federated identity accounts”.
- Assess if additional credentials – including API keys and shared accounts – might be associated with affected identities.
- Implement phishing-resistant multi-factor authentication (MFA) for all user and admin accounts “where technically feasible”.
MORE FROM ITPRO
Source link
-
-
-
-
-
-
-
-
