{"id":3076,"date":"2025-10-03T14:53:25","date_gmt":"2025-10-03T14:53:25","guid":{"rendered":"http:\/\/ft365.org\/index.php\/2025\/10\/03\/hackers-target-unpatched-flaws-in-oracle-e-business-suite\/"},"modified":"2025-10-03T14:53:25","modified_gmt":"2025-10-03T14:53:25","slug":"hackers-target-unpatched-flaws-in-oracle-e-business-suite","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2025\/10\/03\/hackers-target-unpatched-flaws-in-oracle-e-business-suite\/","title":{"rendered":"Hackers Target Unpatched Flaws in Oracle E-Business Suite"},"content":{"rendered":"<div id=\"cphContent_pnlMainContent\">\n<h2>Written by<\/h2>\n<div>\n<p><img decoding=\"async\" src=\"http:\/\/ft365.org\/wp-content\/uploads\/2025\/06\/localimages\/a7d280e2-8cd7-47a1-ba33-0ae2a304849f.png?width=64&#038;height=64&#038;mode=crop&#038;scale=both&#038;format=webp\" alt=\"Photo of Kevin  Poireault\" loading=\"lazy\"><\/p>\n<\/div>\n<div id=\"cphContent_pnlArticleBody\">\n<div id=\"layout-75a3a80a-5db0-45a3-8a97-9b54556980c6\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>Oracle has advised customers that hackers may be exploiting vulnerabilities in unpatched instances of its E-Business Suite (EBS).<\/p>\n<p>This follows a warning by the Google Threat Intelligence Group (GTIG) that an individual or group of hackers were sending extortion emails to executives in several companies, claiming to have stolen sensitive data from Oracle\u2019s EBS.<\/p>\n<p>Oracle is aware that some Oracle EBS customers have received extortion emails, Rob Duhart, Oracle Security\u2019s CSO, confirmed in a statement published October 2.<\/p>\n<p>\u201cOur ongoing investigation has found the potential use of previously identified vulnerabilities that are addressed in the July 2025 Critical Patch Update,\u201d said Duhart, urging customers to apply the patches.<\/p>\n<h2><strong>Nine Oracle E-Business Suite Flaws to Patch Now<\/strong><\/h2>\n<p>Oracle\u2019s July 2025 critical patch update was a major security advisory where the business software provider released patches for 309 vulnerabilities across its product range.<\/p>\n<p>These included nine flaws affecting its E-Business Suite. Three are critical and three others are exploitable remotely without authentication.<\/p>\n<p>Here is the full list, from most to least severe:<\/p>\n<ul>\n<li>CVE-2025-30743 (CVSS: 8.1): \u00a0vulnerability in Oracle Lease and Finance Management, no remote exploit without authentication<\/li>\n<li>CVE-2025-30744 (CVSS: 8.1): vulnerability in Oracle Mobile Field Service, no remote exploit without authentication<\/li>\n<li>CVE-2025-50105 (CVSS: 8.1): vulnerability in Oracle Universal Work Queue, no remote exploit without authentication<\/li>\n<li>CVE-2025-50071 (CVSS: 6.4): vulnerability in Oracle Applications Framework, no remote exploit without authentication<\/li>\n<li>CVE-2025-30746 (CVSS: 6.1): vulnerability in Oracle iStore, possibility of remote exploit without authentication<\/li>\n<li>CVE-2025-30745 (CVSS: 6.1): vulnerability in Oracle MES for Process Manufacturing, possibility of remote exploit without authentication<\/li>\n<li>CVE-2025-50107 (CVSS: 6.1): vulnerability in Oracle Universal Work Queue, possibility of remote exploit without authentication<\/li>\n<li>CVE-2025-30739 (CVSS: 5.5): vulnerability in Oracle CRM Technical Foundation, no remote exploit without authentication<\/li>\n<li>CVE-2025-50090 (CVSS: 5.4): vulnerability in Oracle Applications Framework, no remote exploit without authentication<\/li>\n<\/ul><\/div>\n<div id=\"layout-17053c76-e463-46a7-9a89-346c27d68c39\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"1\">\n<h2><strong>Google Probes Large-Scale Email Extortion Campaign<\/strong><\/h2>\n<p>Researchers from Mandiant and GTIG contacted <em>Infosecurity<\/em> on October 2, saying they were investigating a large-scale email campaign linked to hundreds of compromised accounts.\u00a0<\/p>\n<p>Charles Carmakal, CTO of Mandiant at Google Cloud, noted that the campaign appears to be high-volume, with preliminary analysis tying at least one of the accounts to FIN11, a financially motivated threat group known for ransomware attacks and extortion schemes.\u00a0<\/p>\n<p>While the investigation is ongoing, the evidence so far suggests the attackers may be leveraging established cybercriminal infrastructure.<\/p>\n<p>The malicious emails include contact details that match addresses listed on the Clop ransomware group\u2019s data leak site (DLS), hinting at a possible connection to the notorious gang.\u00a0<\/p>\n<p>However, Carmakal cautioned that this does not confirm Clop\u2019s direct involvement, only that the attackers are exploiting the group\u2019s reputation to amplify pressure on victims.\u00a0<\/p>\n<p>Such tactics are common in financially driven cybercrime, where threat actors often impersonate or mimic well-known ransomware brands to enhance credibility and coercion.<\/p>\n<p>Given the complexities of attribution in cybercrime, Carmakal emphasized that the campaign could be the work of copycats rather than Clop itself.\u00a0<\/p>\n<p>He advised affected organizations to proactively investigate their systems for signs of compromise, as the use of Clop\u2019s branding may be a deliberate strategy to maximize intimidation.\u00a0<\/p>\n<p><em>Read more: Fraudsters Impersonate Clop Ransomware to Extort Businesses<\/em><\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Written by Oracle has advised customers that hackers may be exploiting vulnerabilities in unpatched instances of its E-Business Suite (EBS). This follows a warning by the Google Threat Intelligence Group (GTIG) that an individual or group of hackers were sending extortion emails to executives in several companies, claiming to have stolen sensitive data from Oracle\u2019s<\/p>\n","protected":false},"author":2,"featured_media":3077,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3076","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3076-ed00ad41-d847-4de7-bdf6-ca32eddfa07f.jpg",300,300,false],"thumbnail":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3076-ed00ad41-d847-4de7-bdf6-ca32eddfa07f-150x150.jpg",150,150,true],"medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3076-ed00ad41-d847-4de7-bdf6-ca32eddfa07f.jpg",300,300,false],"medium_large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3076-ed00ad41-d847-4de7-bdf6-ca32eddfa07f.jpg",300,300,false],"large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3076-ed00ad41-d847-4de7-bdf6-ca32eddfa07f.jpg",300,300,false],"1536x1536":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3076-ed00ad41-d847-4de7-bdf6-ca32eddfa07f.jpg",300,300,false],"2048x2048":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3076-ed00ad41-d847-4de7-bdf6-ca32eddfa07f.jpg",300,300,false],"morenews-featured":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3076-ed00ad41-d847-4de7-bdf6-ca32eddfa07f.jpg",300,300,false],"morenews-large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3076-ed00ad41-d847-4de7-bdf6-ca32eddfa07f.jpg",300,300,false],"morenews-medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3076-ed00ad41-d847-4de7-bdf6-ca32eddfa07f.jpg",300,300,false],"crawlomatic_preview_image":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/10\/3076-ed00ad41-d847-4de7-bdf6-ca32eddfa07f-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"http:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"http:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/3076","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=3076"}],"version-history":[{"count":0,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/3076\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/3077"}],"wp:attachment":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=3076"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=3076"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=3076"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}