Oracle warns of security bug that hackers abused to breach 100+ companies

Oracle warned its corporate customers of a critical rated vulnerability in its PeopleSoft software. The software is used The company published the security advisory after the hacking group ShinyHunters claimed to have breached more than 100 organizations that use PeopleSoft servers. Mandiant warned in a blog post that the new Oracle flaw is the same bug that ShinyHunters is abusing in its hacking campaign targeting PeopleSoft customers. Oracle has not released a patch for the vulnerability at the time of writing. The advisory said the bug can be exploited over the internet without needing any authentication. Oracle recommended that customers who use PeopleSoft software apply its mitigations to prevent exploitation. A ShinyHunters member told TechCrunch that the gang compromised the companies Mandiant said that while several organizations successfully blocked the activity or remediated the vulnerabilities, others experienced compromise resulting in stolen data being published on the ShinyHunters Data Leak Website. Oracle did not respond to TechCrunch's request for comment. The ShinyHunters member told TechCrunch that some of the hacked organizations are universities and colleges. The hacker shared a message sent to one victim school in which the hackers claimed to have stolen hundreds of thousands of student records containing full name, home address, phone, email, date of birth, gender, ethnicity, enrollment status, GPA, major, and student ID across all campuses, among other data. PeopleSoft and its customers are the latest victims in a series of hacking campaigns