The software and cloud computing company Oracle warned its customers of the existence of a dangerous security vulnerability in the PeopleSoft program, which major companies use to manage payroll and human resources, a day after a cybercriminal group claimed responsibility for exploiting this vulnerability as part of a large-scale hacking campaign.
The company published this security warning, after the hacking group “Shiny Hunters” claimed to have hacked more than 100 organizations that use the “PeopleSoft” server application.
The TechCrunch website, which specializes in technology topics, noted that the cybersecurity company Mandiant, a subsidiary of Google that specializes in investigating electronic attacks, warned in a post on its blog that the new vulnerability in Oracle is the same one that the Shiny Hunters group exploited in the hacking operation it carried out. Oracle, which has not issued an update to address this vulnerability yet, explained in the warning that this vulnerability can be exploited over the Internet. Without the need for any means of identity verification, such as a password.
Oracle recommended that its customers, who use the PeopleSoft program, implement the protection measures it provides to prevent exploitation of the security vulnerability.
A member of the Shiny Hunters group announced that the group had hacked into companies’ systems by exploiting a security flaw in PeopleSoft’s servers.
This vulnerability is considered a category known as a “zero-day vulnerability,” which means that this vulnerability was not known before, and the company developing the application, which is “Oracle” in this case, did not have enough time to fix it before it was discovered and exploited.
