Oracle Warns of Security Bug That Hackers Abused to Breach 100+ Companies
In a recent alert, tech giant Oracle warned of a critical security flaw that has been exploited by a notorious cybercrime gang as part of a large-scale hacking campaign. The vulnerability, which affects Oracle’s Fusion Middleware, has been identified as a key factor in the breach of over 100 companies, according to Google, which notified the affected organizations about the potential threat.
The cybersecurity community has been put on high alert following the discovery of the security bug, which allows hackers to gain unauthorized access to sensitive data and systems. The warning comes as a reminder of the importance of keeping software up to date and the need for proactive measures to prevent such cyberattacks.
Understanding the Security Flaw
The security flaw in question is a vulnerability in Oracle’s Fusion Middleware, a software suite that provides a range of tools and technologies for building, deploying, and managing enterprise applications. The vulnerability, which has been assigned a Common Vulnerabilities and Exposures (CVE) number, can be exploited by hackers to gain control of affected systems and steal sensitive data.
According to Oracle, the vulnerability is related to a deserialization flaw in the Oracle Fusion Middleware, which can be exploited by sending a specially crafted request to the affected system. Once exploited, the vulnerability allows hackers to execute arbitrary code on the affected system, potentially leading to a full compromise of the system and its data.
Cybercrime Gang Exploits the Vulnerability
A notorious cybercrime gang has been linked to the exploitation of the Oracle vulnerability as part of a mass-hacking campaign. The gang, which has been active for several years, has been known to target a wide range of organizations, including companies, government agencies, and non-profit organizations.
According to reports, the cybercrime gang has been using the Oracle vulnerability to gain access to sensitive data and systems, including financial information, personal data, and intellectual property. The gang has been using the stolen data for various malicious purposes, including ransomware attacks, phishing campaigns, and identity theft.
Google Notifies Affected Organizations
Google has notified more than 100 organizations that have potentially vulnerable servers, which could be exploited by hackers using the Oracle vulnerability. The notifications were sent to organizations that have Oracle Fusion Middleware installed on their systems, and which may be vulnerable to the security flaw.
According to Google, the notifications were sent as part of its efforts to help organizations protect themselves against potential cyberattacks. The company has also provided guidance and recommendations to help organizations mitigate the vulnerability and prevent exploitation.
Recommendations for Mitigation
To mitigate the Oracle vulnerability and prevent exploitation, organizations are advised to take the following steps:
- Apply the latest security patches: Oracle has released a security patch for the vulnerability, which should be applied as soon as possible to prevent exploitation.
- Update software and systems: Organizations should ensure that all software and systems are up to date, including Oracle Fusion Middleware and any other affected systems.
- Use a web application firewall (WAF): A WAF can help detect and prevent attempts to exploit the vulnerability.
- Monitor system activity: Organizations should monitor system activity for signs of suspicious behavior, such as unusual login attempts or access to sensitive data.
- Implement security best practices: Organizations should implement security best practices, such as encryption, access controls, and authentication, to protect sensitive data and systems.
Conclusion
The Oracle vulnerability and the associated hacking campaign are a reminder of the importance of proactive cybersecurity measures. Organizations must stay vigilant and take prompt action to mitigate potential security threats, including keeping software up to date, using security best practices, and monitoring system activity for signs of suspicious behavior.
By taking these steps, organizations can help protect themselves against potential cyberattacks and prevent the exploitation of vulnerabilities like the one in Oracle’s Fusion Middleware. The incident also highlights the need for collaboration and information sharing between organizations and cybersecurity experts to combat cybercrime and protect sensitive data and systems.
Additional Resources
For more information on the Oracle vulnerability and the associated hacking campaign, organizations can consult the following resources:
By staying informed and taking proactive measures, organizations can help protect themselves against potential cyberattacks and prevent the exploitation of vulnerabilities like the one in Oracle’s Fusion Middleware.

