Cybercriminals have exploited a zero-day vulnerability in Oracle PeopleSoft, potentially breaching the networks of over 100 organizations, with a significant impact on higher education. The infamous ShinyHunters group has claimed responsibility, having named victims and leaked stolen data. The University of Nottingham confirmed a breach, with student data compromised. The attacks, dating back to May, exploit a flaw in Oracle PeopleSoft PeopleTools that allows remote code execution. Oracle disclosed the vulnerability and suggested mitigation steps but has yet to release a patch. Google has alerted over 100 organizations to potential vulnerabilities, with most victims in the U.S. and 68% in higher education. ShinyHunters’ extortion efforts are ongoing, with the campaign still active. This incident follows a similar attack by the Clop ransomware group on Oracle E-Business Suite less than a year ago.
Are universities being extorted due to an unpatched Oracle flaw?
