Thoughts on the recent alleged breach of Oracle Cloud’s login servers? What are your initial reactions to Oracle’s denial of the breach now that some customers have validated the leaked data?

Threat Intelligence & Incident Response Threat & Vulnerability Management

2.2k views1 Upvote3 Comments

Sort by:

CIO in Government3 months ago

Shameful! As the saying goes, it's not the crime, it's the cover up.
Oracle knew for months of the breach but kept on denying it rather than notifying their customers.

CISO and Head of Digital Channels in Healthcare and Biotech3 months ago

To mitigate risks, we assumed breach, adhering to IR playbooks and pressuring the vendor for accountability.

CIO in Banking4 months ago

Take identity and access management very seriously , require single sign on through Office365 Azure AD , think of rehearsing circuit breaking , and utilize conditional access to your cloud tenants , consult with Oracle team to help apply CIS benchmarks and security best practices

Content you might like

What sorts of failsafe processes/controls, etc, do you rely on to make sure terminated or suspended employees’ access credentials are revoked immediately? Does your org generally rely on direct communications from HR or do you have an HRM or similar system to automate this?

If you’ve worked with mobile applications and have experience scanning code, either for vulnerabilities or to ensure best practices, what tools or solutions would you recommend for iOS and Android platforms?

Are you concerned about this Twitter data leak impacting your employees?
https://www.bleepingcomputer.com/news/security/200-million-twitter-users-email-addresses-allegedly-leaked-online/

Very concerned8%

Somewhat concerned55%

A little concerned28%

Not at all concerned10%

Other (I’ll explain in the comments)

View Results

Excluding CVE, what other vulnerability databases/info sources do you use currently? Have you developed any contingency plans to lean on in case the CVE program loses funding?

Has your company made you feel comfortable about the prospect of returning to the office?

Yes - My company has been clear with the back to office plan82%

No - Messaging around return to the office has been confusing and disjointed17%

Thoughts on the recent alleged breach of Oracle Cloud’s login servers? What are your initial reactions to Oracle’s denial of the breach now that some customers have validated the leaked data?

Sort by:

Content you might like

What sorts of failsafe processes/controls, etc, do you rely on to make sure terminated or suspended employees’ access credentials are revoked immediately? Does your org generally rely on direct communications from HR or do you have an HRM or similar system to automate this?

If you’ve worked with mobile applications and have experience scanning code, either for vulnerabilities or to ensure best practices, what tools or solutions would you recommend for iOS and Android platforms?

Are you concerned about this Twitter data leak impacting your employees?
https://www.bleepingcomputer.com/news/security/200-million-twitter-users-email-addresses-allegedly-leaked-online/

Excluding CVE, what other vulnerability databases/info sources do you use currently? Have you developed any contingency plans to lean on in case the CVE program loses funding?

Has your company made you feel comfortable about the prospect of returning to the office?

What sets us apart?

Take Your Insights On-the-Go

Thoughts on the recent alleged breach of Oracle Cloud’s login servers? What are your initial reactions to Oracle’s denial of the breach now that some customers have validated the leaked data?

Sort by:

Content you might like

What sorts of failsafe processes/controls, etc, do you rely on to make sure terminated or suspended employees’ access credentials are revoked immediately? Does your org generally rely on direct communications from HR or do you have an HRM or similar system to automate this?

If you’ve worked with mobile applications and have experience scanning code, either for vulnerabilities or to ensure best practices, what tools or solutions would you recommend for iOS and Android platforms?

Are you concerned about this Twitter data leak impacting your employees?https://www.bleepingcomputer.com/news/security/200-million-twitter-users-email-addresses-allegedly-leaked-online/

Excluding CVE, what other vulnerability databases/info sources do you use currently? Have you developed any contingency plans to lean on in case the CVE program loses funding?

Has your company made you feel comfortable about the prospect of returning to the office?

What sets us apart?

Take Your Insights On-the-Go

Are you concerned about this Twitter data leak impacting your employees?
https://www.bleepingcomputer.com/news/security/200-million-twitter-users-email-addresses-allegedly-leaked-online/