Kwihlabathi elimdaka ledatha ebiweyo, isidima yinto yonke. Ukuba umdlali oyisoyikiso akakwazi ukubonisa ukuba ukutsalwa kwabo kusemthethweni, ukuthembeka kwabo-kunye nosuku lwabo lokurhola-kuyaphela. Yiloo nto kanye ebonakala ngathi iyenzeka ngokutyholwa ngokwaphulwa kwedatha ye-Oracle. Ngomhla we-21 ngo-Matshi 2025, i-XVigil ye-CloudSEK yafumanisa umdlali wengozi, "rose87168," uthengisa iirekhodi ze-6M ezikhutshwe kwi-SSO kunye ne-LDAP ye-Oracle Cloud. Idatha ibandakanya iifayile ze-JKS, iiphasiwedi ezifihliweyo ze-SSO, iifayile eziphambili, kunye nomphathi weshishini izitshixo ze-JPS. I-Oracle iye yaphika ukuphulwa kwaye ukususela ngoko iinzame ze-hacker zokuthengisa ulwazi olubiweyo kwiiforum zewebhu ezimnyama, zibalekela ekuchaseni okungalindelekanga. Abathengi abalunywanga. Okubi nakakhulu, abanye bathandabuza ngokuphandle ukuba ngaba oko kwaphulwa yinyani kwaphela. Yintoni eyenza oku kube nomdla ngakumbi kukwenziwa kwe-akhawunti entsha kwiforum abanye abathi yi-Oracle ebangela ukuba semthethweni kobuxoki bedatha ebiweyo. Ndijoyine kuphando lwam kwimiba ekhoyo ngoku kunye nokuthengiswa kwe-oracle.
Ukwehla kokuQala: Ithagethi ekwiProfayili ephezulu.
Umdlali we-actor we- rose87168 waqala ukubonakala kwiforum eyaziwayo ye-cybercrime, eqhayisa ngokuba ne-treasure trove yedatha yangaphakathi ye-Oracle. Njengokuvuza kwexabiso eliphezulu, bagcina iinkcukacha zingacacanga-zanele ngokwaneleyo ukuvuselela umdla ngaphandle kokunikezela nantoni na simahla. Iisampulu ezihlaziyiweyo ezimbalwa, ithegi yexabiso, kunye nesithembiso esinokusiqinisekisa abathengi ngaphambi kokuthenga.
Ulwaphulo lwedatha luqulethe ezi zinto zilandelayo:
Unokucinga ukuba ukophulwa kwe-Oracle kuya kuba lula ukuthengisa kodwa endaweni yokunikezelwa kwangoko, ukuthandabuza kwazalisa umsonto. Ekubeni i-Oracle iye yaphika amabango okuphulwa, amalungu eforum acinezele ubungqina obuninzi, ebuza ukuba semthethweni kokulahla. Oku akuqhelekanga-abathengi abafuni ukukhwabanisa-kodwa kulo mzekelo, i-pushback yayinobudlova ngokungaqhelekanga.
Iingxoxo ezinomthunzi.
Iingxoxo ezijikeleze ukophulwa kwedatha ye-Oracle yinto entsha kum. Ngokuqhelekileyo ukuthengisa inkunkuma yedatha ngokuthe ngqo phambili kwaye yintengiselwano emfutshane. Imeko yangoku isiphithiphithi kwaye igcwele amathandabuzo phakathi koontanga. Kukho iincoko malunga nenzondo ye-Oracle kunye nokungabikho kokuvuma kwabo malunga nokuqonda ubuthathaka bokhuseleko. Enye incoko enjalo imalunga nosoyikiso lomdlali omnye odiza ibug kwisoftware yabo yedatha kwaye u-Oracle uyaziphindezela kuphicotho-zincwadi. Ngokungathandabuzekiyo, ndivakalelwa kukuba i-cybercriminal underbelly ayingomlandeli we-Oracle ngesizathu esingaziwayo.
Isithunzi egumbini.
Kukwakho nelinye ibango lokuba umlingisi wesongelo ngokwenene "ungaphakathi". Eli libango nje kodwa liyongeza into enika umdla kweli bali. Incoko ingena kumdlali ochaza ukuba kufuneka kubekho ubuncinane imigca ye-10,000 yesampuli ukuqinisekisa ibango lokuphulwa. Kakade ke, nabanye bayangenelela. Kwakule ncoko inye umntu obizwa ngokuba ngumvavanyi27 uthi i-CloudSEK icwangcise ulwaphulo-mthetho? Umdlali weqonga uthi i-CloudSEK icwangcise ukophulwa komsebenzi wakhe, kwaye basebenza njengo-rose aka… Bahamba bayokutsho ukuba banencoko yonke erekhodiweyo kwaye iqabane labo nguAlon Gal. Ngaba sikho nasiphi na isiseko kweli bango? Okwangoku sisityholo nje, kodwa iyabuza ukuba loo nto iyinyani na. Ndiyathetha ukuba sonke sizibonile izoyikiso zangaphakathi kunye nolwaphulo-mthetho ngaphambili kwiinkampani.
Ndandicinga ukuba ndiyibonile yonke into endiza kuyibona, kwaye oku kuphulwa kwedatha kwakungayi kuthengisa. Kwavela incoko entsha kunye nomdlali we-actor. Yayiyi-akhawunti eyadalwa ngomhla we-3/25/2025 kwaye yayikhuthaza nomdlali ukuba semthethweni kokulahlwa kwedatha. Abanye babede batsho ukuba iakhawunti entsha ephikisanayo yeka-Oracle okanye umntu wesithathu ukunqanda ukuthengiswa kwedatha.
Kuvela uMceli-mngeni Ongaqondakaliyo
Omnye wabagxeki kakhulu yayiyi-akhawunti esanda kwenziwa eyakhawuleza yathandabuza amabango omthengisi. Umdlali wesongelo, esele esemngciphekweni, watyhola ngokukhawuleza i-akhawunti yokuba idibaniswe ne-Oracle. Ukuba yinyaniso, eli ibingayi kuba sisihlandlo sokuqala ukuba inkampani (okanye iqela lesithathu lenkampani yezobuntlola) ingene kwiforam ukuze iphazamise intengiso. Ngokufuna ubungqina, ukukhomba ukungahambelani, kunye nokubiza umdlali ngobuqhetseba, i-akhawunti inokuzama ukugubha ukuzithemba komthengi, ukwenza idatha ebiweyo ingabi naxabiso. I-hacker yatshitshisa, igxininisa ukuba idatha yayiyinyani-kodwa umonakalo wawusele wenziwe.
Okokuqala, makhe sijonge ingxelo eyenza ezi zityholo. Yiakhawunti esanda kwenziwa, akukho nqanaba kunye nodumo. Ezi akhawunti zikrokreleka kakhulu xa kufikwa kwintengiselwano kunye nezenzo. Into yokugqibela eyenziwa lilungu elitsha kukucela umngeni kumalungu anesikhundla nodumo. Yenza izinto zicace kwaye zikrokre ngeyona ndlela.
Ngethuba lencoko, i-akhawunti entsha icela umngeni wokuba semthethweni kokulahlwa kwedatha, kwaye umdlali wesongelo ngokukhawuleza uthi i-akhawunti entsha yi-Oracle okanye umntu wesithathu. Incoko iqala ukusasazeka njengomlilo wasendle kwaye kungekudala uninzi lwamalungu akwicala le-Oracle kwaye iakhawunti entsha ibanga ukulahlwa kwedatha iyinkohliso.
Lo ayingomcimbi wexesha elinye kuphela. Ukuthengisa data corporate usoloko ukugembula . Ngokungafaniyo nolwazi lomntu, olunokwenza imali ngokukhawuleza, ukuvuza kweenkampani kufuna ukuthenjwa. Umthengi kufuneka akholelwe ukuba idatha inexabiso, ukuba ikhethekile, kwaye abahambi emgibeni. Ngegama lika-Oracle elincanyathiselwe, izibonda ziphezulu ngakumbi. Iinkampani zolu bungakanani zinamaqela apheleleyo azinikele ekulandeleni nasekunciphiseni ukophulwa kwemithetho. Nawuphi na umthengi obanjwe esebenza ngedatha ye-Oracle ebiweyo unokuzifumana sele ekwi-crosshairs esemthethweni-okanye okubi ngakumbi, ethenga inkunkuma engenaxabiso.
Ukuwa: Isivumelwano samathandabuzo
Ukuza kuthi ga ngoku, intengiso ihlala ikwi-limbo. Umdlali we-actor, ekhungathekile ngenxa yezityholo, uye waphindaphinda kabini, wathumela "ubungqina" obungakumbi kwimizamo yokusindisa isivumelwano. Kodwa umonakalo usenokungalungiseki. Abathengi bayathandabuza, kwaye ukuba akukho mntu uhamba phambili ngokukhawuleza, i-hacker inokunyanzeliswa ukuba ilahle ixabiso-okanye ihambe ingenanto. Kwi-Oracle, oku kunokuba luloyiso olunqabileyo kumdlalo wekati kunye nempuku we-cybersecurity. Ukuba inkampani (okanye umntu osebenzela egameni layo) ikwazile ukutyhefa equleni, baye baluphelisa ngokufanelekileyo ulwaphulo-mthetho ngaphandle kokufuna kwakhona idatha ngokwayo.
Kodwa kwi hacker? Kwimarike apho ukuthembana kuyiyo yonke into, basenokuba bafunde kabuhlungu ukuba ezinye izinto ezibiweyo zonakaliswe kakhulu ukuba zingathengiswa.
