Technology
Oracle zero-day serves up persistent access.
In this episode, we explore the critical zero-day vulnerability in Oracle's E-business suite that is currently under active exploitation, allowing attackers to gain persistent access. We also dis...
Oracle zero-day serves up persistent access.
Technology •
0:00 / 0:00
Interactive Transcript
spk_0
You're listening to the CyberWire Network, powered by N2K.
spk_0
And now, a word from our sponsor, the Johns Hopkins University Information Security
spk_0
Institute is seeking qualified applicants for its innovative master of science and security
spk_0
informatics degree program. Study alongside world-class inter-disciplinary experts and gain
spk_0
unparalleled educational research and professional experience in information security and assurance.
spk_0
Interested U.S. citizens should consider the Department of Defense's Cyber Service Academy
spk_0
program, which covers tuition, textbooks, and a laptop, as well as providing a $34,000
spk_0
additional annual stipend. Apply for the fall 2026 semester and for this scholarship by February 28th.
spk_0
Learn more at cs.jhu.edu slash MSSI.
spk_0
A critical zero-day and Oracle E-business suite is under active exploitation.
spk_0
ICE plans a major expansion of its social media surveillance operations.
spk_0
Discord confirms a third-party data breach. A critical vulnerability in the Unity game engine could allow arbitrary code execution.
spk_0
New variants of the X-Worm Remote Access Trojans spread through fishing campaigns.
spk_0
Researchers uncover a critical command injection flaw in Dell storage appliances.
spk_0
There's been a sharp surge in reconnaissance scans targeting Palo Alto Network's login portals.
spk_0
A new hacking competition offers $4.5 million in prizes for exploits targeting major cloud and AI software.
spk_0
We got our Monday business brief on our afternoon cyber-T segment with Microsoft's Anne Johnson and,
spk_0
and guest Volker Wagner, Chief Information Officer at BASF, share some lessons from the front lines of industrial security.
spk_0
And don't spend that park mobile settlement all in one place.
spk_0
It's Monday, October 6th, 2025. I'm Dave Bittner, and this is your CyberWire Intel Briefing.
spk_0
Thanks for joining us here today. Happy Monday. It is great as always to have you with us.
spk_0
A critical zero-day vulnerability in Oracle E-business suite is being actively exploited after a proof of concept code was released.
spk_0
The flaw rated 9.8 enables unauthenticated remote code execution over HTTP.
spk_0
Attackers are using reverse shell commands to gain persistent access.
spk_0
Forensic evidence links the exploit toolkit to groups such as scattered spider, lapses, and clop.
spk_0
Oracle urges immediate patching, noting only supported systems will receive fixes.
spk_0
Organizations can detect exposure using nuclei templates or shodan queries.
spk_0
Continuous monitoring and patch validation are essential to mitigate this active threat.
spk_0
U.S. Immigration and Customs Enforcement, you know them as ICE, is planning a major expansion of its social media surveillance operations, seeking to hire nearly 30 private contractors to monitor platforms such as Facebook, TikTok, and YouTube.
spk_0
For intelligence that could inform deportation raids and arrests.
spk_0
According to federal contracting records reviewed by Wired, the program would operate from ICE's targeting centers in Vermont and Southern California, running 24-7 and processing cases within hours.
spk_0
Contractors will use open source intelligence and commercial databases like Lexus Nexus and Clear to assemble digital dossiers.
spk_0
Planning documents also invite proposals incorporating artificial intelligence and automated data collection.
spk_0
Privacy groups, including the ACLU and the Electronic Privacy Information Center, warn that ICE's growing use of surveillance technologies and data brokers threaten civil liberties and may blur the line between immigration enforcement and political monitoring.
spk_0
ICE has not yet commented on the proposal, which remains in early planning stages.
spk_0
Discord has confirmed a data breach affecting users who contacted its support or trust and safety teams after a third party customer service vendor was compromised.
spk_0
Exposed data includes names, emails, billing details, and in some cases government ID images.
spk_0
Attacters also accessed IP addresses, messages, and attachments allegedly seeking ransom.
spk_0
Discord emphasized its own systems were not breached, cut off vendor access, and alerted law enforcement.
spk_0
The company calls the impact limited, though it hasn't disclosed how many users were affected.
spk_0
A critical vulnerability in the Unity game engine could allow attackers to execute arbitrary code through compromised Unity-built apps affecting Android, Windows, Linux, and Mac OS users.
spk_0
The flaw lets malicious files exploit app permissions to access confidential data, though Unity says any code execution remains limited to the app's privilege level.
spk_0
No active exploitation has been detected and patches are now available.
spk_0
Microsoft urged users to keep games updated and ensure defender protection is enabled while steam is blocking risky launch parameters.
spk_0
The bug discovered by researcher Ryotac of GMO flat security underscores the vast risk tied to Unity's global footprint,
spk_0
powering major titles like Pokemon Go and the mobile version of Call of Duty.
spk_0
New variants of the X-Warm Remote Access Trojan are spreading through fishing campaigns, months after its creator X-Coder abandoned the product.
spk_0
The latest versions are being adopted by multiple threat actors and now include over 35 modular plugins for data theft, remote control, file encryption, and ransomware.
spk_0
Researchers at Trellix report new infection chains combining social engineering and technical exploits including malicious JavaScript, Excel macros, and fake executables.
spk_0
The ransomware module encrypts user files and demands payment via Bitcoin.
spk_0
X-Warm's architecture supports extensive surveillance and credential theft across browsers, email clients, and crypto wallets.
spk_0
Despite its origins as a cracked underground tool, it remains a growing multipurpose threat across global campaigns, emphasizing the need for layered defenses, EDR monitoring, and strict email filtering.
spk_0
Researchers at Watch Tower uncovered a critical command injection flaw in Dell Unity VSA storage appliances.
spk_0
The bug allows unauthenticated attackers to execute arbitrary commands by exploiting a flaw in the system's login redirection logic, where unsanitized URIs are passed into a Pearl Command string.
spk_0
The latest version fixes the issue, Dell rates it with a high severity of 7.3, although others call it critical with a 9.8.
spk_0
Organizations should upgrade immediately.
spk_0
Security researchers at Grey Noise report a sharp 500% surge in reconnaissance scans targeting Palo Alto Network's login portals.
spk_0
With activity peaking at 1300 IPs on October 3, compared to a typical volume below 200, most scanning originated in the US, and 93% of IPs were flagged as suspicious.
spk_0
Grey Noise noted that similar surges have sometimes preceded new vulnerability disclosures, though no direct link has been established here.
spk_0
The activity mirrors recent spikes in Cisco ASA and other remote access product scans showing overlapping tooling and TLS fingerprints.
spk_0
The increase underscores continue to tackle interest in security appliances, which often serve as high value network entry points.
spk_0
Grey Noise is continuing to monitor whether this surge signals emerging vulnerabilities or coordinated reconnaissance efforts.
spk_0
Cloud security firm WIS has launched zero-day cloud, a new hacking competition offering $4.5 million in prizes for exploits targeting major cloud and AI software.
spk_0
Backed by AWS, Google Cloud, and Microsoft, the contest runs live at Black Hat Europe with entries due December 1st.
spk_0
Categories include AI, Kubernetes, containers, web servers, databases, and DevOps tools with top rewards reaching $300,000.
spk_0
Despite strong industry support, Trend Micro has accused WIS of copying PONTA own rules verbatim.
spk_0
This week's Monday Business Brief highlights a surge of mergers, acquisitions, and investments shaping the global AI and cloud landscape.
spk_0
Accenture announced plans to acquire Japan's IDAMI Inc. to strengthen its Learn Vantage service, while Honeybook bought Fine.dev to expand its AI development capabilities.
spk_0
Harness acquired Quiet AI to enhance application security and Taoping finalized a $21.3 million deal for Skylatter Group.
spk_0
Meanwhile, Lyatrio purchased Super Orbital's IP to merge consulting with advanced training.
spk_0
On the investment front, Syriber's systems raised $1.1 billion to expand AI chip innovation, while Versel secured $300 million to scale its AI cloud platform.
spk_0
Other notable rounds include D-Scope at $88 million, Zania at $18 million, Mondeau with $17.5 million, Gelt with $13 million, Long Eye at $5 million, and Hubside at $1.7 million.
spk_0
Clearwater and in-orbit AI also received undisclosed strategic and series A funding, respectively.
spk_0
Ethan Cook is the editor of our CyberWire Pro Business Brief newsletter. You can learn more and subscribe at the CyberWire.com.
spk_0
Coming up after the break, what does it really take to defend one of the world's largest chemical companies?
spk_0
Guest Volker Vodner joins NJK CyberWires afternoon CyberT podcast with Microsoft and Johnson.
spk_0
And don't spend that park mobile settlement all in one place. Stick around.
spk_0
At Talus, they know Cybersecurity can be tough and you can't protect everything. But with Talus, you can secure what matters most.
spk_0
With Talus's industry leading platforms, you can protect critical applications, data and identities, anywhere and at scale with the highest ROI.
spk_0
That's why the most trusted brands and largest banks, retailers and healthcare companies in the world rely on Talus to protect what matters most.
spk_0
Applications, data and identity. That's Talus.
spk_0
What's your two AM security worry? Is it do I have the right controls in place? Maybe are my vendor secure?
spk_0
Or the one that really keeps you up at night, how do I get out from under these old tools and manual processes? That's where Vanta comes in.
spk_0
Vanta automates the manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questionnaires.
spk_0
Their trust management platform continuously monitors your systems, centralizes your data and simplifies your security at scale.
spk_0
And it fits right into your workflows using AI to streamline evidence collection, flag risks and keep your program audit ready all the time.
spk_0
With Vanta, you get everything you need to move faster, scale confidently and finally get back to sleep.
spk_0
Get started at Vanta.com slash cyber. That's V-A-N-T-A dot com slash cyber.
spk_0
Microsoft and Johnson is host of the afternoon cyber tea podcast, which you can find right here on the N2K cyber wire network and recently got together with her guest Volker Wagner, chief information security officer at BASF to share some lessons from the front lines of industrial security.
spk_0
Today I'm excited to be joined by Volker Wagner, chief information security officer at BASF.
spk_0
I'm absolutely thrilled that you joined us today. What first drew you cyber security and how is your leadership philosophy evolved over time?
spk_0
Like for many of us, it was an incident which brought me into the cyber arena. More than 20 years back, I worked with a Trump telecommunications company in internal audit.
spk_0
I wanted to go to the front and see it and I have more to steering wheel in the hand and so it's a bit coming from the active to the proactive side and a bit more from the I would say from the control perspective to a security by design perspective.
spk_0
And I think it reflects a bit what we all have achieved as cyber security experts and leaders in the past couple of years that more and more we developed ourselves that we are more in the front row.
spk_0
So here I am now and looking very much forward to our talk today.
spk_0
So if it comes to the threat situation for us, I would say it's lots is related to the numbers we have in our group.
spk_0
So we have more than 100,000, 10,000 employees, spread over 150 countries in the world, the large digital footprint including some high value targets.
spk_0
If you ask me about what are the most concerning threats, the most serious risks which I'm concerned about.
spk_0
For sure number one is espionage or APD attacks on our business secrets on our ground tools and secondly more and more we see destructive attacks when somewhere attacks on our systems on our plans and our supply chains but on the basic infrastructure of IT as well.
spk_0
I'm curious how you think about resilience because as you know, you and I've talked about this, it is a strategic imperative.
spk_0
But when you think about cyber resilience across all of your businesses, what are the key pillars of your strategy and how are you trying to achieve it?
spk_0
So we decided to change our paradigm and we introduced our so called CO2USD2DG.
spk_0
We deploy the three basic principles, assume the breach.
spk_0
So you have to accept and I told it to my board of directors that we never ever can go for 100% prevention.
spk_0
We have to assume that already some elements of our networks might be compromised.
spk_0
Never trust always verifying, have your controls in place and provide least privileged access, try to reduce the damage potential.
spk_0
We try to introduce this very, very practical and want to elaborate it maybe in four domains.
spk_0
If devices are not patched on the latest operating system version, we don't grant access from remote anymore.
spk_0
We believe with these three elements, we prepare ourselves and make us more mature in the future.
spk_0
The business you're in though is very innovative, right? You have to be innovative.
spk_0
And innovation, resilience, cyber can often seem to be friction, right?
spk_0
People talk about how the cyber team can also create friction in that innovation.
spk_0
How do you see the promise and the risk of balancing innovation across your cyber organization when you're thinking about security and trying to support the business?
spk_0
I think innovation is key for every business function.
spk_0
We are heavily working on this to explore for sure AI tools and enabling our cybersecurity work for us.
spk_0
Maybe I can give you some of the examples what we are striving for.
spk_0
It's a journey. We embarked with some of the elements we are a bit more ahead with others.
spk_0
We are in the early phase.
spk_0
Let's take for example that the use case that we use AI for data labeling and classification.
spk_0
The incident playbooks augmented by AI solution.
spk_0
AI supported PENTIS, awareness and fishing simulations, third party risk assessment in our SOC.
spk_0
The tier one level is usually flooded with alerts.
spk_0
And AI tools never tired, it's less, never less concentrated and we can eliminate the human bias as well.
spk_0
I love that. I think that there will continue to be innovation in cyber as you know and particularly with artificial intelligence and automation.
spk_0
And as leaders we have to be prudent where we deploy it but also leverage it for the best capabilities and also to help our staff.
spk_0
So can you talk about from your point of view what does meaningful industry collaboration look like and how can organizations better support each other?
spk_0
Yeah, I would say firstly it starts with our heads and our own mindsets.
spk_0
So as security professionals we have been educated over years that we have to keep everything strict confidential and we have to add our own parcels within the companies.
spk_0
We have to open up if we strive for collective defense, we have to go into partnerships.
spk_0
We have to share not only threats and and and risks but we really have to do we have to collaborate real time in incidents.
spk_0
And my learning is that you cannot say from tomorrow on we will trust each other.
spk_0
Trust will increase by shared experiences and close interaction and several once again we're really super happy that you initiated this collective defense approach.
spk_0
And and that we can pop up with you here in Germany and do you have to bring all of them into our forces.
spk_0
That's Microsoft's Anne Johnson speaking with Volker Wagner from BASF. Be sure to check out the complete afternoon cyber tea podcast wherever you get your favorite podcasts.
spk_0
And finally after nearly four years and a 32.8 million dollar class action settlement park mobile has finally compensated victims of its 2021 data breach to the tune of one whole dollar.
spk_0
Yes, affected users are receiving a dollar in app credit dispensed as for dazzling 25 cent discounts expiring in 2026 unless here in California where small mercies never expire.
spk_0
The breach exposed data from 22 million accounts including names emails license plates and hashed passwords park mobile denied wrongdoing of course while urging users to manually claim their reward via a code because convenience apparently wasn't part of the settlement adding insult to micro injury park mobile also warned of fresh fishing scams targeting its customers.
spk_0
So if you get a text asking for payment ignore it unless it's your dollar credit which let's face it you've already earned the hard way.
spk_0
And that's the cyber wire for links to all of today's stories check out our daily briefing at the cyber wire dot com.
spk_0
Don't forget to check out the grumpy old geeks podcast where I contribute to a regular segment on Jason and Brian show every week you can find grumpy old geeks where all the fine podcasts are listed.
spk_0
One quick note before we wrap up I've been nominated for the sans difference maker award in the media creator of the year category.
spk_0
I'm honored to be recognized and would appreciate your support you'll find a link to vote in our show notes and voting is open until Wednesday October 8th.
spk_0
Thanks for listening and for being part of the N2K cyber wire community.
spk_0
N2K's senior producer is Alice Karuth our cyber wire producer is Liz Stokes were mixed by Elliott Peltzmann and Tray Hester with original music by Elliott Peltzmann our executive producers Jennifer Iben Peter Kielpia's our publisher and I'm Dave Bittner thanks for listening we'll see you back here tomorrow.
spk_0
Cyber innovation day is the premiere event for cyber startups researchers and top VC firms building trust into tomorrow's digital world.
spk_0
Kick off the day with unfiltered insights and panels on securing tomorrow's technology in the afternoon the eighth annual data tribe challenge takes center stage as elite startups pitch for exposure acceleration and funding the innovation expo runs all day connecting founders investors and researchers around breakthroughs in cyber security.
spk_0
It all happens November 4th in Washington DC discover the startups building the future of cyber learn more at cid.datatrib.com.
Topics Covered
Cybersecurity
Information Security
Zero-Day Vulnerability
Oracle E-business Suite
Social Media Surveillance
Remote Access Trojan
Unity Game Engine Flaw
Data Breach
Industrial Security
Cyber Resilience
Espionage Attacks
Digital Dossiers
Cloud Security Competition
Cyber Threats
Cyber Defense Strategies