Outlook Business Desk
Tech major Oracle has issued a warning to its corporate customers after discovering a critical vulnerability in its PeopleSoft software. The system is widely used by large organisations for managing payroll, human resources and employee data.
According to a TechCrunch report, the company said the vulnerability is severe because attackers can exploit it over the internet without needing any login credentials such as usernames or passwords, increasing the risk of large-scale attacks.
Oracle confirmed the issue is a zero-day flaw, meaning cyber attackers found and used the weakness before the company had time to develop and release a security patch or fix.
Cybercrime group ShinyHunters has reportedly taken credit, the report noted, for exploiting this vulnerability as part of a mass-hacking campaign targeting organisations that rely on PeopleSoft servers.
Reports suggest the group claims to have breached more than 100 organisations globally. These attacks are linked to systems running unpatched versions of PeopleSoft software.
Google-owned cybersecurity firm Mandiant has also confirmed, as the report states, that the same vulnerability is being actively exploited by attackers. It also said it has notified over 100 organisations that could be potentially affected by the security flaw.
Mandiant warned that nearly two-thirds of the targeted organisations belong to the higher education sector, including universities and colleges, making this sector a primary focus of the ongoing campaign.
In some cases, hackers claim to have stolen large volumes of sensitive data, including student records such as full names, home addresses, email IDs, academic grades and other personal details.