Wednesday, March 3, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Oracle E-Business Suite Flaws Let Hackers Hijack Business Operations

June 16, 2020
in Internet Privacy
Oracle E-Business Suite Flaws Let Hackers Hijack Business Operations
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

If your business operations and security of sensitive data rely on Oracle’s E-Business Suite (EBS), make sure you recently updated and are running the latest available version of the software.

In a report released by enterprise cybersecurity firm Onapsis and shared with The Hacker News, the firm today disclosed technical details for vulnerabilities it reported in Oracle’s E-Business Suite (EBS), an integrated group of applications designed to automate CRM, ERP, and SCM operations for organizations.

You might also like

Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware

New ‘unc0ver’ Tool Can Jailbreak All iPhone Models Running iOS 11.0

Chinese Hackers Targeted India’s Power Grid Amid Geopolitical Tensions

The two vulnerabilities, dubbed “BigDebIT” and rated a CVSS score of 9.9, were patched by Oracle in a critical patch update (CPU) pushed out earlier this January. But the company said an estimated 50 percent of Oracle EBS customers have not deployed the patches to date.

The security flaws could be exploited by bad actors to target accounting tools such as General Ledger in a bid to steal sensitive information and commit financial fraud.

According to the researchers, “an unauthenticated hacker could perform an automated exploit on the General Ledger module to extract assets from a company (such as cash) and modify accounting tables, without leaving a trace.”

Oracle EBS software hacking

“Successful exploitation of this vulnerability would allow an attacker to steal financial data and cause delays in any financial reporting related to the company’s compliance processes,” it added.

It’s worth noting that the BigDebIT attack vectors add to the already reported PAYDAY vulnerabilities in EBS discovered by Onapsis three years ago, following which Oracle released a series of patches as late as April 2019.

Targeting General Ledger for Financial Fraud

Tracked as CVE-2020-2586 and CVE-2020-2587, the new flaws reside in its Oracle Human Resources Management System (HRMS) in a component called Hierarchy Diagrammer that enables users to create organization and position hierarchies associated with an enterprise. Together, they can be exploited even if EBS customers have deployed patches released in April 2019.

“The difference is that with these patches, it is confirmed that even with the systems up to date are vulnerable to these attacks, and therefore need to prioritize the installation of January’s CPU,” the company had stated in a note posted back in January.

One consequence of these bugs, if left unpatched, is the possibility of financial fraud and confidential information theft by attacking a firm’s accounting systems.

Oracle General Ledger is an automated financial processing software that acts as a repository of accounting information and is offered as part of E-Business Suite, the company’s integrated suite of applications — spanning enterprise resource planning (ERP), supply chain management (SCM), and customer relationship management (CRM) — that users can implement into their own businesses.

General Ledger is also used to generate corporate financial reports as well as carry out audits to ensure compliance with the SOX Act of 2002.

An attacker could break this trust by exploiting the flaws to modify critical reports in the ledger, including fraudulently manipulating transactions on a firm’s balance sheets.

“For example, an attacker could modify the Trial Balance Report, which summarizes accounting balances in a given period, virtually unnoticed, resulting in inaccurately reported results flowing undetected into the financial statements. This could result in inaccurately filed or reported financial results,” Onapsis said.

The Importance of Patching Critical Software

Given the financial risk involved, it is highly recommended that companies using Oracle EBS run an immediate assessment to ensure they are not exposed to these vulnerabilities, and apply the patches to fix them.

“Organizations need to be aware that current GRC tools and other traditional security methods (firewalls, access controls, SoD and others) would be ineffective against preventing this type of attack on vulnerable Oracle EBS systems,” the researchers cautioned.

“If organizations have internet-facing Oracle EBS systems, the potential threat likelihood would be significantly magnified. Organizations under attack will be unaware of the attack and not know the extent of the damage until evidence is found by a very extensive internal or external audit.”


Credit: The Hacker News By: noreply@blogger.com (Ravie Lakshmanan)

Previous Post

Streamlit wants to revolutionize building machine learning and data science applications, scores $21 million Series A funding

Next Post

Windows 10 2004 issues: Now browser bugs hit – Edge startup launches, Chrome sign-outs

Related Posts

Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware
Internet Privacy

Researchers Unearth Links Between SunCrypt and QNAPCrypt Ransomware

March 3, 2021
New ‘unc0ver’ Tool Can Jailbreak All iPhone Models Running iOS 11.0
Internet Privacy

New ‘unc0ver’ Tool Can Jailbreak All iPhone Models Running iOS 11.0

March 2, 2021
Chinese Hackers Targeted India’s Power Grid Amid Geopolitical Tensions
Internet Privacy

Chinese Hackers Targeted India’s Power Grid Amid Geopolitical Tensions

March 2, 2021
Why do companies fail to stop breaches despite soaring IT security investment?
Internet Privacy

Why do companies fail to stop breaches despite soaring IT security investment?

March 2, 2021
Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites
Internet Privacy

Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites

March 2, 2021
Next Post
Windows 10 2004 issues: Now browser bugs hit – Edge startup launches, Chrome sign-outs

Windows 10 2004 issues: Now browser bugs hit – Edge startup launches, Chrome sign-outs

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

New app rollout helps reduce paperwork for NSW frontline child protection caseworkers
Internet Security

New app rollout helps reduce paperwork for NSW frontline child protection caseworkers

March 3, 2021
Cloudera: An Enterprise-Level Play On Machine Learning And Big Data – Seeking Alpha
Machine Learning

Cloudera: An Enterprise-Level Play On Machine Learning And Big Data – Seeking Alpha

March 3, 2021
The Symbolic World: Raising A Turing’s Child Machine (1/2) | by Puttatida Mahapattanakul | Feb, 2021
Neural Networks

The Symbolic World: Raising A Turing’s Child Machine (1/2) | by Puttatida Mahapattanakul | Feb, 2021

March 3, 2021
Top 10 ‘Brand Guardian’ Most Famous, Most Reputable CEOs
Marketing Technology

Top 10 ‘Brand Guardian’ Most Famous, Most Reputable CEOs

March 3, 2021
Linux Mint may start pushing high-priority patches to users
Internet Security

Linux Mint may start pushing high-priority patches to users

March 3, 2021
Microsoft Ignite Data and Analytics roundup: Platform extensions are the key theme
Big Data

Microsoft Ignite Data and Analytics roundup: Platform extensions are the key theme

March 3, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • New app rollout helps reduce paperwork for NSW frontline child protection caseworkers March 3, 2021
  • Cloudera: An Enterprise-Level Play On Machine Learning And Big Data – Seeking Alpha March 3, 2021
  • The Symbolic World: Raising A Turing’s Child Machine (1/2) | by Puttatida Mahapattanakul | Feb, 2021 March 3, 2021
  • Top 10 ‘Brand Guardian’ Most Famous, Most Reputable CEOs March 3, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates