Hackers Target SSRF Bugs in EC2-Hosted Sites to Steal AWS Credentials

Ravi JainApril 11, 2025

Recent cyberattacks exploited a weakness in Amazon EC2 configurations. Hackers targeted Server-Side Request Forgery (SSRF) vulnerabilities in websites hosted on EC2. This allowed them to access the internal EC2 metadata service and steal AWS Identity and Access Management (IAM) credentials. The campaign, observed in March 2025, leveraged older, less secure metadata services. Organizations are urged to upgrade to newer, more secure versions and implement other security measures. A cybersecurity firm, F5 Labs, detailed these attacks and recommends specific defenses, which are also offered as services by Technijian. ... Read More

Oracle Hit by Second Cyberattack in a Month: FBI Investigates Stolen Login Data

Ravi JainApril 3, 2025

Oracle experienced its second cybersecurity incident within a month, this time involving the theft of customer login credentials, including usernames, encrypted passwords, and passkeys from a legacy system. The FBI has initiated an investigation into this breach, which predominantly affected clients in the healthcare and enterprise sectors using older systems. While Oracle is conducting an internal audit and coordinating with law enforcement, cybersecurity experts have raised concerns about the company's security practices due to the repeated attacks. Affected users are advised to reset passwords and enable multi-factor authentication, as this incident highlights the increasing pressure on tech companies to fortify their digital defenses. The provided text also introduces Technijian, a cybersecurity firm offering services to help organizations protect themselves from such threats. ... Read More

Oracle Denies Shocking Data Breach Claims: Hacker Alleges Theft of 6 Million Records

Ravi JainMarch 24, 2025

A hacker known as "rose87168" is claiming to have breached Oracle Cloud, alleging the theft of six million sensitive records and offering this data for sale. Oracle has strongly refuted these claims, asserting that their cloud services were not compromised and no customer data was lost. Despite Oracle's denial, cybersecurity experts are advising users to take precautionary measures like monitoring access logs and rotating credentials. The alleged breach purportedly exploited a vulnerability in a software package used by Oracle, with the hacker claiming to have provided proof of access. The cybersecurity community is currently divided on the validity of these claims. Technijian, a cybersecurity firm, recommends proactive security measures for Oracle Cloud users, regardless of the breach's confirmation. ... Read More

Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack

Ravi JainMarch 13, 2025

A coordinated cyberattack involving over 400 IP addresses is exploiting multiple Server-Side Request Forgery (SSRF) vulnerabilities across various platforms, including critical infrastructure and cloud services. This sophisticated campaign, detected by GreyNoise, aims to map internal networks, steal cloud credentials, and gain unauthorized access. The attacks leverage known CVEs and unlisted vulnerabilities in software like DotNetNuke, Zimbra, VMware, and GitLab. Organizations are advised to apply security patches, implement network controls, secure cloud metadata, monitor for suspicious activity, and validate user inputs to mitigate these significant risks. ... Read More

37K+ VMware ESXi Instances at Risk: Critical Zero-Day Vulnerabilities Disclosed – Urgent Patch Required!

Ravi JainMarch 7, 2025

Broadcom disclosed three critical zero-day vulnerabilities in VMware ESXi, Workstation, and Fusion in March 2025, which are being actively exploited and could grant attackers significant control over affected systems. These flaws, including a TOCTOU vulnerability and privilege escalation risks, impact tens of thousands of unpatched ESXi instances globally, necessitating immediate patching. Challenges in obtaining patches through Broadcom's portal exist for some users, emphasizing the need for alternative methods and proactive security measures. Organizations are urged to apply patches, restrict administrative access, and monitor for suspicious activity, with companies like Technijian offering assistance in securing VMware environments against these threats. The vulnerabilities underscore the importance of vigilance and timely updates to mitigate serious security risks. ... Read More

Cloud Security

Technijian: IT Support And IT Services in Orange County, LA, Riverside, and San Diego

Don’t Settle For Less, Get More From Your IT Partner.

Boost Your Business with Technijian IT Support!

Orange County Office

Phone

Email