The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Content provided by Daily Security Review. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Daily Security Review or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Similar to Daily Security Review
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
…
continue reading
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
TechStuff is getting a system update. Everything you love about Tech Stuff now twice the bandwidth with new hosts, Oz Woloshyn (Sleepwalkers) and Karah Preiss (Sleepwalkers). Oz and Karah bring humour and wit to the table as they break down what's happening in tech...and what it says about us. TechStuff is the podcast where technology meets culture. We speak to the folks building the future to understand what tomorrow will look like and how our technology is changing us: how we live, how we ...
…
continue reading
Centered on Android, unafraid to go far and wide in tech. Each week, hosts Daniel Bader and Will Sattelberg bring you a conversation about the decisions being made from how Google designs its Pixel phones to questions about the efficacy of mass consumption artificial intelligence products. Join us as we reflect on the facts, the feelings, and the connections we're all making today.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
1k
200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
How does artificial intelligence change when people — not profit — truly come first? Join IRL’s host Bridget Todd, as she meets people around the world building responsible alternatives to the tech that’s changing how we work, communicate, and even listen to music.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Cl0p Ransomware Targets Oracle E-Business Suite in Global Data Extortion Spree
Manage episode 514766205 series 3645080
Content provided by Daily Security Review. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Daily Security Review or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.
A new wave of Cl0p ransomware attacks has struck organizations worldwide by exploiting vulnerabilities in Oracle’s E-Business Suite (EBS) — a mission-critical enterprise management platform used by corporations and universities across the globe. The ongoing campaign, attributed to FIN11, highlights the group’s shift toward exploiting high-value business systems for maximum leverage in data extortion schemes. Victims range from Envoy Air, a subsidiary of American Airlines, to prestigious academic institutions like Harvard University and the University of the Witwatersrand in South Africa.
The threat actors reportedly stole and leaked over 26GB of corporate data, claiming it originated from American Airlines systems, though Envoy Air maintains that no customer or sensitive data was exposed. Other victims have also had files posted to the Cl0p leak site, indicating that they refused to pay ransom demands. The group’s attack lifecycle follows a familiar yet devastating pattern — exploit, exfiltrate, extort, and expose — and emphasizes how quickly operational disruptions can turn into reputational crises when data is publicly released.
At the heart of this campaign are vulnerabilities within Oracle EBS, including a zero-day flaw (CVE-2025-61882) and potentially CVE-2025-61884, which Oracle has patched but not fully clarified as exploited. The zero-day allowed attackers to infiltrate unpatched systems, exfiltrate sensitive data, and apply intense ransom pressure through public shaming on dark web leak platforms. Oracle’s subsequent updates confirm that the flaw was actively exploited in the wild, underscoring the urgent need for enterprises to prioritize EBS patch management and vulnerability scanning.
The campaign’s attribution to FIN11 and the Cl0p ransomware group highlights the blurred lines within modern cybercrime ecosystems, where overlapping threat clusters share infrastructure and tooling. Mandiant’s intelligence suggests multiple subgroups may operate under the FIN11 umbrella, complicating attribution and response efforts.
This incident serves as a stark reminder that core enterprise platforms are now prime targets for ransomware operators. As the Cl0p group continues to evolve from traditional encryption-based attacks to pure data-theft and extortion, organizations must assume that compromise equates to exposure — and that operational security now extends to the ERP layer.
#Cl0p #FIN11 #Oracle #EBusinessSuite #CVE202561882 #CVE202561884 #Ransomware #DataBreach #EnvoyAir #AmericanAirlines #HarvardUniversity #UniversityoftheWitwatersrand #OracleVulnerabilities #CyberCrime #Extortionware #DataExfiltration #LeakSite #ZeroDayExploit #Mandiant #CyberAttack #InformationSecurity #PatchManagement #ThreatIntelligence #CyberExtortion #EnterpriseSecurity #OracleEBS #RansomOps #SecurityBreach #DarkWebLeaks #CyberRisk #Infosec
410 episodes
Share
Manage episode 514766205 series 3645080
Content provided by Daily Security Review. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Daily Security Review or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.
A new wave of Cl0p ransomware attacks has struck organizations worldwide by exploiting vulnerabilities in Oracle’s E-Business Suite (EBS) — a mission-critical enterprise management platform used by corporations and universities across the globe. The ongoing campaign, attributed to FIN11, highlights the group’s shift toward exploiting high-value business systems for maximum leverage in data extortion schemes. Victims range from Envoy Air, a subsidiary of American Airlines, to prestigious academic institutions like Harvard University and the University of the Witwatersrand in South Africa.
The threat actors reportedly stole and leaked over 26GB of corporate data, claiming it originated from American Airlines systems, though Envoy Air maintains that no customer or sensitive data was exposed. Other victims have also had files posted to the Cl0p leak site, indicating that they refused to pay ransom demands. The group’s attack lifecycle follows a familiar yet devastating pattern — exploit, exfiltrate, extort, and expose — and emphasizes how quickly operational disruptions can turn into reputational crises when data is publicly released.
At the heart of this campaign are vulnerabilities within Oracle EBS, including a zero-day flaw (CVE-2025-61882) and potentially CVE-2025-61884, which Oracle has patched but not fully clarified as exploited. The zero-day allowed attackers to infiltrate unpatched systems, exfiltrate sensitive data, and apply intense ransom pressure through public shaming on dark web leak platforms. Oracle’s subsequent updates confirm that the flaw was actively exploited in the wild, underscoring the urgent need for enterprises to prioritize EBS patch management and vulnerability scanning.
The campaign’s attribution to FIN11 and the Cl0p ransomware group highlights the blurred lines within modern cybercrime ecosystems, where overlapping threat clusters share infrastructure and tooling. Mandiant’s intelligence suggests multiple subgroups may operate under the FIN11 umbrella, complicating attribution and response efforts.
This incident serves as a stark reminder that core enterprise platforms are now prime targets for ransomware operators. As the Cl0p group continues to evolve from traditional encryption-based attacks to pure data-theft and extortion, organizations must assume that compromise equates to exposure — and that operational security now extends to the ERP layer.
#Cl0p #FIN11 #Oracle #EBusinessSuite #CVE202561882 #CVE202561884 #Ransomware #DataBreach #EnvoyAir #AmericanAirlines #HarvardUniversity #UniversityoftheWitwatersrand #OracleVulnerabilities #CyberCrime #Extortionware #DataExfiltration #LeakSite #ZeroDayExploit #Mandiant #CyberAttack #InformationSecurity #PatchManagement #ThreatIntelligence #CyberExtortion #EnterpriseSecurity #OracleEBS #RansomOps #SecurityBreach #DarkWebLeaks #CyberRisk #Infosec
410 episodes
Semua episode
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to Daily Security Review
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
…
continue reading
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
TechStuff is getting a system update. Everything you love about Tech Stuff now twice the bandwidth with new hosts, Oz Woloshyn (Sleepwalkers) and Karah Preiss (Sleepwalkers). Oz and Karah bring humour and wit to the table as they break down what's happening in tech...and what it says about us. TechStuff is the podcast where technology meets culture. We speak to the folks building the future to understand what tomorrow will look like and how our technology is changing us: how we live, how we ...
…
continue reading
Centered on Android, unafraid to go far and wide in tech. Each week, hosts Daniel Bader and Will Sattelberg bring you a conversation about the decisions being made from how Google designs its Pixel phones to questions about the efficacy of mass consumption artificial intelligence products. Join us as we reflect on the facts, the feelings, and the connections we're all making today.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
1k200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
How does artificial intelligence change when people — not profit — truly come first? Join IRL’s host Bridget Todd, as she meets people around the world building responsible alternatives to the tech that’s changing how we work, communicate, and even listen to music.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
