This site was built to compliment the existing NetSuite Professionals Slack Community by adding a means for members to easily find answers to common questions and to create a searchable database of those questions and answers.

NetSuite Professionals

FYI
<https://www.bleepingcomputer.com/news/security/oracle-customers-confirm-data-stolen-in-alleged-cloud-breach-is-valid/>

I came in exactly to see if this is making any noise in here

I did open a ticket with support - their answer no data breach for Netsuite or Oracle happened. Go Figure!!!!

breach is on OCI's LDAP and SSO service which they sell to clients just like MS Office365 Entra. Netsuite might not be on it, it does have its own access table and protocols, but if the NS client is using OCI's SSO and LDAP then - it is questionable, my 2 cents worth.

Last word - Larry is hiding something LOL :smiling_imp:

Is this the first time this has happened?

My Security team is having me reset consumer keys and tokens for all of our integrations now because this breach is legit and the stolen information from Oracle is valid. We have a lot of integrations! I am having to reach out to each individual vendor and work with them to rebuild our connections due to this breach. It's better be safe than sorry. God help us all...:grimacing:

*The compromised dataset is said to include:*

● Java Keystore (JKS) files
● Encrypted SSO passwords
● LDAP-related information
● Enterprise Manager JPS keys

*Recommended Actions (Preventive):*
1. Search your domain at <https://exposure.cloudsek.com/oracle> to understand whether you may be potentially impacted
2. Reset all Oracle Cloud-related credentials, including SSO, API keys, and admin passwords.
3. Review login and access logs for any unusual or unauthorized activity.
4. Rotate any sensitive secrets, keys, or certificates stored in Oracle Cloud.
5. Enable or enforce MFA on all user and privileged accounts.
6. Initiate internal monitoring for potential data leaks

<https://socradar.io/oracle-cloud-security-incident-by-rose87168/>

Furthermore, recent <https://www.bleepingcomputer.com/news/security/oracle-customers-confirm-data-stolen-in-alleged-cloud-breach-is-valid/|news >indicate that some Oracle Cloud customers are taking independent steps to verify the breach claims made by “rose87168.” Several organizations have begun closely reviewing their security logs and access records, with some reporting anomalies such as unexpected authentication attempts and irregularities in key file activity. These early customer verifications are Indicators of Attack(IOAs), and suggest that there may be unusual activity warranting further scrutiny, even as Oracle continues to deny any breach of its systems.

That being said, monitor the execution logs of all of your NetSuite integrations very closely for the next 30 days! :closed_lock_with_key:

image.png

FYI - This is what Oracle is claiming :ablobthinking: