The Cybersecurity & Infrastructure Security Agency (CISA) has published new guidelines for the public regarding “credential risks associated with potential legacy Oracle cloud compromise.”
CISA published a statement on April 16, stating that they are informed of the incident and “while the scope and impact remains unconfirmed, the nature of the reported activity presents potential risk to organizations and individuals, particularly where credential material may be exposed, reused across separate, unaffiliated systems, or embedded.”
Summary of CISA’s recommendations for organizations:
- Change passwords for affected individuals.
- Assess source code, infrastructure-as-code templates, automation scripts, and configuration files “files for hardcoded or embedded credentials and replace them with secure authentication methods supported by centralized secret management.”
- Search for suspicious activity in authentication logs.
- Enable multi-factor authentication.
- Review CISA’s website for best practices.
Summary of CISA’s recommendations for users:
- Replace current passwords with distinctive ones and authorize phishing-resistant multifactor authentication.
- Stay vigilant against potential cyberattacks.
