SShortSingh.
TopTechnologyAI & MLStartupsProgrammingScienceBusinessFinanceCrypto & Web3World
Back to feed
Programming

Oracle PeopleSoft Vulnerabilities Exploited in Attack on Nissan and 100+ Firms

0
·2 views

A coordinated cyberattack exploiting vulnerabilities in Oracle PeopleSoft has compromised more than 100 organizations, including Nissan, exposing sensitive employee data. Attackers leveraged known flaws in PeopleSoft's Java deserialization handlers and HTTP endpoints to achieve remote code execution on application servers. Once inside, threat actors were able to harvest authentication tokens, LDAP credentials, password hashes, and OAuth secrets stored within the platform. Because PeopleSoft systems typically integrate with enterprise identity infrastructure such as Active Directory and cloud HR platforms, the breach creates pathways for lateral movement across connected networks. The campaign highlights the elevated risk posed by centralized identity management systems that hold privileged access to broader enterprise environments.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

How to Split a Terraform Monolith into Smaller, Focused State Files

Large Terraform states can slow down plans, widen blast radius, and cause conflicts when multiple teams work simultaneously. The recommended approach is to group resources by lifecycle and ownership into logical boundaries such as networking, compute, application, and monitoring layers. Engineers can migrate resources between states without destroying them using the terraform state mv command, moving one logical group at a time and verifying plans after each step. Once split, cross-state dependencies must be rewired by replacing direct resource references with input variables and module outputs. Tools like remote state data sources or dependency management platforms can then be used to pass output values across the separate state files.

0 comments Read more at DEV Community
0
ProgrammingDEV Community ·

Why Large Terraform State Files Slow Teams Down and How to Fix Them

As Terraform projects grow, state files managing hundreds or thousands of resources cause plan times to balloon, with some users reporting 20–25 minutes for states containing around 2,900 resources. Every terraform plan refreshes all resources via API calls regardless of whether their configuration changed, creating a sequential bottleneck that worsens with each new resource added. Large shared states also trigger cloud API rate limits from providers like AWS, Azure, and GCP, sometimes causing plans to fail entirely due to throttling. Beyond performance, a single large state file creates a wide blast radius where unrelated resources can be accidentally modified or destroyed in the same apply. Splitting infrastructure into smaller, purpose-specific state files is identified as the structural solution, while proposals for partial-refresh features in Terraform and OpenTofu remain unimplemented.

0 comments Read more at DEV Community
0
ProgrammingHacker News ·

US Labor Share of Income Hits Lowest Level Since World War II

The share of national income going to workers in the United States has fallen to its lowest point in the post-World War II era, according to research published by the Federal Reserve Bank of New York. The decline has been particularly sharp following the COVID-19 pandemic. The findings suggest that a greater portion of economic output is now flowing to capital owners rather than to wage earners. This shift has significant implications for income inequality and the broader distribution of economic gains across American society.

0 comments Read more at Hacker News
0
ProgrammingDEV Community ·

TRON Vanity Address Generator Lets Users Create Custom Crypto Wallet Addresses

A new tool at tronsec.io/app allows users to generate custom TRON wallet addresses that begin or end with a chosen pattern, such as a name or project ticker. Vanity addresses are standard blockchain wallets created by brute-forcing cryptographic key pairs until one matches the desired sequence, with no added security vulnerability. Proponents argue they offer practical benefits on the TRON network, including reduced phishing risk, easier visual verification, and brand recognition for projects and payment processors. The computational cost of generating such addresses rises sharply with each additional character, since TRON's Base58 encoding multiplies the search space by roughly 58 per character. Security experts advise users to ensure private keys are generated locally on their own device and never transmitted to an external server.

0 comments Read more at DEV Community