Friend
Professional
- Messages
- 2,671
- Reaction score
- 1,104
- Points
- 113
Errors in the configuration led to massive leaks of personal data.
A large-scale vulnerability has been discovered in the Oracle NetSuite cloud business management platform, which can lead to the leakage of confidential customer data from thousands of e-commerce sites.
AppOmni researchers have discovered that an incorrect configuration of the security system on the SuiteCommerce platform used to manage online stores allows unauthorized users to access important information through vulnerable APIs.
The problem is caused by configuration errors made by site administrators. Because of this, attackers can manipulate URLs to gain access to personal data, including customer addresses and phone numbers. Aaron Costello, head of SaaS security research at AppOmni, noted that the problem affects a large number of organizations, and the scale of leaks raises serious concerns.
Oracle has already issued recommendations for improving security and urged its customers to review their access settings to prevent data leaks. However, despite the warnings, many companies may not realize the threat and continue to put their customers data at risk.
The main problem remains the difficulty of detecting such leaks, as Oracle NetSuite lacks basic tools for tracking suspicious transactions. This makes it difficult to detect possible attacks and protect your data.
Experts emphasize that with the growing use of cloud-based subscription services for doing business, attacks on these platforms have become much more frequent and sophisticated. Attackers, including well-known cybercrime groups, are actively targeting SaaS, which requires organizations to reconsider their approaches to cybersecurity.
Experts recommend that administrators of e-commerce platforms carefully check the access settings at the level of form fields on their sites and restrict access to data that should not be publicly available. This is the only way to protect confidential information and minimize the risk of leaks.
Source
A large-scale vulnerability has been discovered in the Oracle NetSuite cloud business management platform, which can lead to the leakage of confidential customer data from thousands of e-commerce sites.
AppOmni researchers have discovered that an incorrect configuration of the security system on the SuiteCommerce platform used to manage online stores allows unauthorized users to access important information through vulnerable APIs.
The problem is caused by configuration errors made by site administrators. Because of this, attackers can manipulate URLs to gain access to personal data, including customer addresses and phone numbers. Aaron Costello, head of SaaS security research at AppOmni, noted that the problem affects a large number of organizations, and the scale of leaks raises serious concerns.
Oracle has already issued recommendations for improving security and urged its customers to review their access settings to prevent data leaks. However, despite the warnings, many companies may not realize the threat and continue to put their customers data at risk.
The main problem remains the difficulty of detecting such leaks, as Oracle NetSuite lacks basic tools for tracking suspicious transactions. This makes it difficult to detect possible attacks and protect your data.
Experts emphasize that with the growing use of cloud-based subscription services for doing business, attacks on these platforms have become much more frequent and sophisticated. Attackers, including well-known cybercrime groups, are actively targeting SaaS, which requires organizations to reconsider their approaches to cybersecurity.
Experts recommend that administrators of e-commerce platforms carefully check the access settings at the level of form fields on their sites and restrict access to data that should not be publicly available. This is the only way to protect confidential information and minimize the risk of leaks.
Source
