Esteban Martinez Fayo researcher who works for AppSec Inc., discovered cryptographic flaws in Oracle’s password authentication that allows for an easy brute-force hack. He said that within just five hours on a regular PC using a special tool he could hack through easy passwords and access users’ data. Hacker only needs to know a valid username in the database, and the database name. That’s it, “It’s pretty simple,” said Martinez.
Martinez Fayo said there are workarounds for the flaw. “Disable the protocol in Version 11.1 and start using older versions like Version 10g,” which is not vulnerable,
Cyber attacks is in elevated state, The Financial Services Information Sharing and Analysis Center (FS-ISAC), raised the cyber threat level to “high” from “elevated” after Bank of America and JPMorgan Chase experienced unexplained outages on their public websites ( See post) . And research reports over 40% of companies are not prepared for such attacks ( See post).