Subj : Thousands of Oracle NetSuite ERP websites found leaking private c To : All From : TechnologyDaily Date : Fri Aug 16 2024 14:30:05 Thousands of Oracle NetSuite ERP websites found leaking private customer information Date: Fri, 16 Aug 2024 13:03:00 +0000 Description: NetSuite says it is currently working on a fix to potentially dangerous flaw. FULL STORY ====================================================================== Researchers have discovered a vulnerability in Oracle Netsuites SuiteCommerce ecommerce platform that could allow threat actors to steal sensitive data from websites. A report from AppOmni revealed the vulnerability comes from misconfigured access controls in SuiteCommerce instances, specifically within custom record types (CRTs) tables created by the SuiteCommerce enterprise customers. These tables usually hold critical customer data, as well as business operation information. Crooks who manage to gain access to this data can steal customer addresses, phone numbers, order history, and more. Working on a fix AppOmnis researchers said the vulnerability could put many small and medium-sized businesses at risk, since they rarely have the resources to identify and address bugs such as this one. The good news is NetSuite has already acknowledged AppOmnis findings, and was said to be working on a patch. It also told all SuiteCommerce users to review their security settings and apply suggested best practices, as thats the proper way of securing CRTs against threat actors and other unauthenticated users. Throughout my time conducting SaaS security research, its becoming clear that unauthenticated data exposure via SaaS applications is among the top threats to enterprises, Aaron Costello, chief of SaaS security research at AppOmni, wrote in his analysis . Further, as vendors introduce increasingly complex functionality into their products to remain competitive these risks will become even more prevalent. It is Costellos belief organizations will struggle to tackle these issues, since they are often discovered just through bespoke research, for which many firms dont have the time, or the money. This, he claims, is particularly true for large enterprises that have operationalized several enterprise SaaS applications to fulfill multiple demands across their lines of business. More from TechRadar Pro The impact of legacy vulnerabilities in today's cybersecurity landscape Here's a list of the best malware removal tools around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/thousands-of-oracle-netsuite-erp-websit es-found-leaking-private-customer-information --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .