Summary: The video discusses the recent bankruptcy filing of 23andMe, a popular genetic testing service, and the implications for its customers’ DNA data. It also covers allegations of a data breach involving Oracle Cloud, highlighting an attack that reportedly succeeded despite Oracle’s denial. Additionally, the video delves into newly released vulnerabilities discovered by Whiz in the EngineX ingress controllers that can lead to remote code execution.
Keypoints:
- 23andMe has filed for Chapter 11 bankruptcy, seeking a sale and raising concerns about 15 million customers’ genetic data potentially being sold.
- The company’s privacy policy assures that identifiable genetic data won’t be sold, but the policy can change at any time.
- Oracle denies a data breach but acknowledges data for 6 million users was reportedly for sale, including sensitive information like encrypted passwords.
- The attacker allegedly exploited a vulnerability in Oracle’s services without a public proof of concept, indicating a potential weakness in their system.
- Oracle maintains that no Oracle Cloud customers lost data, attributing any issues to Oracle Classic Cloud instead.
- The Whiz team discovered five CVEs in EngineX ingress controllers, four of which can lead to remote code execution through improper validation and sanitization protocols.
- Attackers can exploit these vulnerabilities to inject arbitrary EngineX configurations, allowing them to load shared libraries and execute code remotely.
- Viewers are encouraged to comment on their experiences with Oracle Cloud and whether they were affected by the vulnerabilities discussed.
Youtube Video: https://www.youtube.com/watch?v=8WMywuyNGu0
Youtube Channel: Hak5
Video Published: Wed, 02 Apr 2025 13:00:11 +0000
Views: 6