This posting is here to collect cyber security news in March 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in March 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
214 Comments
Tomi Engdahl says:
https://dawn.fi/uutiset/2025/03/23/italia-piracy-shield-estot-google
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/fbi-warnings-are-true-fake-file-converters-do-push-malware/
Tomi Engdahl says:
https://www.forbes.com/sites/daveywinder/2025/03/22/attack-update-as-fbi-warns-email-and-vpn-users-activate-2fa-now/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/cloudflare-now-blocks-all-unencrypted-traffic-to-its-api-endpoints/
Tomi Engdahl says:
Vesilaitoksiin hyökätään nyt kiihtyvällä tahdilla
https://etn.fi/index.php/13-news/17303-vesilaitoksiin-hyoekaetaeaen-nyt-kiihtyvaellae-tahdilla
Kyberhyökkäykset vesilaitoksia ja muuta kriittistä infrastruktuuria vastaan ovat lisääntyneet hälyttävällä vauhdilla maailmanlaajuisesti. Vuonna 2025 energiasektorin, mukaan lukien vesi- ja jätevesihuolto, organisaatiot kohtaavat keskimäärin 1872 kyberhyökkäysyritystä viikossa. Tämä on 53 prosenttia enemmän kuin vuotta aiemmin, kertoo kyberturvayhtiö Check Point Research.
Erityisen jyrkkä nousu on havaittu Pohjois-Amerikassa, jossa hyökkäysten määrä on kasvanut 89 prosenttia vuoden takaiseen verrattuna. Euroopassa kasvu oli 82 % ja Afrikassa 45 %.
Yhdysvaltain ympäristövirasto (EPA) arvioi vuoden 2024 kartoituksessaan, että 97 vesilaitosta – jotka palvelevat yhteensä noin 26,6 miljoonaa ihmistä – kärsivät vakavista kyberturvallisuuspuutteista.
Vesilaitokset ovat erityisen alttiita hyökkäyksille, sillä niissä käytetään usein vanhentuneita järjestelmiä, jotka eivät ole alun perin suunniteltu internet-yhteensopiviksi. Hyökkäyksen seurauksena voi olla veden saastuminen, jakelukatkokset ja vakavat uhat kansanterveydelle.
Keeping Your Head Above Water: Cyber Security and Water
https://blog.checkpoint.com/security/keeping-your-head-above-water-cyber-security-and-water/
Tomi Engdahl says:
https://www.msn.com/en-us/money/technology/dna-testing-company-23andme-files-for-bankruptcy-announces-ceo-resignation/ar-AA1BweJJ
Tomi Engdahl says:
Internet Password Warning—50% Of Users At Risk From Reuse Attack
https://www.forbes.com/sites/daveywinder/2025/03/14/password-warning-50-of-internet-users-open-to-reuse-attack/
Tomi Engdahl says:
Janne Riiheläinen: Informaatiosodassa avautui uusi rintama – nyt valtiollisten valheiden vyöryä tulee myös lännestä
https://demokraatti.fi/janne-riihelainen-informaatiosodassa-avautui-uusi-rintama-nyt-valtiollisten-valheiden-vyorya-tulee-myos-lannesta?fbclid=IwY2xjawJLjZhleHRuA2FlbQIxMQABHZwoQwI8oW0JTsNtb4vLzdU103Ye3P74o1jc6Z-JAcW0hVOyWlDaTuNixQ_aem_2f_i8JuReQ-b-QUCcKTLFA
Venäjän vaikutusyrityksiin, propagandaan ja informaatiohyökkäyksiin olemme ehtineet Euroopassa tottua. Nyt kun valtiojohtoinen valheiden vyöry tuleekin lännestä, joudumme Suomessa opettelemaan myös sen torjumista.
Tomi Engdahl says:
https://cybersecuritynews.com/vmware-vulnerabilities-exploited-ransomware/
Tomi Engdahl says:
https://www.theatlantic.com/politics/archive/2025/03/trump-administration-accidentally-texted-me-its-war-plans/682151/?utm_source=yahoo
Tomi Engdahl says:
https://www.reuters.com/world/us/top-trump-officials-mistakenly-divulged-military-plans-journalist-2025-03-24/?utm_medium=Social&utm_source=Facebook&fbclid=IwZXh0bgNhZW0CMTEAAR01NcYyDEUeT5ybZJimbeE-hhZus5aKjAZT2l4HcFC4DNaQWsL8HjUMvgM_aem_30E09TQ9HzNX67DHGh0yqA
Tomi Engdahl says:
Oops: Google says it might have deleted your Maps Timeline data
Google Maps switched to local-only Timeline storage in December.
https://arstechnica.com/gadgets/2025/03/oops-google-says-it-might-have-deleted-your-maps-timeline-data/
Tomi Engdahl says:
Cloud Security
What’s Behind Google’s $32 Billion Wiz Acquisition?
News analysis: Google positions itself to compete with Microsoft for enterprise security dollars. How does this deal affect startup ecosystem?
https://www.securityweek.com/whats-behind-googles-32-billion-wiz-acquisition/
Tomi Engdahl says:
Outrage after White House accidentally texts journalist war plans: ‘Huge screw-up’
https://www.theguardian.com/us-news/2025/mar/24/journalist-trump-yemen-war-chat-reaction
Security leak triggers bipartisan anger after Atlantic reveals officials inadvertently broadcast highly sensitive military plans
A catastrophic security leak is triggering bipartisan outrage after the Atlantic revealed that senior Trump administration officials accidentally broadcast highly sensitive military plans through a Signal group chat with a journalist reading along.
White House inadvertently texted top-secret Yemen war plans to journalist
https://www.theguardian.com/us-news/2025/mar/24/journalist-trump-yemen-war-chat
Tomi Engdahl says:
The Trump Administration Accidentally Texted Me Its War Plans
https://www.theatlantic.com/politics/archive/2025/03/trump-administration-accidentally-texted-me-its-war-plans/682151/
U.S. national-security leaders included me in a group chat about upcoming military strikes in Yemen. I didn’t think it could be real. Then the bombs started falling.
Waltz’s future in doubt following accidental war plan leak
“You can’t have recklessness as the national security adviser,” one official said.
https://www.politico.com/news/2025/03/24/mike-waltz-signal-chat-resign-00246541
The stunning revelation that top administration officials accidentally included a reporter in a group chat discussing war plans triggered furious discussion inside the White House that national security adviser Mike Waltz may need to be forced out.
Nothing is decided yet
Tomi Engdahl says:
Järkytys Trumpin hallinnon emämunauksesta leviää – Asiantuntijat äimänä
Asiantuntijat ovat järkyttyneitä tiedoista, joiden mukaan Trumpin hallinnolla ensinnäkin oli turvallisuuden vaarantanut Signal-viestiryhmä, johon kaiken lisäksi oli vahingossa lisätty mukaan toimittaja.
https://www.iltalehti.fi/ulkomaat/a/c2515794-f2eb-4a27-952b-e12970bcae79
Tomi Engdahl says:
Trump’s national security adviser added a journalist to text chat on highly sensitive Yemen strike plans
https://edition.cnn.com/2025/03/24/politics/yemen-strikes-journalist-cabinet-signal-chat/index.html
Tomi Engdahl says:
The National Security Council confirmed the chat was authentic
Read more: https://trib.al/93EpTt5
Tomi Engdahl says:
CISA staff tell Forbes they’re stunned by the leak, amid calls for heads to roll. http://on.forbes.com/61870Cwd3
Tomi Engdahl says:
Chinese hackers spent four years inside Asian telco’s networks
An Asian telecommunications company was allegedly breached by Chinese government hackers who spent four years inside its systems, the incident response firm Sygnia said Monday.
The company said the hackers, who they call “Weaver Ant,” compromised home routers made by Zyxel to gain entry into the “major” telco’s environment.
https://therecord.media/chinese-hackers-spent-years-telco
Tomi Engdahl says:
https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_8/2025
Tomi Engdahl says:
The president of Signal defended the messaging app’s security on Wednesday after top Trump administration officials mistakenly included a journalist in an encrypted chatroom they used to discuss looming U.S. military action against Yemen’s Houthis.
Signal head defends messaging app’s security after US war plan leak
https://www.reuters.com/world/us/signal-head-defends-messaging-apps-security-after-us-war-plan-leak-2025-03-25/?utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook&fbclid=IwZXh0bgNhZW0C
MTEAAR1wwRWvB4DPJA5J2uLHiJL4UDpg8BBKGH5sMjWaUekUX0xnCxQt4v-LV2o_aem_Jq–aCzTWq-euYJtoLJw_g
LONDON, March 25 (Reuters) – The president of Signal defended the messaging app’s security on Wednesday after top Trump administration officials mistakenly included a journalist in an encrypted chatroom they used to discuss looming U.S. military action against Yemen’s Houthis.
Signal’s Meredith Whittaker did not directly address the blunder, which Democratic lawmakers have said was a breach of U.S. national security. But she described the app as the “gold standard in private comms” in a post on X, opens new tab, which outlined Signal’s security advantages over Meta’s WhatsApp messaging app.
Tomi Engdahl says:
Signal is app of choice for Trump allies and opponents alike
https://www.reuters.com/technology/signal-is-app-choice-trump-allies-opponents-alike-2025-03-25/
Summary
Signal app seeing wider adoption in Trump’s Washington
Musk’s team among those using the app for work
Signal’s privacy attracts both officials and criminals
March 25 (Reuters) – Elon Musk’s team working to dismantle the federal bureaucracy and the protesters hoping to stop him have something in common.
They use Signal to keep their communications secure.
Signal, a text-and-voice app that is a little over a decade old, is seen as the gold standard for end-to-end encrypted communications, according to mobile security experts. It has been widely adopted – not just by privacy-conscious dissidents but by officials, lawmakers, generals, and corporate leaders as well.
Even before the app became a national talking point when senior Trump officials inadvertently added a reporter to their sensitive discussions about impending airstrikes on Yemen, Signal was taking the capital by storm.
Data from Sensor Tower, an analytics firm, shows that U.S. app downloads of Signal in the first three months of 2025 are up 16% compared to the prior quarter and 25% compared to the same period in 2024.
GOVERNMENT APPROVAL
Some governments have officially blessed the use of Signal. In 2020, the European Commission told its staff to use Signal, opens new tab, adding that its guidance applied to “public instant messaging.” U.S. officials have not been that explicit but, in guidance published late last year, the Cybersecurity and Infrastructure Security Agency urged senior government officials to immediately switch to end-to-end encrypted communications apps, of which Signal is among the most prominent.
The U.S. Senate has long approved Signal, opens new tab for use by legislative staffers.
Signal’s privacy protections – the company says it captures only the bare minimum amount of data about its users – have also made it attractive to criminals.
Tomi Engdahl says:
Viestintäskandaali paisuu – Mitä Trumpin neuvottelija teki Kremlissä?
Steve Witkoff oli tiettävästi Moskovassa tapaamassa Vladimir Putinia, kun hänet lisättiin skandaalin aiheuttaneeseen Signal-ryhmään.
https://www.iltalehti.fi/ulkomaat/a/6141a5d7-70dd-4fcd-8ef8-022ff3bcec63
Samaan aikaan kun Yhdysvaltain kansallisen turvallisuuden neuvonantaja Mike Waltz lisäsi ilmeisesti epähuomiossa amerikkalaistoimittajan suljettuun viestiryhmään Signal-sovelluksessa, Trumpin Lähi-idän erityislähettiläs Steve Witkoff oli Moskovassa tapaamassa Vladimir Putinia. Myös Witkoff oli mukana viestintäkohun aiheuttaneessa ryhmässä.
Tomi Engdahl says:
Trumpin neuvonantaja Michael Waltz ottaa vastuun viestikohusta
https://www.iltalehti.fi/ulkomaat/a/d7b673a8-2501-408e-8ca6-06c10735463b
Michael Waltz sanoo, ettei hän tiedä, miksi Jeffrey Goldbergin numero oli päätynyt ryhmäkeskusteluun.
Kommentti: Trump teki käsittämättömän mokan
https://www.iltalehti.fi/ulkomaat/a/57a8abe7-a917-4312-be09-9440b534ae10
Tomi Engdahl says:
Not surprisingly, Russian hackers are breaking into Signal group chats, according to a Pentagon memo obtained by NPR. The memo was sent on March 18—three days after the US bombed Yemen and five days after top Trump officials accidentally included a journalist on a Signal chat group about it.
“A vulnerability has been identified in the Signal messenger application,” the memo says. At issue is Signal’s “linked devices” feature, which lets a user access their account on multiple devices. Russian hackers are reportedly taking advantage of this to add Signal accounts to their own devices and eavesdrop on what should be encrypted conversations. “This allows the group to view every message sent by the unwitting user in real time,” says the memo.
The Pentagon memo provides steps to “safeguard your Signal application,” and reiterates the government’s Signal policy. It permits the use of Signal for discussions about unclassified information but the app is “NOT approved to process or store nonpublic unclassified information,” it says. All uses must “abide by DoD and NSA/CSS policy.”
More at PCMag
https://www.pcmag.com/news/russian-hackers-are-trying-to-break-into-signal-chats-pentagon-warns
Tomi Engdahl says:
https://www.facebook.com/share/p/1Gf67MQSHC/
A suspected Chinese hacking group, Weaver Ant, remained hidden inside a major Asian telecom for over four years, according to cybersecurity firm Sygnia. The group infiltrated the network by exploiting Zyxel CPE home routers and used web shells to quietly maintain access and steal sensitive data.
Sygnia uncovered the breach while investigating another Chinese threat actor in the same network. An account used by Weaver Ant was accidentally disabled during cleanup efforts, and the group’s attempt to reactivate it raised red flags, leading to a wider investigation that revealed a large, stealthy operation across dozens of servers.
The tactics and tools used point to state-backed Chinese hackers, with activity aligning to China’s work hours. The case adds to a growing list of prolonged cyber-espionage campaigns, including a recent breach at a Massachusetts public utility.
#china #hack #cybersecurity
Tomi Engdahl says:
If Waltz is telling the truth here, there is a good possibility that someone hacked his phone or Signal account to switch a real contact to Goldberg. If it was an accident, why is Goldberg in his phone as a contact?
Waltz takes “full responsibility” for Signal group chat scandal
https://www.axios.com/2025/03/26/signal-group-chat-leak-waltz?utm_campaign=editorial&utm_source=facebook&utm_medium=social&fbclid=IwY2xjawJRKWpleHRuA2FlbQIxMQABHSf_eOdx3tN46fRZ6PgyQACIif3qBFyTGc7mQB4NJK6DS48zS6fIy0xvxQ_aem_dJpU7pS-66GrapC81wayOQ
Tomi Engdahl says:
TROY HUNT GOT PHISHED!!!A jet-lagged Hunt offered his apologies to those affected, saying he’s “enormously frustrated with myself for having fallen for this.”
The phish itself, he said, was “very well crafted,” although he admitted his tiredness played a huge role in its success.
Hunt blogged about the incident immediately, providing screenshots of the phishing email he received, which does have a more authentic look about it than many others flying around these days.
The email employed the classic time pressure to urge would-be victims to act fast. In this case, the email told Hunt he would be unable to blast his subscribers with updates until he logged into his account and reviewed his campaigns following a spam complaint.
This created “just the right amount of urgency,” Hunt said. Not too much so that it seemed overtly suspicious, but enough to demand a fast response.
He followed the link, entered his credentials and one-time passcode (OTP), watching as the page “hung” – or became unresponsive. Moments later he realized what happened and went to change his password in his account, but received an email from Mailchimp notifying him that the mailing list had successfully been exported.
Infosec pro Troy Hunt HasBeenPwned in Mailchimp phish
16,000 stolen records pertain to former and active mail subscribers
https://www.theregister.com/2025/03/25/troy_hunt_mailchimp_phish/?fbclid=IwY2xjawJRMZpleHRuA2FlbQIxMQABHcU7sNLk57hl3TI1cXRj_lOu_pK6Aizhqa-E7es1R73-nFKh3PG2smy-8w_aem_wncr_gWVVzH2ezoT9UsN5A
Tomi Engdahl says:
Allstate Insurance sued for delivering personal info on a platter, in plaintext, to anyone who went looking for it
Crooks built bots to exploit astoundingly bad quotation website and made off with data on thousands
https://www.theregister.com/2025/03/10/allstate_sued_pii_exposure/?td=keepreading
New York State has sued Allstate Insurance for operating websites so badly designed they would deliver personal information in plain-text to anyone that went looking for it.
The data was lifted from Allstate’s National General business unit, which ran a website for consumers who wanted to get a quote for a policy. That task required users to input a name and address, and once that info was entered, the site searched a LexisNexis Risk Solutions database for data on anyone who lived at the address provided.
The results of that search would then appear on a screen that included the driver’s license number (DLN) for the given name and address, plus “names of any other drivers identified as potentially living at that consumer’s address, and the entire DLNs of those other drivers.”
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/oracle-customers-confirm-data-stolen-in-alleged-cloud-breach-is-valid/?fbclid=IwZXh0bgNhZW0CMTEAAR2VT-rJAAJVef-eZMMAPqcVGjXV3pOOaa9LczDuFoVvfGrpJFjIIfmakyI_aem_S983V-q0fMMQjsXurmltVQ
Tomi Engdahl says:
Using Starlink Wi-Fi in the White House Is a Slippery Slope for US Federal IT
The ad hoc addition to the otherwise tightly controlled White House information environment could create blind spots and security exposures while setting potentially dangerous precedent.
https://www.wired.com/story/white-house-starlink-wifi/?fbclid=IwY2xjawJRQqxleHRuA2FlbQIxMQABHT7bGIDpPZhHgu_THjr_N22jnjwci2FndeI0wr5w1ErVwlb1osVpSh3ubQ_aem_IjOJjtk3Sf4ufCoyhqBueA
Tomi Engdahl says:
https://www.businessinsider.com/white-house-elon-musk-investigate-signal-group-chat-access-2025-3?utm_campaign=insider-sf&utm_source=facebook&utm_medium=social&fbclid=IwZXh0bgNhZW0CMTEAAR09pyG11Tsuo_fnRXt3CaOZK_QBLShNqoanngS7_2VB5FlMJQp6f8Hbsb0_aem_n8pRZn2C_qFdRRIcaxgpIQ
Tomi Engdahl says:
There are perhaps 10,000 reasons to doubt Oracle Cloud’s security breach denial
There are perhaps 10,000 reasons to doubt Oracle Cloud’s security breach denial
Customers come forward claiming info was swiped from prod
https://www.theregister.com/2025/03/25/oracle_breach_update/?fbclid=IwY2xjawJRRy9leHRuA2FlbQIxMQABHcbGCvX6CfEQCAS5tILv543Ckouzd9919hJZ-sDWbLRuADDDpfswxyAw5w_aem_uIeS8GQf0woIK67ZMPYWOw
Tomi Engdahl says:
BREAKING: Mike Waltz goes even further, suggesting that Jeffrey Goldberg somehow hacked into his phone and replaced the contact labeled “JG” with his own number to gain access to this Signal group chat. Bring out the tinfoil hats. This is crazy!
https://x.com/magalietracker/status/1904672558508621840?s=46&fbclid=IwY2xjawJRR4BleHRuA2FlbQIxMQABHdcT-0N-AZJdN96t6mAfr3oitVgo_kTTWTevt4AT5N5C9AU527vsA1fJSA_aem_BSgN4Kdyi2y7xT4cHXc5Dg
Tomi Engdahl says:
Leaked data exposes a Chinese AI censorship machine https://tcrn.ch/4l4pslC
Tomi Engdahl says:
Elon Musk and his Department of Government Efficiency team are reviewing how The Atlantic editor was added to a Signal group chat where plans for a U.S. military attack in Yemen were discussed, a senior White House official confirmed.
In his interview with Fox News Tuesday night, National Security Adviser Mike Waltz alluded to Musk’s involvement, saying, “I just talked to Elon on the way here — we have the best technical minds looking at how this happened.”
Read more: https://abcnews.visitlink.me/XTp724
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/redcurl-cyberspies-create-ransomware-to-encrypt-hyper-v-servers/
Tomi Engdahl says:
Pete Hegseth and Mike Walz’s leaked passwords ‘found online’ in aftermath of Signalgate
German newspaper Der Spiegel claims to have accessed personal data about several top Trump officials
https://www.the-independent.com/news/world/americas/us-politics/der-spiegel-hegseth-gabbard-passwords-signal-security-b2722638.html?fbclid=IwY2xjawJSizBleHRuA2FlbQIxMQABHfuQNQwnR–dxFFt2D8XhGvVGGIPZy0I3PTHPZQACmU_WT9dheDe8i8cHg_aem_OMtDVi38W0l0F97-9du9aQ
Tomi Engdahl says:
STT: Ulkoministeriöön hyökättiin – KRP tutkii törkeää rikosta
Keskusrikospoliisi on aloittanut tutkinnan epäillystä törkeästä tietomurrosta ulkoministeriöön, STT kertoo.
https://www.iltalehti.fi/kotimaa/a/52727d41-9023-489e-8e89-7e501ba14bc8
Keskusrikospoliisi (KRP) on aloittanut esitutkinnan koskien ulkoministeriön etäyhteyspalvelussa havaittua poikkeavaa toimintaa. Asiasta uutisoi STT
Rikosnimikkeenä on törkeä tietomurto, KRP:n viestinnästä kerrotaan STT:lle.
Ulkoministeriö tiedotti tällä viikolla havaitusta poikkeavasta toiminnasta palvelussaan torstaina. Ulkoministeriö esti palvelun käytön tiistaina, ja teki tutkintapyynnön KRP:lle. Myö tietosuojavaltuutettu sai asiasta tiedon.
Krp tutkii törkeää tietomurtoa ulkoministeriössä
https://www.hs.fi/suomi/art-2000011131252.html
Rikosepäilyt|Ulkoministeriö tiedotti torstaina, että tietomurroksi epäiltyä poikkeavaa toimintaa havaittiin etäyhteyspalvelussa tällä viikolla ja palvelun käyttö estettiin.
Tomi Engdahl says:
https://futurism.com/rest-pentagon-group-chat-leaked?fbclid=IwY2xjawJS909leHRuA2FlbQIxMQABHa4wfHS4q3nxcHmUieY-R2C3ZaMivhETp6CIoWHINiERFDk8bOkpJVO0dQ_aem_MoiWSOUgmQNIRRydXupE-A
Tomi Engdahl says:
Huoli suomalaisten tiedoista räjähti, kiitos Muskin ja Trumpin – ja kaikki liittyy sähkön hintaan
Asiantuntija on nähnyt valtavan muutoksen muutamassa kuukaudessa.
Huoli suomalaisten tiedoista räjähti, kiitos Muskin ja Trumpin – ja kaikki liittyy sähkön hintaan
https://www.is.fi/digitoday/tietoturva/art-2000011108658.html
Presidentti Donald Trumpin hallinto Yhdysvalloissa on lyhyessä ajassa osoittanut, että se ei suhtaudu suurella varovaisuudella edes omien kansalaistensa arkaluonteisten tietojensa suojaamiseen. Uusi Doge-virasto on hakenut laajaa pääsyä esimerkiksi amerikkalaisten sosiaaliturvatietoihin.
Samaan aikaan asiantuntija tietää, että suomalaistenkin kriittisiä terveystietoja säilytetään amerikkalaisilla palvelimilla. Olivat palvelimet sitten Yhdysvalloissa tai vaikka Suomessa.
– Meillä on Suomessa ja Euroopassa pitkään lähdetty siitä, että oleellista on datan fyysinen sijaintipaikka. Kun palvelin hurisee vaikkapa Helsingissä, niin se olisi ok. Nyt on alettu keskustella tosi paljon siitä, minkä maan lainsäädännön alaisuudessa se taho on, joka tietoja säilyttää, pilvipalveluyhtiö Magic Cloudin toimitusjohtaja Timo Haapavuori hahmottaa.
Microsoft, Google, Amazon ja Apple ovat suuria amerikkalaisia pilvipalvelujen tarjoajia. EU:n lait toki velvoittavat niitäkin, mutta niin velvoittavat USA:nkin pykälät, toimitusjohtaja korostaa.
Tomi Engdahl says:
Oracle Health breach compromises patient data at US hospitals
https://www.bleepingcomputer.com/news/security/oracle-health-breach-compromises-patient-data-at-us-hospitals/
A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers.
Oracle Health has not yet publicly disclosed the incident, but in private communications sent to impacted customers and from conversations with those involved, BleepingComputer confirmed that patient data was stolen in the attack.
Oracle Health, formerly known as Cerner, is a healthcare software-as-a-service (SaaS) company offering Electronic Health Records (EHR) and business operations systems to hospitals and healthcare organizations. After being acquired by Oracle in 2022, Cerner was merged into Oracle Health, with its systems migrated to Oracle Cloud.
In a notice sent to impacted customers and seen by BleepingComputer, Oracle Health said it became aware of a breach of legacy Cerner data migration servers on February 20, 2025.
multiple sources told BleepingComputer that it was confirmed that patient data was stolen during the attack.
Oracle Health is also telling hospitals that they will not notify patients directly and that it is their responsibility to determine if the stolen data violates HIPAA laws and whether they are required to send notifications.
Customers concerned about response
While the breach and theft of patient data have become a nightmare for the impacted organizations, BleepingComputer was told that Oracle’s lack of transparency has also been extremely frustrating.
The notification seen by BleepingComputer was not on official letterhead but was signed by Seema Verma, the Executive Vice President & GM of Oracle Health.
Furthermore, rather than providing written reports, Oracle Health has reportedly directed customers to communicate only with its Chief Information Security Office (CISO) over the phone and not via email.
This approach has left hospitals without proper documentation or clear guidance on responding to the security breach.
Tomi Engdahl says:
https://www.sustainability-times.com/in-depth/eyes-in-the-sky-chinas-latest-spy-satellite-captures-faces-from-space-with-unprecedented-clarity-revolutionizing-surveillance/
Tomi Engdahl says:
Automatic Password Hacking Machine Confirmed—Stop Using Passwords Now
https://www.forbes.com/sites/daveywinder/2025/03/28/automatic-hacking-machine-uses-millions-of-stolen-passwords-to-attack/
Don’t say you weren’t warned. The threat from infostealer malware has been made pretty clear as billions of passwords are reported compromised, 85 million of the newest being used in ongoing attacks, and even two-factor authentication in isolation might not be enough to save you as hackers use session cookies to bypass 2FA code protections. That threat has just been amplified by a report revealing how an automatic hacking machine called Atlantis AIO is using millions of stolen passwords to gain access to email, VPN, streaming services and even food delivery accounts. The takeaway, if you’ll pardon the pun, is to stop using your passwords now.
Update, March 28, 2025: This story, originally published March 25, has been updated with new research into the effectiveness of passkeys as a more secure replacement for passwords, the further availability of Google’s hardware passkey and news from Microsoft impacting a billion password users as it makes the change to passwordless authentication to stop insecure password use.
Atlantis AIO: An Automatic Hacking Machine Using Stolen Passwords By The Million
Credential stuffing is not new; let’s make that clear right from the start. However, it is a very dangerous attack methodology and is becoming increasingly so. Attackers are always looking to develop new tools that can help them carry out their attacks, as I reported March 15 after leaked Black Basta ransomware group internal chat logs revealed how it was using an automated brute-force attack framework. As both brute-force and credential stuffing terms suggest, these attacks essentially hammer an account with as many usernames and password combinations as possible in the hope that one will be correct and gain entry.
Atlantis AIO Quickly Tests Stolen Passwords At Scale
“By offering pre-configured modules for targeting a range of platforms and cloud-based services,” the threat intel report warned, “it allows cybercriminals to launch credential stuffing attacks at scale with minimal effort.” The secret to the success of this automatic hacking machine is its modular approach. This can be demonstrated across three areas.
Tomi Engdahl says:
https://www.csoonline.com/article/3856291/salt-typhoon-may-have-upgraded-backdoors-for-efficiency-and-evasion.html
Tomi Engdahl says:
https://www.economist.com/asia/2025/03/19/why-are-north-korean-hackers-such-good-crypto-thieves
Tomi Engdahl says:
https://www.govtech.com/security/can-interventions-turn-teens-from-cyber-crime-to-cybersecurity
Tomi Engdahl says:
https://www.darkreading.com/cyberattacks-data-breaches/cybersecurity-gaps-leave-doors-wide-open
Tomi Engdahl says:
IngressNightmare: 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX
Over 40% of cloud environments are vulnerable to RCE, likely leading to a complete cluster takeover.
https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities