DATE: March 31, 2025 at 09:50AM
SOURCE: HIPAA JOURNAL
Direct article link at end of text block below.
Oracle Health Breach Affects Patients of Multiple U.S. Multiple Hospitals https://t.co/42e13gaQaa #healthcare #databreach
Here are any URLs found in the article text:
Articles can be found by scrolling down the page at https://www.hipaajournal.com/ .
-------------------------------------------------
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Most healthcare security and privacy posts related to IT or infosec are at @rsstosecurity
-------------------------------------------------
Crocodilus Android Malware: This nasty piece of work is targeting crypto wallets by using fake overlays to steal seed phrases. It's bypassing security measures and using social engineering to gain access. Watch out for this one, especially if you have users in Turkey and Spain! 
Key Takeaways:
Steals crypto wallet seed phrases using Accessibility Logger.
Bypasses Android 13 security and Play Protect.
Employs 23 bot commands, including call forwarding and RAT functionality.
Hides activities with black screen overlays and muting.
Microsoft's Quick Machine Recovery Tool: Microsoft is testing a new tool for Windows 11 that could be a game-changer for dealing with boot crashes caused by buggy drivers and configurations. Imagine remotely fixing those dreaded BSODs! 
Here's the lowdown:
Remotely fixes boot crashes caused by bad drivers/configs.
Connects to Microsoft's servers to apply fixes.
Could have made life much easier when recovering from the worldwide CrowdStrike outage from July last year.
Customizable for enterprise users via RemoteRemedation CSP.
npm Package Nightmare: 10 packages compromised by an infostealer campaign targeting developer environments. Sensitive data was siphoned off to a remote host. Most of the packages are still available on npm, so be careful!
Firefox Flaw: A critical sandbox escape vulnerability (CVE-2025-2857) patched in Firefox 136.0.4. Windows users, update ASAP! This one's similar to a Chrome zero-day used in espionage campaigns.
Ransomware Reckoning: Advanced, a UK healthcare IT provider, slapped with a £3.1 million fine after a LockBit ransomware attack. Lack of vulnerability scanning and poor patch management were key factors.
Solar Scare: Dozens of vulnerabilities in solar inverters could let attackers disrupt power grids. Remote code execution, device takeover, and more are possible.
CrushFTP Clash: CEO responds aggressively to VulnCheck after critical unauthenticated access vulnerability (CVE-2025-2825) is released. Vulnerability disclosure and patching processes need to be improved!
Pegasus in Serbia: Journalists targeted with Pegasus spyware, marking the third time in two years that Amnesty has found Pegasus deployed against Serbian civil society.
Ransomware Reverse: Resecurity infiltrates the BlackLock ransomware gang, gathering intel to help victims. LFI vulnerability exploited, and data shared with authorities.
Ready to dive into the latest threats and breaches making headlines? 
FamousSparrow's Return: The Chinese government-backed hacking group is back, targeting organizations in North America. Important distinction: ESET insists on tracking them separately from Salt Typhoon. Remember to prioritize TTPs and IOCs/IOAs accordingly!
RedCurl's Ransomware Twist: This corporate espionage group is now deploying "QWCrypt" ransomware, targeting Hyper-V servers. Phishing emails with malicious IMG attachments are the initial attack vector.
StreamElements Data Breach: A third-party service provider suffered a breach, exposing data of 210,000 customers.!
NSW Court System Data Theft: Sensitive documents, including AVOs, were stolen from the NSW Online Registry website. This could have serious consequences for victims of domestic violence.
NYU Website Defacement: A hacker compromised NYU's website, leaking personal data of over 1 million students. Even with good intentions, the collateral damage is unacceptable.
Defense Contractor Fined: MORSE Corp will pay millions for failing to meet federal cybersecurity requirements. Third-party risk management is crucial!
Chrome Zero-Day Exploited: Google patched a zero-day vulnerability exploited in espionage campaigns targeting Russian organizations. Keep your browsers updated!
UK Warns of 'Com Networks': The UK's NCA is warning of a growing threat from online networks of teenage boys who are "dedicated to inflicting harm and committing a range of criminality." A very worrying trend that we need to be aware of.
