CyberSecurity news

FlagThis - #healthcare

@WhatIs //

Cyberattack Disrupts Hospital Operations in Maine and NH - Covenant Health experienced a cyberattack disrupting operations at multiple facilities, causing data system shutdowns and service delays.
A cyberattack struck Covenant Health on Monday, May 26, 2025, disrupting operations at St. Joseph Hospitals in Bangor, Maine, and Nashua, New Hampshire, as well as St. Mary’s Health System and Community Clinics in Lewiston, Maine. The healthcare provider, a Catholic-based nonprofit serving New England and parts of Pennsylvania, was forced to shut down all data systems across its hospitals, clinics, and provider practices as a protective measure against the "cyber incident initiated by an outside group." This action has impacted access to electronic records, appointment scheduling, and internal communications, leading to connectivity issues throughout the organization.

The cyberattack has led to significant operational disruptions at the affected facilities. In both Bangor and Nashua, ambulance services have been diverted, and diagnostic scans have been redirected to other locations. Patients have reported difficulties in refilling prescriptions, and outpatient lab services at St. Joseph Hospital in Nashua are now only available on the main hospital campus with a physical order in hand. Staff are working under modified procedures to maintain patient care amidst the system outages. The hospitals have posted notices on their websites acknowledging the disruptions and assuring the public that teams are working to restore full services as quickly as possible.

Covenant Health spokesperson Karen Sullivan confirmed that cybersecurity experts have been engaged to investigate the breach and assist in restoring system functionality. While a timeline for full restoration has not been provided, the organization emphasizes that patient care remains a priority. Cybersecurity analysts are warning that medical institutions are increasingly vulnerable to cyberattacks due to the high value of patient data on illicit markets, stressing the urgent need for enhanced digital defenses across the healthcare sector. The incident is currently under investigation, and updates will be provided as more information becomes available.

Recommended read:
References :
  • DataBreaches.Net: Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations
  • The Dysruption Hub: Cyberattack Disrupts Operations at St. Joseph Hospitals in Maine and New Hampshire
  • WhatIs: Covenant Health cyberattack disrupts New England hospitals
@ketteringhealth.org //

Kettering Health Crippled by Ransomware Attack - Kettering Health experienced a ransomware attack causing a system-wide technology outage, impacting operations and leading to the cancellation of elective medical procedures.
Kettering Health, a healthcare network operating 14 medical centers and over 120 outpatient facilities in western Ohio, has been hit by a ransomware attack causing a system-wide technology outage. The cyberattack, which occurred on Tuesday, May 20, 2025, has forced the cancellation of elective inpatient and outpatient procedures and has disrupted access to critical patient care systems, including phone lines, the call center, and the MyChart patient portal. Emergency services remain operational, but emergency crews are being diverted to other facilities due to the disruption. Kettering Health has confirmed they are responding to the cybersecurity incident involving unauthorized access to its network and has taken steps to contain and mitigate the breach, while actively investigating the situation.

The ransomware attack is suspected to involve the Interlock ransomware gang, which emerged last fall and has targeted various sectors, including tech, manufacturing firms, and government organizations. A ransom note, viewed by CNN, claimed the attackers had secured Kettering Health's most vital files and threatened to leak stolen data unless the health network began negotiating an extortion fee. In response to the disruption, Kettering Health has canceled elective procedures and is rescheduling them for a later date. Additionally, the organization is cautioning patients about scam calls from individuals posing as Kettering Health team members requesting credit card payments and has halted normal billing calls as a precaution.

The incident highlights the increasing cybersecurity challenges facing healthcare systems. According to cybersecurity experts, healthcare networks often operate with outdated technology and lack comprehensive cybersecurity training for staff, making them vulnerable to attacks. There is a call to action to invest in healthcare cybersecurity, with recommendations for the government and its partners to address understaffed healthcare cyber programs by tweaking federal healthcare funding programs to cover critical cybersecurity expenditures, augmenting healthcare cybersecurity workforces and incentivizing cyber maturity.

Recommended read:
References :
  • industrialcyber.co: Ransomware suspected in Kettering Health cyberattack disrupting patient services, canceling elective procedures
  • BleepingComputer: Kettering Health, a healthcare network that operates 14 medical centers in Ohio, was forced to cancel inpatient and outpatient procedures following a cyberattack that caused a system-wide technology outage.
  • www.bleepingcomputer.com: Kettering Health, a healthcare network that operates 14 medical centers in Ohio, was forced to cancel inpatient and outpatient procedures following a cyberattack that caused a system-wide technology outage. [...]
  • DataBreaches.Net: Elective inpatient and outpatient procedures were canceled.
  • thecyberexpress.com: Kettering Health Hit by Cyberattack: Network Outage and Scam Calls Reported
  • The DefendOps Diaries: Strengthening Cybersecurity in Healthcare: Lessons from the Kettering Health Ransomware Attack
  • BleepingComputer: Kettering Health hit by system-wide outage after ransomware attack
  • The Dysruption Hub: Reports Ransomware Attack Cripples Kettering Health Systems Across Ohio
  • www.healthcareitnews.com: Kettering Health faces a ransomware attack and confirms a scam targeting its patients
  • www.scworld.com: Apparent ransomware attack leads to systemwide outage for Kettering Health
  • Industrial Cyber: Reports Ransomware suspected in Kettering Health cyberattack disrupting patient services, canceling elective procedures
  • www.itpro.com: The incident at Kettering Health disrupted procedures for patients
  • www.cybersecuritydive.com: Ohio’s Kettering Health hit by cyberattack
@The DefendOps Diaries //

Ascension Healthcare Data Breach Exposes Patient Information - A data breach at Ascension exposed the personal and health information of over 430,000 patients due to a compromise at a former partner, highlighting the risks associated with third-party vendors.
Ascension, one of the largest private healthcare systems in the United States, is facing scrutiny following a significant data breach. The company revealed that the personal and healthcare information of over 430,000 patients was exposed in an incident disclosed last month. The breach stemmed from a compromise affecting a former business partner, highlighting the inherent risks associated with third-party vendors and the critical need for robust cybersecurity measures within the healthcare ecosystem.

The vulnerability in third-party software allowed attackers access to sensitive patient data. Depending on the patient, the attackers could access personal health information related to inpatient visits, including the physician's name, admission and discharge dates, diagnoses, and more. The data breach underscores the importance of healthcare organizations thoroughly vetting and continuously monitoring third-party vendors and their software solutions. This situation exemplifies how a single point of failure in the supply chain can have far-reaching consequences for patient privacy and data security.

The Ascension data breach has broader implications for healthcare cybersecurity. The incident serves as a stark reminder of the vulnerabilities in healthcare systems, especially those involving third-party software. The lessons learned emphasize the need for strengthening cybersecurity defenses against third-party and ransomware threats. Healthcare providers must prioritize data protection, regularly assess the security of their partners, and implement robust measures to protect patient information from evolving cyber threats.

Recommended read:
References :
  • bsky.app: Ascension, one of the largest private healthcare systems in the United States, has revealed that a data breach disclosed last month affects the personal and healthcare information of over 430,000 patients.
  • securityaffairs.com: Ascension reveals personal data of 437,329 patients exposed in cyberattack
  • The DefendOps Diaries: Lessons from the Ascension Data Breach: Strengthening Healthcare Cybersecurity
  • www.bleepingcomputer.com: Ascension, one of the largest private healthcare systems in the United States, has revealed that a data breach disclosed last month affects the personal and healthcare information of over 430,000 patients.
  • BleepingComputer: Ascension, one of the largest private healthcare systems in the United States, has revealed that a data breach disclosed last month affects the personal and healthcare information of over 430,000 patients.
  • BleepingComputer: Ascension, one of the largest private healthcare systems in the United States, has revealed that a data breach disclosed last month affects the personal and healthcare information of over 430,000 patients.
  • MeatMutts: Human Error Reveals Massive Data Breach in Ascension Healthcare System
  • Tech Monitor: Ascension data breach exposes information of over 430,000 patients
  • www.scworld.com: Reports over 430,000 patients affected.
Pierluigi Paganini@Security Affairs //

Cybersecurity CEO Charged with Hospital Malware Installation - Cybersecurity firm Veritaco's CEO, Jeffrey Bowie, was charged with installing malware on hospital systems in Oklahoma City to capture screenshots and transmit them to an external IP address.
Jeffrey Bowie, the CEO of cybersecurity firm Veritaco, has been arrested and charged with two counts of violating Oklahoma's Computer Crimes Act. The charges stem from an incident on August 6, 2024, where Bowie allegedly installed malware on employee computers at St. Anthony Hospital in Oklahoma City. Security footage captured Bowie accessing multiple offices within the hospital before installing the malicious software, which was designed to capture screenshots every 20 minutes and transmit them to an external IP address.

Following the discovery of the unauthorized installation by a vigilant hospital employee, St. Anthony Hospital conducted a forensic review confirming the presence of malware. When confronted, Bowie claimed he needed to use the computer for a family member undergoing surgery, but authorities found his explanation unconvincing. SSM Health, the hospital's parent organization, issued a statement assuring the public that immediate action was taken and that no patient information was compromised due to the security measures in place. The hospital has since increased monitoring and employee training to further protect their systems.

Bowie's arrest has sent shockwaves through the cybersecurity community, particularly given his position as the head of a firm specializing in protecting businesses from cyber threats. Veritaco, described on Bowie's LinkedIn profile as a company focused on "cybersecurity, digital forensics, and private intelligence," employed between two and ten individuals. The incident underscores the potential for insider threats, even from individuals entrusted with security responsibilities, and has led to renewed calls for robust internal controls and employee vigilance.

Recommended read:
References :
  • Cyber Security News: Cyber Security Company CEO Arrested for Installing Malware Onto Hospital Computers
  • gbhackers.com: Jeffrey Bowie, the CEO of a local cybersecurity firm, has been arrested for allegedly planting malware on computers at SSM St. Anthony Hospital.
  • buherator's timeline: Cybersecurity News - CEO of cybersecurity firm charged with installing malware on hospital systems 🤦
  • securityaffairs.com: Veritaco CEO Jeffrey Bowie faces charges for allegedly installing malware on hospital computers, violating Oklahoma’s Computer Crimes Act.
  • Talkback Resources: Veritaco CEO Jeffrey Bowie arrested for allegedly installing malware on hospital computers in violation of Oklahoma's Computer Crimes Act.
  • cybersecuritynews.com: Jeffrey Bowie, the CEO of a cybersecurity firm Veritaco, is facing two counts of violating Oklahoma’s Computer Crimes Act for allegedly infecting employee computers at the Oklahoma City St. Anthony Hospital.
  • The Register - Security: Cybersecurity CEO accused of running malware on hospital PC blabs about it on LinkedIn
Pierluigi Paganini@Security Affairs //

Interlock Ransomware Leaks Data from DaVita Dialysis Firm - The Interlock ransomware gang has claimed responsibility for a cyberattack on DaVita, a major kidney dialysis firm, and has begun leaking stolen data.
The Interlock ransomware group has claimed responsibility for a cyberattack on DaVita, a major kidney dialysis firm with over 2,600 U.S. dialysis centers and 76,000 employees across 12 countries. DaVita disclosed to the U.S. Securities and Exchange Commission (SEC) that they suffered a ransomware attack on April 12th affecting some operations. The company is currently investigating the impact of the incident which is the latest in a surge of ransomware attacks hitting US healthcare organizations.

Earlier today, the Interlock ransomware gang claimed responsibility for the attack by adding DaVita to its list of victims. The group has started leaking data allegedly stolen from the organization, claiming to have exfiltrated over 1.5 TB of data. The healthcare sector is increasingly under siege from cybercriminals, with ransomware attacks posing a significant threat to operational integrity and patient safety. This incident underscores the urgency for healthcare organizations to bolster their cybersecurity defenses to effectively counter these evolving threats.

Ransomware attacks in the healthcare sector can have severe implications for patient care and safety. The DaVita attack disrupted internal operations and encrypted certain on-premises systems, affecting the delivery of essential medical services. Though patient care at DaVita centers and patients' homes continued, the incident highlights the potential for treatment delays and compromised patient safety. Following the attack, DaVita disclosed the incident to the U.S. Securities and Exchange Commission (SEC), indicating the regulatory scrutiny that healthcare organizations face in the aftermath of cyberattacks.

Recommended read:
References :
  • securityaffairs.com: The Interlock ransomware gang claimed responsibility for the attack on the leading kidney dialysis company DaVita and leaked alleged stolen data.
  • BleepingComputer: BleepingComputer on Interlock ransomware claims DaVita attack and leaks stolen data
  • hackread.com: Ransomware Surge Hits US Healthcare: AOA, DaVita and Bell Ambulance Breached
  • www.cysecurity.news: Cyberattacks Hit U.S. Healthcare Firms, Exposing Data of Over 236,000 People
  • CyberInsider: Claims by Interlock of data theft from DaVita.
  • bsky.app: The Interlock ransomware gang has claimed the cyberattack on DaVita kidney dialysis firm and leaked data allegedly stolen from the organization.
  • www.redpacketsecurity.com: [INTERLOCK] – Ransomware Victim: DaVita
  • cyberinsider.com: Cyber Insider: Interlock Ransomware Group Claims DaVita Attack, Leaks Over 1.5 TB of Data.
  • hackread.com: Interlock Ransomware Say It Stole 20TB of DaVita Healthcare Data
  • www.scworld.com: Interlock takes credit for DaVita hack
Bill Toulas@BleepingComputer //

Yale Health Data Breach Affects 5.5 Million - Yale New Haven Health suffered a cyberattack, resulting in the theft of personal data belonging to 5.5 million patients.
Yale New Haven Health (YNHHS) has confirmed a significant data breach impacting 5.5 million patients. The cybersecurity incident, which occurred in March, involved unauthorized access to YNHHS systems, leading to the potential theft of sensitive personal information. The exposed data includes names, dates of birth, medical record numbers, and in some instances, Social Security numbers and health insurance details. YNHHS has alerted affected patients and is working with law enforcement and cybersecurity experts to investigate the breach.

Mandiant's incident response team was brought in to help contain the breach. The healthcare system began notifying affected patients via mail on April 14. The organization is affiliated with Yale University and Yale School of Medicine and is Connecticut's largest provider of its kind, with five hospitals and medical clinics throughout the US state as well as New York and Rhode Island.

This cyberattack is considered one of the largest healthcare data breaches of the year. YNHHS has stated that the incident has not affected its ability to provide patient care, with the patient portal and electronic medical records functioning normally. The incident serves as a stark reminder of the increasing cyber threats faced by healthcare organizations and underscores the critical need for robust security measures to safeguard patient data.

Recommended read:
References :
  • The Register - Security: SSNs and more on 5.5M+ patients feared stolen from Yale Health
  • Security Affairs: Yale New Haven Health (YNHHS) data breach impacted 5.5 million patients
  • The DefendOps Diaries: TheDefendOpsDiaries: The Yale New Haven Health Data Breach: A Wake-Up Call for Healthcare Cybersecurity
  • BleepingComputer: Yale New Haven Health data breach affects 5.5 million patients
  • cyberinsider.com: Yale New Haven Health has officially confirmed that a March cybersecurity breach impacted over 5.5 million individuals, making it one of the largest healthcare data incidents reported in 2025.
  • www.itpro.com: More than 5 million Americans just had their personal information exposed in the Yale New Haven Health data breach – and lawsuits are already rolling in
  • Tech Monitor: Yale New Haven Health data breach exposes data of 5.5 million patients
  • Zack Whittaker: New: Connecticut's largest healthcare system, Yale New Haven Health, says a data breach affects at least 5.5 million people. When I asked about the nature of the incident, a spokesperson said the hack tracks as ransomware and that law enforcement are investigating.
  • techcrunch.com: Data breach at Connecticut’s Yale New Haven Health affects over 5 million
  • techcrunch.com: Data breach at Connecticut’s Yale New Haven Health affects over 5 million
  • Talkback Resources: Yale New Haven Health alerts 5.5M+ patients of data breach
  • CyberInsider: CyberInsider: Yale New Haven Health Confirms 5.5 Million Affected
  • www.scworld.com: Over 5.5M impacted by Yale New Haven Health breach
  • lifehacker.com: This Healthcare Data Breach Compromised 5.5 Million Patients' Information
  • CyberInsider: CyberInsider: VeriSource Breach Exposes Personal Data of 4 Million Individuals
Pierluigi Paganini@securityaffairs.com //

New ResolverRAT Malware Targets Pharma Healthcare Firms - Morphisec researchers discovered ResolverRAT, a new malware targeting healthcare and pharmaceutical firms globally through phishing emails to steal sensitive data.
A newly discovered remote access trojan (RAT) called ResolverRAT is actively targeting healthcare and pharmaceutical organizations worldwide. Security researchers at Morphisec have identified this sophisticated malware as a new threat, noting its advanced in-memory execution, API and resource resolution at runtime, and layered evasion techniques. ResolverRAT is designed for stealth and resilience, making static and behavioral analysis significantly more difficult. The malware has been observed in attacks as recently as March 10, indicating an ongoing campaign.

ResolverRAT spreads through meticulously crafted phishing emails, often employing fear-based lures to pressure recipients into clicking malicious links. These emails are localized, using languages spoken in targeted countries, including Hindi, Italian, Czech, Turkish, Portuguese, and Indonesian. The content often revolves around legal investigations or copyright violations to induce a sense of urgency. The infection chain initiates through DLL side-loading, with a legitimate executable used to inject ResolverRAT into memory, a technique previously observed in Rhadamanthys malware attacks.

Once deployed, ResolverRAT utilizes a multi-stage bootstrapping process engineered for stealth. The malware employs encryption and compression and exists only in memory after decryption to prevent static analysis. It also incorporates redundant persistence methods via the Windows Registry and file system. Furthermore, ResolverRAT uses a bespoke certificate-based authentication to communicate with its command-and-control (C2) server, bypassing machine root authorities and implementing an IP rotation system to connect to alternate C2 servers if necessary. These advanced C2 infrastructure capabilities indicate a sophisticated threat actor combining secure communications and fallback mechanisms.

Recommended read:
References :
  • securityaffairs.com: SecurityAffairs: New malware ‘ResolverRAT’ targets healthcare, pharmaceutical firms
  • The Hacker News: The Hacker News: ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading
  • BleepingComputer: BleepingComputer: New ResolverRAT malware targets pharma and healthcare orgs worldwide
  • ciso2ciso.com: New malware ‘ResolverRAT’ targets healthcare, pharmaceutical firms – Source: securityaffairs.com
  • ciso2ciso.com: New malware ‘ResolverRAT’ targets healthcare, pharmaceutical firms – Source: securityaffairs.com
  • bsky.app: A new remote access trojan (RAT) called 'ResolverRAT' is being used against organizations globally, with the malware used in recent attacks targeting the healthcare and pharmaceutical sectors.
  • Anonymous ???????? :af:: ResolverRAT is hitting healthcare and pharma sectors hard — phishing, fear-bait, stealth attacks.
  • industrialcyber.co: ResolverRAT malware attacks pharma and healthcare organizations via phishing and DLL side-loading
  • Industrial Cyber: ResolverRAT malware attacks pharma and healthcare organizations via phishing and DLL side-loading
  • www.scworld.com: Novel ResolverRAT trojan launched in global attacks against healthcare, pharma
  • Tech Monitor: Researchers identify new ResolverRAT cyber threat affecting global healthcare organisations
  • Security Risk Advisors: 🚩 ResolverRAT Malware Campaign Targets Healthcare and Pharmaceutical Sectors
  • www.morphisec.com: ResolverRAT Malware Campaign Targets Healthcare and Pharmaceutical Sectors
  • www.csoonline.com: New ResolverRAT malware targets healthcare and pharma orgs worldwide
  • Virus Bulletin: Morphisec's Nadav Lorber analyses ResolverRAT, a newly identified remote access trojan that combines advanced in-memory execution, API and resource resolution at runtime, and layered evasion techniques.
  • securityonline.info: A new remote access trojan (RAT) has emerged, and it’s armed with advanced techniques to evade detection. Morphisec The post appeared first on .
  • Blog: New ResolverRAT sniffs around healthcare & pharmaceutical organizations
Dissent@DataBreaches.Net //

Oracle Health Breach Compromises Patient Data - A data breach at Oracle Health has reportedly compromised patient data at multiple U.S. healthcare organizations and hospitals involving stolen data from legacy servers.
A data breach at Oracle Health has impacted multiple healthcare organizations and hospitals across the United States. The breach involved a threat actor gaining unauthorized access to legacy servers and stealing patient data. The incident, which occurred on February 20, 2025, was initially discovered by Oracle Health, formerly known as Cerner, but has only recently been publicly disclosed by BleepingComputer on March 28, 2025, after Oracle Health failed to respond to requests for comments.

The compromised data includes sensitive information from electronic health records, single sign-on credentials, Lightweight Directory Access Protocol passwords, OAuth2 keys, and tenant data. It is believed that the breach was facilitated through the use of compromised customer credentials, aligning with known attack techniques. The implications for healthcare organizations are substantial, particularly concerning compliance with HIPAA regulations, and could lead to legal repercussions and financial penalties for affected entities.

Oracle Health is facing criticism for its lack of transparency regarding the incident. The company is reportedly telling hospitals that they will not notify patients directly, placing the responsibility on them to determine if the stolen data violates HIPPA laws. However, Oracle Health has committed to assisting in identifying impacted individuals and providing notification templates to help with notifications.

Recommended read:
References :
  • bsky.app: Oracle Health breach compromises patient data at US hospitals
  • BleepingComputer: A breach at Oracle Health impacts multiple U.S. healthcare organizations and hospitals after patient data was stolen from legacy servers.
  • Rescana: Executive Summary: The Oracle Health data breach significantly impacted multiple US healthcare organizations and hospitals by...
  • DataBreaches.Net: Oracle Health breach compromises patient data at US hospitals
  • The DefendOps Diaries: The Oracle Health breach highlights urgent need for healthcare IT modernization to protect patient data and comply with regulations.
  • Lobsters: Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid.
  • bsky.app: A breach at Oracle Health impacts multiple U.S. healthcare organizations and hospitals after patient data was stolen from legacy servers.
  • DataBreaches.Net: Oracle customers confirm data stolen in alleged cloud breach is valid
  • BleepingComputer: A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers.
  • SecureWorld News: Alleged Oracle Cloud Breach Triggers Industry Scrutiny, Supply Chain Concerns
  • BleepingComputer: A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers. This is not related to the alleged Oracle Cloud breach.
  • aboutdfir.com: Oracle customers confirm data stolen in alleged cloud breach is valid Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid.
  • www.cybersecuritydive.com: Cybersecurity firms brace for impact of potential Oracle Cloud breach
  • Rescana: The Oracle Cloud breach resulted in the unauthorized access and alleged theft of 6 million records from Oracle's SSO and LDAP services,...
  • bsky.app: A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers. This is not related to the alleged Oracle Cloud breach.
  • Risky Business Media: Oracle’s Health Tech division gets hacked and its customers extorted, the Italian government admits it used Paragon to spy on an NGO, a WordPress feature is being abused to silently install malicious plugins, and the Dutch public prosecutor pulls systems offline after a cyber incident.
  • DataBreaches.Net: Oracle attempt to hide serious cybersecurity incident from customers in Oracle SaaS service
  • techxplore.com: Oracle warns health customers of patient data breach
  • www.healthcareitnews.com: Oracle Health customers notified of data compromise, reports say
  • Techzine Global: Hackers have gained access to Oracle’s computer systems. They stole patient data to extort money from several American healthcare providers, as evident from a message that the company sent to its customers. The FBI has launched an investigation.
  • aboutdfir.com: Infosec News Nuggets: Oracle Health breach compromises patient data.
  • hackread.com: Oracle Hit with Lawsuit Over Alleged Cloud Breach Affecting Millions
  • : Oracle Cloud security SNAFU latest: IT giant accused of pedantry as evidence scrubbed
  • techcrunch.com: Oracle has denied at least one breach, despite evidence to the contrary, as it begins notifying healthcare customers of a separate patient data breach.
  • www.csoonline.com: Oracle warns customers of health data breach amid public denial
  • The420.in: Oracle has informed customers of a second cybersecurity breach in recent weeks, involving the theft of older client login credentials. The incident, which is under investigation by the FBI and cybersecurity firm CrowdStrike, marks another challenge for the tech giant’s cloud infrastructure security.
Sam Bent@Sam Bent //

Hellcat Group Exploits Jira to Hit Ascom - The Hellcat ransomware group claimed responsibility for a cyberattack on Ascom, a Swiss global solutions provider, exploiting Jira server vulnerabilities to access the company’s IT infrastructure and steal data.
Ascom, a Swiss global solutions provider specializing in healthcare and enterprise communication systems, has confirmed a cyberattack on its IT infrastructure. The attack, suspected to be carried out by the Hellcat group, exploited vulnerabilities in Jira servers. The company revealed that hackers breached its technical ticketing system.

The Hellcat group claimed responsibility, stating they stole approximately 44GB of data potentially impacting all of Ascom's divisions. Hellcat hackers are known for using compromised credentials to infiltrate Jira systems, leading to data breaches in multiple organizations. Security experts advise implementing multi-factor authentication, regular security audits, prompt patching, and employee training to mitigate such attacks.

Recommended read:
References :

Posts

Blogs

Research Tools