Svoboda Cybersecurity Brief April 25, 2025
Apr 25, 2025Former Disney Employee Sentenced for Menu Hacking
A former Disney World employee, Michael Scheuer, was sentenced to 3 years in prison for hacking restaurant menus, altering allergen information, and launching denial-of-service attacks. The breaches posed serious health risks to diners and caused $687,776 in damages.
Source: DataBreaches.net
Yale New Haven Health Breach Exposes 5.5M Patients
Yale New Haven Health disclosed a cyberattack affecting 5.5 million patients, exposing names, SSNs, and medical record numbers. No ransomware group has claimed responsibility, but lawsuits are anticipated.
Source: BleepingComputer
Frederick Health Ransomware Attack Impacts 934K Patients
A January ransomware attack on Frederick Health compromised 934,326 patient records, including SSNs and clinical data. The healthcare provider has not confirmed whether a ransom was paid.
Source: BleepingComputer
Blue Shield of California Exposes 4.7M Records via Google Analytics
Blue Shield of California inadvertently shared 4.7 million patient records with Google Ads due to misconfigured analytics tracking from 2021–2024. The exposed data included protected health information (PHI).
Source: The Record
Lazarus Group Targets South Korean Firms with Exploits
North Korea’s Lazarus group breached six South Korean companies using exploits in Cross EX and Innorix Agent software. The campaign, dubbed Operation SyncHole, deployed backdoors like ThreatNeedle and Copperhedge.
Impact: Lateral movement and data exfiltration.
Mitigation: Patch Cross EX and Innorix Agent to latest versions.
Source: BleepingComputer
Interlock Ransomware Leaks DaVita Patient Data
The Interlock ransomware gang leaked 1.5TB of data from DaVita, including patient records and financial details. The attack, claimed on April 24, follows DaVita’s earlier disclosure of a ransomware incident.
Source: BleepingComputer
Russian Hackers Abuse OAuth 2.0 to Hijack Microsoft 365 Accounts
Russian threat actors UTA0352 and UTA0355 exploited OAuth 2.0 workflows to steal Microsoft 365 credentials via phishing links. Victims were tricked into sharing authorization codes through Visual Studio Code impersonation.
Impact: Unauthorized access to sensitive emails and data.
Mitigation: Block insiders.vscode.dev and enforce conditional access policies.
Source: BleepingComputer
Atrium Health Exposes PHI via Unsecured FTP Database
An unsecured FTP database linked to Atrium Health exposed 21,344 records of billing and compliance reports. Researcher Jeremiah Fowler discovered the leak, which was secured the same day.
Source: DataBreaches.net
County Auditor Ordered to Repay $80K After Cyberattack
Trumbull County Auditor Martha Yoder was ordered to repay $80,857 after tax funds were wired to a fraudulent account due to a phishing attack. The court ruled the auditor failed to verify the transfer request.
Source: WKBN
ICBC Privacy Breach Leads to Shootings and Arson
A 2011 insider breach at ICBC resulted in 13 victims having homes or vehicles targeted by arson/shootings. The court upheld $15,000 damages per plaintiff for privacy violations, rejecting ICBC’s appeal.
Source: Vancouver is Awesome
Linux io_uring Vulnerability Enables Stealthy Rootkits
A security blindspot in Linux’s io_uring subsystem allows rootkits to bypass system-call monitoring. Proof-of-concept code demonstrates evasion of threat detection tools.
Impact: Persistent stealth attacks on Linux systems.
Mitigation: Monitor io_uring activity and apply kernel updates.
Source: BleepingComputer
HHS Settles Phishing Attack Case for $600K
PIH Health agreed to a $600,000 settlement with HHS after a 2019 phishing attack exposed 189,763 patient records. OCR cited failures in risk analysis and breach notification.
Source: HHS
DOGE Sued for FOIA and Record-Keeping Violations
The Department of Government Efficiency (DOGE) faces a lawsuit for allegedly destroying records on platforms like Signal and Google Docs, violating FOIA and Federal Records Act requirements.
Source: Bloomberg Law
Share this brief: https://svo.bz/swvW