Archive for April 24, 2025

North Korean APT Group Created 3 Front Companies to Spread Malware to Crypto Job Applicants

Posted in Commentary with tags on April 24, 2025 by itnerd

Today, Silent Push released that its threat analysts have uncovered three cryptocurrency companies that are actually fronts for the North Korean APT group Contagious Interview: BlockNovas LLC, Angeloper Agency, and SoftGlide LLC.

Silent Push’s malware analysts confirmed that three strains, BeaverTail, InvisibleFerret, and OtterCookie, are being used to spread malware via “interview malware lures” to unsuspecting cryptocurrency job applicants.

The threat actor heavily uses AI-generated images to create profiles of “employees” for the three front crypto companies. As part of the crypto attacks, the threat actors are heavily using Github, job listing, and freelancer websites.

This is now live at https://www.silentpush.com/blog/contagious-interview-front-companies/

Leave a comment »

Millions Of Patients Affected by Data Breach at Yale New Haven Health

Posted in Commentary with tags on April 24, 2025 by itnerd

Yale New Haven Health System (YNHHS), which operates several hospitals in Connecticut, recently disclosed a data breach impacting the personal information of millions of patients:

On March 8, 2025, YNHHS identified unusual activity affecting our IT systems. We immediately took steps to contain the incident and began an investigation with support from external cybersecurity experts, and we also reported the incident to law enforcement. At no point did the incident impact our ability to provide patient care.

Our investigation has now determined that an unauthorized third-party gained access to our network and, on March 8, 2025, obtained copies of certain data. The information involved varies by patient, but may include demographic information (such as name, date of birth, address, telephone number, email address, race or ethnicity), Social Security number, patient type, and/or medical record number. YNHHS’ electronic medical record system was not involved nor accessed in this incident, and no financial accounts, payment information or employee HR information was included.

We have begun the process of mailing letters to patients whose information was involved in this incident and providing appropriate resources, including offering complimentary credit monitoring and identity protection services to individuals whose Social Security number was involved. Patients are also encouraged to review statements they receive from their healthcare providers and immediately report any inaccuracies to the provider.

Commenting on this news is James McQuiggan, Security Awareness Advocate at KnowBe4:

“With this attack, not having any group come forward is unusual, as these groups thrive on recognition. They post leaks, demand ransoms, or even taunt organizations publicly. So, when silence follows a breach, it could be for a longer-term operation.”

“Data being exfiltrated could be used for a long-term scenario of identity theft, medical fraud, or perhaps resale on private dark markets. The attackers may also want to stay under the radar.”

“If a person’s sensitive data becomes exposed, they should quickly protect their identity and credit. Consider freezing credit to block identity fraud and monitor medical records for suspicious activity.”

“Change passwords for healthcare portals and stay alert for phishing attempts using their details. Don’t wait for official alerts. Just assume their data is exposed and protect their data and accounts adequately.”

“Like so many others, this breach isn’t just about stolen data. It’s about the lost trust between people, and the systems meant to protect their most personal information. Until security is treated as a shared responsibility by leadership, vendors, and every employee in the chain, these incidents and conversations will continue, and victims will keep paying the price.”

It’s only Thursday, but it truly feels like this week is full of ransomware attacks. That’s incredibly bad. And it illustrates that we all need to do better to stop the madness.

Leave a comment »

A Deep Dive into Behavioral Biometrics Authentication – Are these methods more secure than passwords?

Posted in Commentary with tags on April 24, 2025 by itnerd

Most people are pretty familiar with biometrics at this point. You scan your thumbprint, iris, or face as a way of identifying yourself and accessing a device or application. It’s a simple but effective way to add an extra security factor on top of a password or one-time passcode. But what if we could go a step further and identify someone through their behavior? 

This week, Specops Software published an analysis on behavioral biometric authentication methods as well as their security efficacy in comparison to a more traditional method — passwords. 

The analysis looks at common types of biometrics, recent innovations to this technology, and the advantages of biometrics for end users and organizations alike. The piece also dives into how hackers might exploit behavioral biometrics and whether these are more secure than passwords, and how. 

The full report can be read here: https://specopssoft.com/blog/behavioral-biometrics-authentication-passwords/

Leave a comment »

Interlock claims attack on kidney dialysis company DaVita – 1.5 TB of data stolen

Posted in Commentary with tags on April 24, 2025 by itnerd

Comparitech has reported that the ransomware gang Interlock today claimed the cyberattack on kidney dialysis company DaVita last week where 1.5 TB of data was stolen. 

In a blog post reporting this news, Rebecca Moody, Head of Data Research at Comparitech, wrote:

“Interlock first began adding victims to its data leak site in October 2024. As with most ransomware gangs today, it seeks a ransom payment for the decryption of systems and the deletion of stolen data.”

“Since October 2024, we’ve tracked 13 confirmed attacks via this group and a further 13 unconfirmed attacks that haven’t been acknowledged by the organizations in question.”

“2025 has already seen 17 confirmed attacks on US healthcare companies, as well as a further 80 unconfirmed.”

“As we are seeing with DaVita, ransomware attacks on healthcare companies have the potential for widespread disruption. Not only can patient care be affected when systems are encrypted, but these attacks often have ongoing consequences when data is stolen by hackers. In 2024 alone, nearly 25.7 million individual records were breached across 160 ransomware attacks on US healthcare providers.”

 James McQuiggan, Security Awareness Advocate at KnowBe4 had this comment:

“Sadly, it’s another ransomware case, another data leak. The mechanics haven’t changed much: initial access, privilege escalation, exfiltration, extortion. Rinse. Lather. Repeat. What’s still missing in many organizations is the alignment across people, processes, and technology. Cybercriminals rely on simple vectors like phishing or weak external access with unpatched systems or credential stuffing.”

“Cybercriminals will steal data before encrypting it, so preventative measures must include outbound traffic monitoring and to consider controls to limit data movement. Good backups help recovery but don’t neutralize extortion. Organizations need plans for data leaks, not just complete data loss. Cybersecurity teams need tested response plans for encryption and extortion; if not, you’re unprepared for an attack. Coordinate with legal, comms, IT, and incident response teams before it’s public.”

“Technology alone can’t solve the human risk aspect. Reduce risk by building a strong security culture where security habits are reinforced, measured, and modeled from the top. Ensure cybersecurity teams coordinate across executives, IT, compliance, legal, and communications to reduce the opportunity for a cybercriminal to have the upper hand.”

I am truly afraid that ransomware attacks are out of control at this point. This is scary as nobody is safe. This is not a good place to be in. Something needs to change on this front and fast.

Leave a comment »

PII and Patient Info Exposed in Health Data Breach

Posted in Commentary with tags on April 24, 2025 by itnerd

A data breach involving Atrium Health, a North Carolina-based network of hospitals, clinics, and specialty centers across the Southeast was discovered and reported to Website Planet by cybersecurity researcher Jeremiah Fowler.

What happened:

A non-password-protected database containing 21,344 records with a total size of 6.99 GB was publicly exposed. The leak contains Patient PII, insurance coverage details, emergency contacts, names of medical staff, patient medical history and more.

Why it matters:

Exposing this kind of detailed medical records could potentially lead to identity theft, insurance fraud, or social engineering campaigns to obtain additional personal or financial information. Unauthorized access to a patient’s medical history could provide cybercriminals with enough information to attempt a wide range of fraudulent activities.

Read the report here: https://www.websiteplanet.com/news/atriumhealth-report-breach/

Leave a comment »

iOS app meant for privacy exposes private texts and more

Posted in Commentary with tags on April 24, 2025 by itnerd

The Cybernews research team has uncovered a severe data leak affecting a popular iOS app, Second Phone Number, which has been downloaded nearly 4 million times – over 3 million in the US alone. Marketed as a solution for “private calls and texts,” the app has instead exposed exactly what it promises to protect.

In our latest investigation, we found that a misconfigured Firebase instance has been leaking user messages, media as well as sender and recipient details.

This leak opens the door to identity theft, blackmail, and fraud. Some users employed the app for business or dating. Others sought anonymity for deeply personal reasons. In either case, their data is now vulnerable to cybercriminals who can scrape Firebase in real-time for new data.

Here’s why this story matters:

  • It’s a systemic problem. This discovery is part of the large-scale research of 156,000 iOS apps. We found that 71% leak at least one sensitive secret.
  • Users trust the App Store. Apple’s ecosystem is perceived as safe. This story challenges that perception.
  • The implications are serious. Leaked messages could be used to impersonate, harass, or blackmail users. Developers could lose access to paid services due to leaked API keys.

Despite multiple outreach attempts, the app’s creators have not secured the database. This is an ongoing and active leak – users are still at risk.

Please find the full report here

Leave a comment »

EDR Killers: What They Are, Why They Matter, and How Organizations Can Stay Protected 

Posted in Commentary with tags on April 24, 2025 by itnerd

ESET is warning organizations to stay alert as “EDR killers” – tools designed to disable Endpoint Detection and Response (EDR) solutions- grow more accessible and more widely used by ransomware affiliates. While not a new threat, these tools are becoming easier to deploy, making them relevant for enterprises and mid-sized organizations alike. 

An EDR killer works by disabling or impairing EDR agents on compromised machines, blinding defenders and paving the way for attackers to move stealthily and deliver malicious payloads. These tools are typically deployed after initial access has already been achieved, a process that itself should set off multiple alarms in a well-defended environment. 

Once used only by highly skilled threat actors, EDR killers are now distributed by ransomware-as-a-service (RaaS) operators like RansomHub, lowering the technical bar for attackers. Variants range from basic script-based tools to more advanced versions that exploit vulnerable drivers or repurpose legitimate software, like rootkit removal tools, to disable security systems. 

Despite these developments, ESET stresses that EDR killers aren’t cause for panic, but they are a reminder of the importance of strong, layered security. Organizations with solid defences, good detection practices, and well-trained staff remain in a strong position to detect and disrupt these tools before they cause severe damage. 

ESET recommends the following best practices to reduce exposure: 

  • Use a hardened, updated EDR solution: Leading tools already detect many known EDR killer behaviours. 
  • Restrict user permissions: Prevent users without admin rights from modifying or disabling security controls. 
  • Monitor for suspicious downloads and file transfers: Watch for scripts, drivers, or tools commonly used in these attacks. 
  • Block Potentially Unsafe Applications (PUSA): Review app control policies to minimize exposure to misused software. 
  • Invest in staff training: Phishing awareness and safe file handling are still your first line of defence. 

The rise of EDR killers reflects an evolving cybercrime landscape, where increasingly advanced tools are being commercialized and shared. As attackers adapt their tactics, defenders must do the same. A resilient, multi-layered approach, backed by regular reviews and user education, remains the best strategy for staying ahead. 

ESET continues to track the development of EDR killer tools and their use in real-world attacks. For further insights and technical analysis, visit ESET’s threat research blog, WeLiveSecurity

Leave a comment »

Digital Dexterity Crisis Threatens to Derail AI Transformation

Posted in Commentary with tags on April 24, 2025 by itnerd

Nexthink today announced new research exploring the challenges IT leaders face in preparing for the next wave of AI-driven digital transformation. Most IT leaders (92%) believe this new era of digital transformation will increase digital friction and less than half (47%) of employees have the requisite digital dexterity to adapt to technological changes. A further 88% expect workers to be daunted by new technologies such as Generative AI.

The Science of Productivity: AI, Adoption, And Employee Experience report details the findings of a survey of 1,100 global IT decision makers, with 95% of IT leaders saying the upcoming wave of AI-powered digital transformation will be the most impactful and intensive seen thus far. 

But with IT spend set to reach $5.61 trillion in 2025, and $644 billion on Generative AI alone, it is clear that solving digital friction and improving the employee experience must become a priority, or risk undermining the impact of investments. Yet despite this, 42% of IT leaders admit they struggle to put exact monetary value on AI investments, while 93% want to improve their ability to identify underperforming investments. 

The pace of change is relentless

IT leaders anticipate a 43% rise in the volume of applications being used over the next three years. In fact, 66% report that their organization rolls out a new application, tool, or platform every month. But this rapid expansion is stretching IT teams to breaking point, with 69% admitting there are too many users in the organization for IT to provide adequate adoption support for everyone. Without proper guidance, application rollouts suffer, leading to lower productivity (61%), reduced collaboration (51%), increased IT support tickets (46%), and higher employee dissatisfaction (46%).

To keep up with this accelerating change, IT leaders are clear on the need to improve digital dexterity across the workforce. 96% want to enhance their ability to accurately identify users’ digital friction, which would significantly strengthen digital transformation efforts. With AI reshaping the way people work, 96% say they need to enhance digital adoption support to help employees adapt to AI, with 95% highlighting that tailored digital employee experience (DEX) insights are more essential than ever. The impact of improving digital dexterity is clear: faster adoption of new tools (46%), higher productivity (38%), and enhanced innovation (37%).

To read the full report or to find out more about the new era of AI-powered digital transformation, click here.

Leave a comment »

Wallarm Unveils Findings from Q1 2025 API Threat Report, Uncovering Evolving API Threats Across Multiple Industries

Posted in Commentary with tags on April 24, 2025 by itnerd

Wallarm today announced the findings of The Rise of Agentic AI, the API ThreatStats report for Q1 2025. The report found that evolving API threats are fueled by the rise of agentic AI systems, growing complexity in cloud-native infrastructure, and a surge in software supply chain risks, and uncovered patterns and actionable insights to help organizations prioritize risks and harden their defenses.

While APIs are central to all Agentic workflows, cybersecurity standards such as CVE and CISA KEV are trailing indicators of API and overall security risks presented by Agentic AI. In order to gain insights into current and future trends, Wallarm researchers took a deep dive into GitHub security issues for Agentic repositories. Of the approximate 4,700 security issues analyzed in Agentic AI projects, they found that half were API-related (49%), underscoring the inseparability of agent and API security.

The report also analyzed API breaches that occurred in Q1 2025. No industry was immune, as highlighted by breaches impacting organizations such as Oracle Cloud, DeepSeek, CommonCrawl, Volkswagen, National Health Service (NHS) UK, Microsoft, BeyondTrust, and OmniGPT.

Key findings include:

  • Nearly half of all security issues in Agentic AI repositories (49%) are API-related and over 1,000 issues remain unaddressed.
  • 22% of reported security issues remain open, with some lingering for 1,200-plus days, highlighting a critical gap between vulnerability discovery and remediation.
  • The top five API breaches span cloud, AI, automotive, and healthcare, underscoring industry-wide concerns and urgent relevance to cybersecurity worldwide.
  • With 60% of top vulnerabilities found to be access control-related, access control remains prevalent across APIs.

APIs are not just part of the attack surface — they are the attack surface. From legacy system exposures to AI-native risks, attackers are increasingly targeting APIs as both the entry point and objective. In order to protect themselves from these threats, organizations need to take proactive measures to ensure existing threat models account for the current environment and prioritize API security by updating API threat models and security workflows, creating Agentic AI security strategies, implementing real-time monitoring of API traffic, and updating both threat intelligence and API discovery methodology.

To download the full Q1 2025 API Threat Report, visit http://www.wallarm.com/press-releases/wallarm-unveils-findings-from-q1-2025-api-threat-report-uncovering-evolving-api-threats-across-multiple-industries

Leave a comment »