Risky Bulletin: Oracle's healthtech division hacked, customers extorted

Summary

Risky Bulletin: Oracle's Healthtech Division Hacked, Customers Extorted

Released on March 31, 2025 by risky.biz

1. Oracle's Healthtech Division Compromised

Overview:
Oracle faced a significant cybersecurity breach in late January 2025, targeting its health technology division. Hackers successfully infiltrated the system, stealing sensitive medical data and subsequently extorting U.S. medical providers. This incident marks the second suspected breach for Oracle within a short span, following a separate attack on the company's cloud services earlier in the month.

Key Points:

Data Theft and Extortion: Attackers accessed and exfiltrated critical medical information, leveraging it to demand ransom from affected U.S. medical institutions.
Lack of SEC Reporting: Notably, Oracle has not disclosed these breaches to the Securities and Exchange Commission (SEC), raising concerns about transparency and regulatory compliance.
Previous Breach: A different hacking group previously claimed responsibility for compromising Oracle's cloud services, highlighting ongoing vulnerabilities.

Notable Quote:

"[00:04] Claire Aird: 'Oracle has not reported any of the breaches to the sec.'"

2. Italian Government Admits Use of Spyware on NGOs

Overview:
The Italian government has officially acknowledged deploying spyware against members of a non-governmental organization (NGO) dedicated to protecting refugees crossing the Mediterranean. This admission follows revelations in January after Meta alerted activists about targeted surveillance.

Key Points:

Spyware Utilization: The government employed Paragon spyware to monitor NGO activities, citing national security concerns as justification.
Shift in Surveillance Providers: After Israeli company Paragon terminated Italy's access to its Graphite spyware, the government contracted NEG, a local firm, to supply similar surveillance tools. NEG's "vbis" platform has previously been identified in operations within Italy, Malaysia, and Kazakhstan.
Political Implications: High-ranking intelligence officials testified before a parliamentary committee, explaining the necessity of such surveillance measures.

Notable Quote:

"[00:04] Claire Aird: 'Italian officials initially denied the hacks, which came to light in January when Meta warned some activists they'd been targeted.'"

3. Exploitation of WordPress Features by Hackers

Overview:
Cybercriminals are exploiting a lesser-known feature of WordPress to clandestinely install malicious plugins on websites. This tactic involves abuse of the "must-use plugins" feature, originally intended for web hosting companies to enforce essential plugins on user sites.

Key Points:

Malicious Installation: Hackers leverage this feature to deploy malware without the website administrators' knowledge, posing significant security risks.
Timeline of Abuse: According to GoDaddy's Sucuri team, this exploitation has been ongoing since February 2025.
Impact on Web Security: The misuse undermines the integrity of WordPress sites, making them vulnerable to further attacks and data breaches.

Notable Quote:

"[00:04] Claire Aird: 'GoDaddy's Sucuri team says the feature has been abused since February.'"

4. Dutch Public Prosecutor Service Suffers Cyber Incident

Overview:
The Dutch public prosecution service experienced a cybersecurity incident on Friday, leading to the temporary shutdown of its IT systems. In response, the agency activated its crisis management team to address the breach.

Key Points:

System Downtime: The cyber incident rendered the agency's systems offline, disrupting communication channels with the police and judiciary.
Operational Impact: Staff were informed that ongoing issues would hinder their ability to perform standard communication and coordination tasks essential for legal proceedings.
Response Measures: Immediate activation of crisis protocols aimed to contain the breach and restore normal operations as swiftly as possible.

Notable Quote:

"[00:04] Claire Aird: 'The agency has activated its crisis management team.'"

5. T-Mobile to Distribute Settlement from 2021 Data Breach

Overview:
T-Mobile has announced plans to compensate users affected by its 2021 data breach. The telecommunications giant will commence the distribution of $350 million from a class action settlement in April 2025.

Key Points:

Eligibility and Payouts: Over 76 million customers qualify for payments ranging between $25 and $25,000, depending on the extent of their data exposure.
Breach Details: The 2021 incident compromised personal information of millions, prompting the class action lawsuit and subsequent settlement.
Impact on Consumers: This settlement aims to mitigate the consequences faced by users due to unauthorized access to their personal data.

Notable Quote:

"[00:04] Claire Aird: 'More than 76 million customers are eligible for payments of between $25 and $25,000.'"

6. US Indicts Canadian for Hacking Texas Republican Party

Overview:
The U.S. Justice Department has formally charged a Canadian national, Aubrey Cottle, for unauthorized access and theft of data from the Texas Republican Party’s web server in 2021.

Key Points:

Method of Operation: Cottle allegedly hacked into the party's web server, extracting files containing personal information of party members.
Identification and Arrest: The suspect was identified after he publicly claimed responsibility for the hack on social media, leading to his arrest in Canada and the retrieval of stolen data from his devices.
Legal Proceedings: This indictment underscores ongoing efforts to combat foreign interference and cyberattacks targeting political entities.

Notable Quote:

"[00:04] Claire Aird: 'Cottle was arrested in Canada last week and police found the stolen data on his devices.'"

7. Apple Enhances macOS Security with New Logging Feature

Overview:
Apple is set to introduce a novel logging feature in macOS aimed at bolstering malware detection and prevention. This enhancement is part of the Transparency, Consent, and Control (TCC) framework.

Key Points:

Functionality: The new TCC event logging will enable security products to trace malware infections back to their sources and bolster real-time detection of suspicious data access requests.
User Consent: TCC already requires apps to obtain user consent before accessing sensitive data like files and passwords; the logging feature extends these capabilities.
Security Implications: This addition is expected to improve the effectiveness of security solutions in identifying and mitigating malware threats on macOS systems.

Notable Quote:

"[00:04] Claire Aird: 'The new TCC event logging feature will allow security products to trace back malware infections to their source.'"

8. Emergence of Crocodylus: A New Android Banking Trojan

Overview:
Mobile security firm ThreatFabric has identified a new Android banking trojan named Crocodylus. This malware is designed for overlay and phishing attacks, keylogging, and enabling remote access and control.

Key Points:

Target Regions and Services: Crocodylus primarily targets bank accounts in Spain and Turkey, along with popular cryptocurrency services, exploiting users' financial information.
Capabilities: The trojan facilitates various malicious activities, including stealing login credentials and enabling attackers to remotely manipulate infected devices.
Threat Level: The emergence of Crocodylus represents a significant threat to mobile banking security, necessitating enhanced vigilance and protective measures.

Notable Quote:

"[00:04] Claire Aird: 'The Crocodylus malware can be used for overlay, phishing attacks, keylogging, and for remote access and remote control operations.'"

9. European Union Allocates €1.3 Billion for Cybersecurity and AI

Overview:
The European Union has pledged a substantial investment of €1.3 billion over three years to bolster local artificial intelligence (AI), cybersecurity, and digital independence. These funds are channeled through the Digital Europe Program.

Key Points:

Funding Objectives: The investment aims to support businesses, citizens, and public administrations in adopting and developing secure digital technologies.
Strategic Importance: This initiative aligns with the EU's strategy to reduce reliance on non-European tech services and enhance its own technological sovereignty.
Business Coalition Influence: Earlier advocacy by European businesses emphasized the necessity for the EU to invest in homegrown alternatives to U.S.-based tech solutions.

Notable Quote:

"[00:04] Claire Aird: 'The funds will be available through the Digital Europe Program, an EU fund designed to bring digital technology to businesses, citizens and public administrations.'"

10. U.S. President Issues Executive Order on Federal Unions

Overview:
President Donald Trump has signed an executive order directing federal agencies to terminate collective bargaining agreements with unions. The administration asserts that federal unions impede national security and intelligence operations.

Key Points:

Scope of the Order: The directive applies to 18 federal agencies, including the Department of Defense (DOD), Department of Homeland Security (DHS), and the Cybersecurity and Infrastructure Security Agency (CISA).
Government Response: Union leaders have condemned the executive order, labeling it unlawful and an assault on the civil service.
Implications for Federal Workers: The termination of these agreements could significantly alter labor relations and employee protections within federal agencies.

Notable Quote:

"[00:04] Claire Aird: 'Federal unions damage and hinder national security, intelligence and counter intelligence work.'"

11. Security Researchers Identify Backdoor in Unitree's Robot Dogs

Overview:
Researchers have discovered a vulnerability in the firmware of robot dogs produced by Chinese robotics company Unitree. The flaw involves the CloudSail network tunneling system, which can be exploited to gain unauthorized remote control of the robots.

Key Points:

Nature of the Backdoor: Attackers possessing Unitree's CloudSail API key could use SSH with a default password to remotely pilot the robot dogs and access their cameras.
Company Response: Unitree has revoked the compromised API key to prevent further exploitation.
User Advisory: Owners of Unitree robot dogs are advised to uninstall the CloudSail service to ensure their devices remain secure.

Notable Quote:

"[00:04] Claire Aird: 'Attackers with Unitree's Cloud Sail API key could SSH into the robots with the default password.'"

12. TikTok Removes Network of Ukrainian Accounts Targeting Multiple Countries

Overview:
TikTok has dismantled a network comprising over 28,000 Ukrainian accounts that were strategically targeting audiences in Russia, Georgia, Croatia, and Belarus. These accounts aimed to influence public opinion and incite unrest.

Key Points:

Objectives of the Network: The malicious accounts were designed to undermine support for pro-Kremlin political figures, provoke anti-government protests, and incite ethnic hatred.
Use of AI Tools: The network utilized generative AI for creating profile avatars, enhancing the realism and scalability of the fake accounts.
Reach and Influence: Collectively, the network amassed more than 300,000 followers, amplifying its potential impact on targeted communities.

Notable Quote:

"[00:04] Claire Aird: 'The company said the accounts were created to undermine support for pro Kremlin political figures, stoke anti government protests and incite ethnic hatred.'"

Conclusion
The March 31, 2025 episode of Risky Bulletin, hosted by Claire Aird, provided a comprehensive overview of the latest cybersecurity threats and developments. From significant breaches at major corporations like Oracle to governmental misuse of spyware and the emergence of sophisticated malware, the bulletin underscored the evolving landscape of cyber threats. Additionally, it highlighted responses from tech giants, governmental bodies, and international organizations aiming to bolster digital security and integrity.

Notable Quote from Conclusion:

"[00:04] Claire Aird: 'And that is all for this podcast edition.'"

This summary was prepared based on the transcript of the Risky Bulletin podcast episode and is intended to provide an informative overview for those who have not listened to the original broadcast.

Summary

Risky Bulletin: Oracle's Healthtech Division Hacked, Customers Extorted

Released on March 31, 2025 by risky.biz

1. Oracle's Healthtech Division Compromised

Key Points:

Data Theft and Extortion: Attackers accessed and exfiltrated critical medical information, leveraging it to demand ransom from affected U.S. medical institutions.
Lack of SEC Reporting: Notably, Oracle has not disclosed these breaches to the Securities and Exchange Commission (SEC), raising concerns about transparency and regulatory compliance.
Previous Breach: A different hacking group previously claimed responsibility for compromising Oracle's cloud services, highlighting ongoing vulnerabilities.

Notable Quote:

"[00:04] Claire Aird: 'Oracle has not reported any of the breaches to the sec.'"

2. Italian Government Admits Use of Spyware on NGOs

Key Points:

Spyware Utilization: The government employed Paragon spyware to monitor NGO activities, citing national security concerns as justification.
Shift in Surveillance Providers: After Israeli company Paragon terminated Italy's access to its Graphite spyware, the government contracted NEG, a local firm, to supply similar surveillance tools. NEG's "vbis" platform has previously been identified in operations within Italy, Malaysia, and Kazakhstan.
Political Implications: High-ranking intelligence officials testified before a parliamentary committee, explaining the necessity of such surveillance measures.

Notable Quote:

"[00:04] Claire Aird: 'Italian officials initially denied the hacks, which came to light in January when Meta warned some activists they'd been targeted.'"

3. Exploitation of WordPress Features by Hackers

Key Points:

Malicious Installation: Hackers leverage this feature to deploy malware without the website administrators' knowledge, posing significant security risks.
Timeline of Abuse: According to GoDaddy's Sucuri team, this exploitation has been ongoing since February 2025.
Impact on Web Security: The misuse undermines the integrity of WordPress sites, making them vulnerable to further attacks and data breaches.

Notable Quote:

"[00:04] Claire Aird: 'GoDaddy's Sucuri team says the feature has been abused since February.'"

4. Dutch Public Prosecutor Service Suffers Cyber Incident

Key Points:

System Downtime: The cyber incident rendered the agency's systems offline, disrupting communication channels with the police and judiciary.
Operational Impact: Staff were informed that ongoing issues would hinder their ability to perform standard communication and coordination tasks essential for legal proceedings.
Response Measures: Immediate activation of crisis protocols aimed to contain the breach and restore normal operations as swiftly as possible.

Notable Quote:

"[00:04] Claire Aird: 'The agency has activated its crisis management team.'"

5. T-Mobile to Distribute Settlement from 2021 Data Breach

Key Points:

Eligibility and Payouts: Over 76 million customers qualify for payments ranging between $25 and $25,000, depending on the extent of their data exposure.
Breach Details: The 2021 incident compromised personal information of millions, prompting the class action lawsuit and subsequent settlement.
Impact on Consumers: This settlement aims to mitigate the consequences faced by users due to unauthorized access to their personal data.

Notable Quote:

"[00:04] Claire Aird: 'More than 76 million customers are eligible for payments of between $25 and $25,000.'"

6. US Indicts Canadian for Hacking Texas Republican Party

Overview:
The U.S. Justice Department has formally charged a Canadian national, Aubrey Cottle, for unauthorized access and theft of data from the Texas Republican Party’s web server in 2021.

Key Points:

Method of Operation: Cottle allegedly hacked into the party's web server, extracting files containing personal information of party members.
Identification and Arrest: The suspect was identified after he publicly claimed responsibility for the hack on social media, leading to his arrest in Canada and the retrieval of stolen data from his devices.
Legal Proceedings: This indictment underscores ongoing efforts to combat foreign interference and cyberattacks targeting political entities.

Notable Quote:

"[00:04] Claire Aird: 'Cottle was arrested in Canada last week and police found the stolen data on his devices.'"

7. Apple Enhances macOS Security with New Logging Feature

Key Points:

Functionality: The new TCC event logging will enable security products to trace malware infections back to their sources and bolster real-time detection of suspicious data access requests.
User Consent: TCC already requires apps to obtain user consent before accessing sensitive data like files and passwords; the logging feature extends these capabilities.
Security Implications: This addition is expected to improve the effectiveness of security solutions in identifying and mitigating malware threats on macOS systems.

Notable Quote:

"[00:04] Claire Aird: 'The new TCC event logging feature will allow security products to trace back malware infections to their source.'"

8. Emergence of Crocodylus: A New Android Banking Trojan

Key Points:

Target Regions and Services: Crocodylus primarily targets bank accounts in Spain and Turkey, along with popular cryptocurrency services, exploiting users' financial information.
Capabilities: The trojan facilitates various malicious activities, including stealing login credentials and enabling attackers to remotely manipulate infected devices.
Threat Level: The emergence of Crocodylus represents a significant threat to mobile banking security, necessitating enhanced vigilance and protective measures.

Notable Quote:

"[00:04] Claire Aird: 'The Crocodylus malware can be used for overlay, phishing attacks, keylogging, and for remote access and remote control operations.'"

9. European Union Allocates €1.3 Billion for Cybersecurity and AI

Key Points:

Funding Objectives: The investment aims to support businesses, citizens, and public administrations in adopting and developing secure digital technologies.
Strategic Importance: This initiative aligns with the EU's strategy to reduce reliance on non-European tech services and enhance its own technological sovereignty.
Business Coalition Influence: Earlier advocacy by European businesses emphasized the necessity for the EU to invest in homegrown alternatives to U.S.-based tech solutions.

Notable Quote:

"[00:04] Claire Aird: 'The funds will be available through the Digital Europe Program, an EU fund designed to bring digital technology to businesses, citizens and public administrations.'"

10. U.S. President Issues Executive Order on Federal Unions

Key Points:

Scope of the Order: The directive applies to 18 federal agencies, including the Department of Defense (DOD), Department of Homeland Security (DHS), and the Cybersecurity and Infrastructure Security Agency (CISA).
Government Response: Union leaders have condemned the executive order, labeling it unlawful and an assault on the civil service.
Implications for Federal Workers: The termination of these agreements could significantly alter labor relations and employee protections within federal agencies.

Notable Quote:

"[00:04] Claire Aird: 'Federal unions damage and hinder national security, intelligence and counter intelligence work.'"

11. Security Researchers Identify Backdoor in Unitree's Robot Dogs

Key Points:

Nature of the Backdoor: Attackers possessing Unitree's CloudSail API key could use SSH with a default password to remotely pilot the robot dogs and access their cameras.
Company Response: Unitree has revoked the compromised API key to prevent further exploitation.
User Advisory: Owners of Unitree robot dogs are advised to uninstall the CloudSail service to ensure their devices remain secure.

Notable Quote:

"[00:04] Claire Aird: 'Attackers with Unitree's Cloud Sail API key could SSH into the robots with the default password.'"

12. TikTok Removes Network of Ukrainian Accounts Targeting Multiple Countries

Key Points:

Objectives of the Network: The malicious accounts were designed to undermine support for pro-Kremlin political figures, provoke anti-government protests, and incite ethnic hatred.
Use of AI Tools: The network utilized generative AI for creating profile avatars, enhancing the realism and scalability of the fake accounts.
Reach and Influence: Collectively, the network amassed more than 300,000 followers, amplifying its potential impact on targeted communities.

Notable Quote:

"[00:04] Claire Aird: 'The company said the accounts were created to undermine support for pro Kremlin political figures, stoke anti government protests and incite ethnic hatred.'"

Notable Quote from Conclusion:

"[00:04] Claire Aird: 'And that is all for this podcast edition.'"

This summary was prepared based on the transcript of the Risky Bulletin podcast episode and is intended to provide an informative overview for those who have not listened to the original broadcast.

wavePod

Powered by Wave AI

Summary

1. Oracle's Healthtech Division Compromised

2. Italian Government Admits Use of Spyware on NGOs

3. Exploitation of WordPress Features by Hackers

4. Dutch Public Prosecutor Service Suffers Cyber Incident

5. T-Mobile to Distribute Settlement from 2021 Data Breach

6. US Indicts Canadian for Hacking Texas Republican Party

7. Apple Enhances macOS Security with New Logging Feature

8. Emergence of Crocodylus: A New Android Banking Trojan

9. European Union Allocates €1.3 Billion for Cybersecurity and AI

10. U.S. President Issues Executive Order on Federal Unions

11. Security Researchers Identify Backdoor in Unitree's Robot Dogs

12. TikTok Removes Network of Ukrainian Accounts Targeting Multiple Countries

Summary

1. Oracle's Healthtech Division Compromised

2. Italian Government Admits Use of Spyware on NGOs

3. Exploitation of WordPress Features by Hackers

4. Dutch Public Prosecutor Service Suffers Cyber Incident

5. T-Mobile to Distribute Settlement from 2021 Data Breach

6. US Indicts Canadian for Hacking Texas Republican Party

7. Apple Enhances macOS Security with New Logging Feature

8. Emergence of Crocodylus: A New Android Banking Trojan

9. European Union Allocates €1.3 Billion for Cybersecurity and AI

10. U.S. President Issues Executive Order on Federal Unions

11. Security Researchers Identify Backdoor in Unitree's Robot Dogs

12. TikTok Removes Network of Ukrainian Accounts Targeting Multiple Countries