Information Security News – 4/7/2025

Criminal Group Claims Responsibility for Cyberattack on Minnesota Casino

Article Link: https://cdcgaming.com/brief/cybersecurity-incident-at-minnesota-tribal-community-casino-prompts-shutdown/

• A ransomware crew named RansomHub ambushed Minnesota’s Jackpot Junction Casino Hotel, cutting power to their 1000 slot machines, silencing phones, and forcing digital hotel systems into a hard reset. Technical issues began showing themselves on March 27, 2025.
• The group bragged on the dark web March 31, 2025, alleging they infiltrated internal systems and stole sensitive files, giving the casino a month to pay up.
• Guests felt the hit first. Bingo nights were scrapped until further notice, room keys glitched out, and promotional drawings postponed. A main restaurant and kiosks closed shop. The bar remains open, and tables are still dealing games, but much of the gaming floor remains eerily dark.
• The casino has brought in outside specialists to investigate, is restoring systems in phases, and continues to keep some operations offline while the clean-up plays out behind the scenes.

As CISA Downsizes, Where Can Enterprises Get Support?

Article Link: https://www.darkreading.com/cybersecurity-operations/roundtable-cisa-downsizes-where-can-enterprises-look-support

• The Cybersecurity and Infrastructure Security Agency (CISA) has scaled back its direct, hands-on support for ransomware and cyberattack response, especially for private companies and state or local governments, through its field-based Cybersecurity Advisor (CSA) program.
• The agency is now prioritizing national-level threats and critical infrastructure, leaving commercial and regional organizations and agencies with less federal support during major incidents.
• Security leaders from Palo Alto Networks, Critical Insight, Okta, and Recorded Future, drawing on their industry experience, say that many companies simply don’t have the staffing or resources to go it alone, especially during full-scale ransomware attacks.
• The discussion opines to utilizing Information Sharing and Analysis Centers (ISACs), outreaching early to law enforcement, and assembling peer-trusted resource networks as go-to moves for staying afloat as federal boots-on-the-ground support fades.

Oracle Privately Confirms Cloud Breach to Customers

Article Link: https://www.bleepingcomputer.com/news/security/oracle-privately-confirms-cloud-breach-to-customers/

• Oracle finally but privately disclosed a breach at Oracle Health (formerly Cerner), affecting multiple U.S. hospitals and healthcare organizations, after attackers accessed patient data. This quiet admission comes after a threat actor put six million records up for sale on March 20, 2025.
• The attack was traced to legacy Cerner data migration servers, compromised sometime after January 22, 2025, using a 2020 Java exploit, and was detected by Oracle Health on February 20, 2025.
• The current threat actor calling himself “Andrew” is now extorting the impacted hospitals, demanding millions in cryptocurrency and launching clearnet websites to pressure payment, without claiming ties to any known ransomware or extortion groups.
• Oracle Health has denied reports of a breach and remained unresponsive to inquiries since March 4, even as internal communications confirm patient data was stolen from affected healthcare systems.
  

10 Best Practices for Vulnerability Management According to CISOs

Article Link: https://www.csoonline.com/article/3853759/10-best-practices-for-vulnerability-management-according-to-cisos.html

• The article presents 10 best practices for vulnerability management, drawn from a panel of CISOs and security executives convened by Bugcrowd.
• These insights focus less on technical checklists and more on strategic priorities, emphasizing risk-based decision-making, clear communication, and identified roles and responsibilities.
• The core message is to proactively align vulnerability management with business risk, rather than reacting to every CVE or vulnerability score in isolation.
• Collectively, the panel strongly advocated for effective vulnerability management that requires shared responsibility across IT, security, development, and leadership, not just the isolated efforts from a single team or two.

When it Comes to Security, Public Wi-Fi Could be a Risky Choice for Commuters Worldwide

Article Link: https://www.techradar.com/pro/security/when-it-comes-to-security-public-wi-fi-could-be-a-risky-choice-for-commuters-worldwide

• A new survey by NordVPN of 2,000 remote and hybrid workers across the US, UK, France, Germany, and the Netherlands found that 41% regularly use public Wi-Fi while commuting, exposing themselves to potential attacks.
• Nearly a third access work emails, a quarter use collaboration tools, and 17% handle work documents on unsecured networks, often without VPNs, antivirus, or proper endpoint protection.
• These behaviors create ideal conditions for threats like session hijacking and data interception, especially when commuters stay logged in or transmit sensitive information over open connections.
• According to the findings, these commuting habits increase the odds of credential theft and session hijacking, particularly when distracted employees forget they are not connected securely while performing work tasks, such as responding to emails or revising work documents.
• NordVPN Research: https://nordvpn.com/blog/commute-smartphone-safety-research-us-ca-2025/

For Healthcare Orgs, Disaster Recovery Means Making Sure Docs Can Save Lives During Ransomware Infection

Article Link: https://www.theregister.com/2025/04/02/disaster_recovery_healthcare/

• Healthcare organizations are recovering more slowly from ransomware attacks than other sectors, with incidents often taking more than three weeks to resolve, far exceeding downtime in industries like finance or manufacturing.
• Delays are tied to aging infrastructure, limited IT budgets, and sprawling digital environments, which complicate recovery efforts and increase dependence on third-party support and external vendors.
• Some hospitals still rely on manual backups or physically transported systems, lagging behind other industries that have adopted cloud-based or automated disaster recovery tools.
• The article reports that many healthcare providers maintain disaster recovery plans that go untested and warns that written procedures alone are not enough. A well-grounded, regularly exercised DR plan is a must to work more smoothly through a real-world crisis.

Rising Attack Exposure, Threat Sophistication Spur Interest in Detection Engineering

Article Link: https://www.csoonline.com/article/3847510/rising-attack-exposure-threat-sophistication-spur-interest-in-detection-engineering.html

• A survey of 264 cybersecurity professionals by SANS and Anvilogic found that 41% of organizations already have detection engineering teams in place, signaling growing momentum behind this hands-on approach.
• With attacks growing more complex and exposure expanding, security teams are turning to detection engineering to build sharper, faster defenses tailored to their own environments.
• Rather than relying on out-of-the-box alerts, teams are creating custom detection logic that reflects real risk, using detection-as-code, automated testing, and behavioral triggers to cut through the noise.
• Security professionals featured in the coverage describe tight collaboration with response teams, solid documentation habits, and flexible rule tuning as essential for keeping pace with attacker behavior.
• Report: https://www.anvilogic.com/report/2025-state-of-detection-engineering

How Will the Splinternet Impact Cybersecurity

Article Link: https://www.cyberdefensemagazine.com/how-will-the-splinternet-impact-cybersecurity/

• The internet is splintering into regional zones shaped by national laws, censorship, and political interests. Attackers aren’t lurking in the shadows; they’re openly sharing government-developed tools, operating on the dark web, and taking full advantage of a fractured online landscape.
• For global tech companies, navigating this environment means walking a tightrope. Refusing local mandates can cost them and following them can introduce new operational, legal, security, and privacy risks in their environment.
• As regional policies and infrastructures diverge, threats are becoming more localized, undermining the effectiveness of global, one-size-fits-all security strategies.
• Cyber Defense Magazine positions regional threat modeling as a key tactic: understanding specific risks in each market and shaping defenses around them. That includes dealing with contradictory regulations and hardening remote work tools, which continue to be prime targets.

Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities

Article Link: https://www.securityweek.com/chrome-135-firefox-137-patch-high-severity-vulnerabilities/

• Google and Mozilla released security updates this week, patching high-severity vulnerabilities in Chrome 135 and Firefox 137 that could lead to crashes or allow remote attackers to execute arbitrary code.
• Chrome’s update fixes 10 security issues, including a use-after-free flaw in the ANGLE graphics engine, reported by a researcher who received a $10,000 bug bounty.
• Firefox’s patches address five memory safety vulnerabilities, including issues that could potentially be exploited to run arbitrary code if chained with other bugs.
• Google and Mozilla direct users to update via built-in browser settings or official download pages, noting that while no exploitation has been observed, the patched flaws are considered high-risk.