Information Security News – 6/30/2025

Ransomware Disruptions Contributed to a Patient Death, NHS Finds

Article Link: https://www.techradar.com/pro/security/ransomware-disruptions-contributed-to-a-patient-death-nhs-finds

• For the first time, a patient’s death has been officially linked to a ransomware attack in the U.K., following an NHS report that confirmed delays caused by the 2024 assault on Synnovis pathology services contributed to the fatal outcome.
• The Qilin ransomware gang crippled Synnovis systems and demanded a $50 million payment, disrupting lab operations across London hospitals for at least a month and delaying blood test results that were cited as a factor in the patient’s death.
• Roughly 800 surgeries and 700 outpatient appointments were canceled or rescheduled, and patient data including names, NHS numbers, and test results were stolen and published online after the ransom went unpaid.
• A hospital review confirmed the delayed test result played a role in the fatality and shared its findings with the family, though no apology or public expression of regret was reported in the article.

Scans Probing for MOVEit Systems May Be Precursor to Attacks

Article Link: https://www.databreachtoday.com/scans-probing-for-moveit-systems-may-be-precursor-to-attacks-a-28832

• MOVEit servers are back in the crosshairs, as threat intelligence firm GreyNoise reports a surge in internet-wide scanning that may signal a new wave of exploits targeting Progress Software’s file-transfer tool.
• The probes began May 27 and now involve up to 300 unique IPs per day, many traced to compromised infrastructure from Tencent, Amazon, Cloudflare, and Google. GreyNoise says the activity is deliberate and likely tied to attackers preparing to test or launch new exploits.
• Distinguished security experts noted in the article say the activity aligns with scanning-as-a-service, where threat actors sell or trade IP and port data to fuel the market for targets-as-a-service. One expert even uncovered a 76 million IP address file circulating on Telegram, likely built from tools such as Shodan and Censys.
• Measures shared by experts featured in this report are doubling down on tactics like blocking scanners, isolating MOVEit systems, and running honeypots, along with early warning tools, threat intelligence feeds, and segmented offline backups.

Multiple Brother Devices: Multiple Vulnerabilities (FIXED)

Article Link: https://www.rapid7.com/blog/post/multiple-brother-devices-multiple-vulnerabilities-fixed/

• Brother and four other vendors patched eight security flaws affecting 748 printer models, including issues with default admin passwords, remote code execution, and credential leaks.
• One flaw lets attackers calculate factory-set admin passwords using serial numbers, exposing full device access if left unchanged. This issue is tracked as CVE-2024-51978.
• A separate flaw, CVE-2024-51979, is a stack-based buffer overflow that requires authentication but could allow remote code execution on vulnerable devices, possibly turning printers into an attack tool.
• Firmware updates are available for seven flaws, while the password issue requires a workaround, since a full fix depends on changes to the manufacturing process.
• CVE-2024-51978: https://www.cve.org/CVERecord?id=CVE-2024-51978
• CVE-2024-51979: https://www.cve.org/CVERecord?id=CVE-2024-51979

When Synthetic Identity Fraud Looks Just Like a Good Customer

Article Link: https://www.helpnetsecurity.com/2025/06/26/synthetic-identity-fraud-consequences/

• Synthetic identity fraud is rising fast, blending real and fake personal data into convincing identities that can fool banks for years. Often called Frankenstein fraud, it’s a long game that lets cons build credit slowly, borrow big, then poof! – vanish without a trace.
• These fake profiles are rather sly, making it especially hard to spot because they look so close to the real thing, and the systems designed to catch them don’t always share information. This tactic also grants these baddies complacency and time to operate while credit data develops, and credit scoring becomes skewed.
• Kids are some of the easiest targets, since their Social Security numbers are clean and often unused, making it easy to build fake identities that go unnoticed for years. It’s real-life families, banks, and honest borrowers who end up paying the price through tighter credit rules and higher costs.
• Banking security experts say the best defense for banks includes layered ID checks, biometric scans, and smart use of AI, plus stronger data-sharing between organizations. While criminals use GenAI to build better fakes, financial institutions are also deploying AI and machine-learning to fight back.

Weak IT Infrastructure, Lack of Standards Drive Real Estate Fraud Attacks

Article Link: https://www.scworld.com/news/weak-it-infrastructure-lack-of-standards-drive-real-estate-fraud-attacks

• People buying or selling homes are facing a growing threat from wire fraud, as a lot of real estate offices are still stuck with pebbledash-level tech (rough on the surface and outdated underneath), offering little real protection when scams hit.
• Most agencies lack the tools to respond, or even detect fraud attempts, giving attackers a clear path to intercept large financial transfers during property transactions. These schemes often go unnoticed until it is too late.
• First-time buyers, particularly those from Millennial and Gen Z age groups, are especially vulnerable to impersonation tactics, often relying on their agents for guidance and unknowingly following fake instructions to transfer life-changing sums to the wrong hands.
• The article cautions anyone moving money during a real estate deal could be a target. Without stronger infrastructure and recovery systems in place, victims are often left on their own to track down missing funds. Even finding sufficient support to untangle the mess becomes an uphill battle.

Cyber Insurance Premiums Drop for First Time, Report Finds

Article Link: https://www.businesswire.com/news/home/20250623167339/en/Bests-Market-Segment-Report-2024-Pricing-Cuts-in-U.S.-Cyber-Generated-First-Ever-Reduction-in-Direct-Premiums-Written

• For the first time since 2015, U.S. cyber insurance premiums dipped, falling 2.3% in 2024 to just under $7.1 billion, according to AM Best. The decline reflects reduced pricing, not waning demand, suggesting buyers are still actively seeking coverage.
• Despite the drop, the cyber market is still profitable, with loss ratios holding below 50%. AM Best analysts say this stability points to a maturing sector where insurers are re-evaluating coverage provisions and settling prices without taking on more risk than they can handle.
• Large organizations are shifting coverage to in-house captive insurers, opting to manage cyber exposure privately. At the same time, surplus lines carriers are keeping their grip on complex risks, slightly expanding their market share even as total premium volume decreases.
• This analysis indicates a turning point for how cyber risk is priced, managed, and reported, as businesses weigh the tradeoffs between external coverage and internal risk strategies in a market that appears to have cooled since its pandemic-era surge.

Many Data Brokers Aren’t Registering Across State Lines, Privacy Groups Say

Article Link: https://cyberscoop.com/many-data-brokers-arent-registering-across-state-lines-privacy-groups-say/

• Hundreds of data brokers are playing a state-hopping game by registering in one state while avoiding others, leaving large portions of the U.S. public exposed to unmonitored data collection and resale.
• With each state defining “data broker” differently, companies are abusing loopholes to dodge registration and sidestep scrutiny, even as they trade in personal details from people they’ve never directly interacted with. Think of a data broker like a data pawnshop for personal information.
• Watchdogs remain insistent that state attorneys general (AGs) investigate companies already registered elsewhere, warning that without stronger oversight, dubious “data brokers” will continue handling sensitive data with little to no accountability.
• What’s at stake is basic transparency, and until some type of plan is in place, privacy experts say the best defense is knowing your rights and opting out, when possible, because people cannot protect their privacy if they don’t know who’s profiting from it.

Man Pleads Guilty to Hacking Networks to Pitch Security Services

Article Link: https://www.bleepingcomputer.com/news/security/man-pleads-guilty-to-hacking-networks-to-pitch-security-services/

• A Missouri man pleaded guilty after hacking into multiple organizations and pitching his own security services, targeting a gym, a nonprofit, and a former employer to show he could break the house and then offer to fix it.
• This guy boasted that he gained access to security cameras, routers, and user accounts, claimed he’d “assisted” over 30 local businesses, knocked his gym dues down to a dollar, swiped a staff badge, and later posted a screenshot of the breach like a winning hand.
• He slipped into a nonprofit’s office using a boot disk, installed a VPN, reset passwords, and extracted sensitive data from a federally protected computer used in interstate operations.
• After using stolen company credit cards to buy hacking gear, he is looking at up to five years in prison, a $250,000 fine, and restitution, closing the final chapter on a gamble that didn’t quite pay out.