The Register: Oracle Health reportedly warns of info leak from legacy server

Mar 30, 2025

—

Source URL: https://www.theregister.com/2025/03/30/infosec_news_in_brief/
Source: The Register
Title: Oracle Health reportedly warns of info leak from legacy server

Feedly Summary: PLUS: OpenAI bumps bug bounties bigtime; INTERPOL arrests 300 alleged cyber-scammers; And more!
Infosec in brief Oracle Health appears to have fallen victim to an info stealing attack that has led to patient data stored by American hospitals being plundered.…

AI Summary and Description: Yes

Summary: The text discusses several significant incidents and trends in information security, including a data breach at Oracle Health, heightened bug bounty programs at OpenAI, and the threat posed by delayed software patching. Additionally, it highlights a compromise in a code review tool’s security and notable arrests made by INTERPOL in a cyber-scam operation.

Detailed Description: The content contains multiple major points relevant to information security professionals, including aspects of compliance, vulnerability management, and security incident response:

– **Oracle Health Data Breach:**
– Oracle Health experienced an attack where unauthorized access to patient data occurred, attributed to stolen customer credentials.
– The incident emphasizes the risks associated with cloud systems, particularly when legacy systems are not adequately migrated.
– There is an ongoing FBI investigation for possible ransom demands linked to the breach.

– **OpenAI Bug Bounty Increase:**
– OpenAI has significantly raised its maximum bug bounty payout to incentivize security research, reflecting a commitment to improving the security of AI technologies.
– The increase in specific bonuses for identified vulnerabilities indicates a proactive approach to addressing software security risks.

– **Delay in Software Patching:**
– A survey indicated over half of IT professionals delay implementing critical software patches, which poses a substantial security risk.
– This delay can result in known vulnerabilities being exploited by attackers, underscoring the importance of timely patch management as part of a robust vulnerability management strategy.

– **Reviewdog Compromise:**
– The Reviewdog tool for automated code review had a critical vulnerability (CVE-2025-30154), highlighting risks in third-party software and the importance of securing development pipelines.

– **INTERPOL’s Anti-Scam Operations:**
– OPERATIONS RED CARD led to 306 arrests in Africa, showcasing law enforcement’s international efforts to combat cybercrime and protect consumers from scams using mobile banking and messaging apps.

Overall, these incidents reflect ongoing challenges in information security, the importance of rapid vulnerability response, and proactive measures being taken by organizations and law enforcement to counteract cyber threats. Security and compliance professionals must remain vigilant in enhancing security measures, ensuring timely patching, and understanding the legal implications of breaches and cybercrimes.

01 1 2 2025 3 4 5 a access Act Africa AGI AI AI technologies alt and anti API app Arch art as attack attackers attribute Auto banking being bounty program breach breaches Bug bug bounties bug bounty Bug Bounty program bug bounty programs by C challenges CI CIA Cloud cloud systems co code code review commit compliance compliance professionals consumer content credential credentials crime critical critical vulnerability Customer CVE cyber cyber threat cyber threats cybercrime cybercrimes D data data breach de demand development e end enforcement ERP exp experience exploit FBI for g GIS Go H health health data high Highlight hospital hospitals HR http HTTPS implications in incident incident response information information security information security professionals infosec inter intern Interpol investigation ite J k known vulnerabilities l law Law Enforcement led legacy systems Legal legal implications Li Link linked man management max messaging messaging app messaging apps Mobile mobile banking multi N nation news no o of on open openai operation OPM Oracle Oracle Health organization organizations out over party party software Patch Patch Management patches patching patient data Pipeline pipelines point proactive proactive measures professionals Q R ransom ransom demand ransom demands rate RCE red report research response Risk risks Ro RoT s scam scammers scams search sec security security and compliance security incident security incident response security measure security measures security professionals Security Research security risk security risks server Sig SoC software software patches software patching software security source specific SSE SSO stealing STIG Strategy system systems T tech technologies text the third third-party third-party software threat threats Time to tool Tor TP trends unauthorized access under US use uth V vulnerabilities vulnerability Vulnerability Management Ware Wi x