"Employee surveillance app exposed 212 million screenshots."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 25 April 2025, 2153 UTC.
Content and Source provided by "The CyberWire Daily Briefing."
https://thecyberwire.com/newsletters/daily-briefing/14/79
Please check site URL above or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
Daily Briefing for 04.25.25
Summary
At a glance.
- Employee surveillance app exposed 21 million screenshots.
- Healthcare data breaches affect millions.
- SK Telecom confirms SIM card-related data breach.
- Employee surveillance app exposed 21 million screenshots.
- Healthcare data breaches affect millions.
- SK Telecom confirms SIM card-related data breach.
Employee surveillance app exposed 21 million screenshots.
Cybernews reports that WorkComposer, an employee surveillance app used by more than 200,000 people at companies around the world, exposed over 21 million screenshots of employee activity in an unsecured Amazon S3 bucket. WorkComposer, which is designed to track employee productivity, logs keystrokes and takes screenshots every few minutes. Cybernews notes that the "leaked data is extremely sensitive, as millions of screenshots from employees' devices could not only expose full-screen captures of emails, internal chats, and confidential business documents, but also contain login pages, credentials, API keys, and other sensitive information that could be exploited to attack businesses worldwide."
The S3 bucket has since been secured, but the company hasn't commented on the breach.
Only the Right Users, Only the Right Access—Is Your Security Strong Enough?Secure Access is crucial for U.S. Public Sector missions, ensuring that only authorized users can access certain systems, networks, or data - are your defenses ready? Cisco's Security Service Edge delivers comprehensive protection for your network and users. Experience the power of zero trust and secure your workforce, wherever they are. Elevate your security strategy by visiting: cisco.com/go/sse.
Cybernews reports that WorkComposer, an employee surveillance app used by more than 200,000 people at companies around the world, exposed over 21 million screenshots of employee activity in an unsecured Amazon S3 bucket. WorkComposer, which is designed to track employee productivity, logs keystrokes and takes screenshots every few minutes. Cybernews notes that the "leaked data is extremely sensitive, as millions of screenshots from employees' devices could not only expose full-screen captures of emails, internal chats, and confidential business documents, but also contain login pages, credentials, API keys, and other sensitive information that could be exploited to attack businesses worldwide."
The S3 bucket has since been secured, but the company hasn't commented on the breach.
Secure Access is crucial for U.S. Public Sector missions, ensuring that only authorized users can access certain systems, networks, or data - are your defenses ready? Cisco's Security Service Edge delivers comprehensive protection for your network and users. Experience the power of zero trust and secure your workforce, wherever they are. Elevate your security strategy by visiting: cisco.com/go/sse.
Healthcare data breaches affect millions.
The Yale New Haven Health System (YNHHS) in Connecticut has disclosed a data breach it sustained last month that impacted 5.5 million patients, SecurityWeek reports. YNHHS hasn't disclosed the nature of the attack, but said an "unauthorized third-party gained access to our network" and obtained copies of data. The health system stated, "The information involved varies by patient, but may include demographic information (such as name, date of birth, address, telephone number, email address, race or ethnicity), Social Security number, patient type, and/or medical record number. YNHHS’ electronic medical record system was not involved nor accessed in this incident, and no financial accounts, payment information, or employee HR information was included."
Separately, BleepingComputer reports that a ransomware-related data breach at Frederick Health Medical Group in Maryland affected information belonging to nearly one million patients. Frederick Health said in a breach notification last month that the stolen information "varied by individual but may have contained patient names, addresses, dates of birth, Social Security numbers, drivers’ license numbers, medical record numbers, health insurance information, and/or clinical information related to patients’ care." BleepingComputer notes that no ransomware group has claimed credit or posted data from this attack, suggesting Frederick Health may have paid the ransom.
Many Voices. One Community.Join Us at the RSAC 2025 Conference. Join us at RSAC, April 28 - May 1 in San Francisco and gain access to cybersecurity innovators, expert-led sessions, and hands-on workshops. Leave with new strategies, insights, and connections to elevate your cybersecurity journey.
The Yale New Haven Health System (YNHHS) in Connecticut has disclosed a data breach it sustained last month that impacted 5.5 million patients, SecurityWeek reports. YNHHS hasn't disclosed the nature of the attack, but said an "unauthorized third-party gained access to our network" and obtained copies of data. The health system stated, "The information involved varies by patient, but may include demographic information (such as name, date of birth, address, telephone number, email address, race or ethnicity), Social Security number, patient type, and/or medical record number. YNHHS’ electronic medical record system was not involved nor accessed in this incident, and no financial accounts, payment information, or employee HR information was included."
Separately, BleepingComputer reports that a ransomware-related data breach at Frederick Health Medical Group in Maryland affected information belonging to nearly one million patients. Frederick Health said in a breach notification last month that the stolen information "varied by individual but may have contained patient names, addresses, dates of birth, Social Security numbers, drivers’ license numbers, medical record numbers, health insurance information, and/or clinical information related to patients’ care." BleepingComputer notes that no ransomware group has claimed credit or posted data from this attack, suggesting Frederick Health may have paid the ransom.
Join Us at the RSAC 2025 Conference. Join us at RSAC, April 28 - May 1 in San Francisco and gain access to cybersecurity innovators, expert-led sessions, and hands-on workshops. Leave with new strategies, insights, and connections to elevate your cybersecurity journey.
SK Telecom confirms SIM card-related data breach.
South Korea's SK Telecom has confirmed a malware attack last week that compromised data related to customers' SIM cards, Bitdefender reports. The stolen information could be used to assist in SIM swap attacks.
The company is offering free SIM card replacements to approximately 23 million mobile subscribers who were active on the network as of midnight on April 18th, Telecoms Tech News says. Eligible customers can request a free physical SIM card or eSIM beginning on April 28th.
South Korea's SK Telecom has confirmed a malware attack last week that compromised data related to customers' SIM cards, Bitdefender reports. The stolen information could be used to assist in SIM swap attacks.
The company is offering free SIM card replacements to approximately 23 million mobile subscribers who were active on the network as of midnight on April 18th, Telecoms Tech News says. Eligible customers can request a free physical SIM card or eSIM beginning on April 28th.
Notes.
Today's issue includes events affecting , and the Republic of Korea the United States.
Sponsored EventsJoin Us at the RSAC 2025 Conference. (San Francisco, CA, Apr 28 - May 1, 2025) Join the cybersecurity community at RSACTM 2025 Conference, April 28 - May 1 in San Francisco! Gain expert insights, explore cutting-edge solutions, and network with industry leaders. Don’t miss out—register now and stay ahead in cybersecurity!Engage with Yubico at RSAC 2025, Booth 3301 (South Expo) (San Francisco, CA, USA, Apr 28 - May 2, 2025) Join Yubico for a Passwordless Party, engaging thought leader sessions, fun booth activities, and exclusive moments—don’t miss these must-do experiences!Webinar: On the state of modern Web Application Security (Virtual, May 13, 2025) Join our webinar to learn more about cyber risks lurking in the ever-evolving web application threat landscape and discover why web applications remain top targets for cybercriminals and how to efficiently identify business critical vulnerabilities.Webinar: Trends in Identity Attack Path Management (Virtual, May 15, 2025) Join SpecterOps for an in-depth discussion around all things Attack Path Management and Identity Security. Results from a global survey asking more than 500 IT decision-makers about their Identity security practices will be previewed to attendees.Selected Reading
Today's issue includes events affecting , and the Republic of Korea the United States.
Attacks, Threats, and Vulnerabilities
Dialysis company DaVita reviewing data leaked by ransomware gang (The Record) The Interlock ransomware gang posted samples from a trove of data it is claiming to have stolen from the company.
Frederick Health data breach impacts nearly 1 million patients (BleepingComputer) A ransomware attack in January at Frederick Health Medical Group, a major healthcare provider in Maryland, has led to a data breach affecting nearly one million patients.
Lazarus hackers breach six companies in watering hole attacks (BleepingComputer) In a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea.
Dialysis company DaVita reviewing data leaked by ransomware gang (The Record) The Interlock ransomware gang posted samples from a trove of data it is claiming to have stolen from the company.
Frederick Health data breach impacts nearly 1 million patients (BleepingComputer) A ransomware attack in January at Frederick Health Medical Group, a major healthcare provider in Maryland, has led to a data breach affecting nearly one million patients.
Lazarus hackers breach six companies in watering hole attacks (BleepingComputer) In a recent espionage campaign, the infamous North Korean threat group Lazarus targeted multiple organizations in the software, IT, finance, and telecommunications sectors in South Korea.
Legislation, Policy, and Regulation
US conducting criminal antitrust investigation into TP-Link, Bloomberg News reports (Yahoo Finance) Prosecutors at the U.S. Department of Justice are investigating whether TP-Link, a California-based firm, engaged in predatory pricing and whether that could hurt the ability of other companies that do not pose national security risks to sell routers in the U.S., the report said, citing people familiar with the matter. The DOJ and TP-Link did not immediately respond to Reuters' requests for comment.
Industry EventsFor a complete running list of events, please visit the Event Tracker.
US conducting criminal antitrust investigation into TP-Link, Bloomberg News reports (Yahoo Finance) Prosecutors at the U.S. Department of Justice are investigating whether TP-Link, a California-based firm, engaged in predatory pricing and whether that could hurt the ability of other companies that do not pose national security risks to sell routers in the U.S., the report said, citing people familiar with the matter. The DOJ and TP-Link did not immediately respond to Reuters' requests for comment.
For a complete running list of events, please visit the Event Tracker.
Events
RSA Innovation Sandbox 2025 (San Francisco, California, USA, Apr 28, 2025) RSA Conference 2025 marks 20 years for cybersecurity’s top innovation startup competition: RSAC Innovation Sandbox contest. The contest puts the spotlight on cybersecurity’s boldest new innovators while highlighting their potentially game-changing ideas. Hundreds of submissions are reviewed and narrowed down to only 10 finalists. The Top 10 Finalists will take the stage during RSA Conference 2025 and will have three minutes to make their award-winning pitch to a panel of leading industry experts. Since the start of the contest, the Top 10 Finalists have collectively seen over 90 acquisitions and over $16.4 billion in investments.*
RSA Conference 2025 (San Francisco, California, USA, Apr 28 - May 1, 2025) At RSAC 2025, you're not just attending a conference—you're stepping into a vibrant, thriving community of thinkers, innovators, and achievers. Though we come from different corners of the cybersecurity world, we are united by a common mission: to foresee risks, counter threats, and embrace the challenges ahead. Together, we shape the future of security. Together, we shine as one.
CYSAT (Paris, France, May 14 - 15, 2025) In today’s society, we heavily rely on space-based assets, and considering the continuously evolving cyber threats in the current geopolitical environment, securing space data is a major challenge. Since 2021, CYSEC has been organizing CYSAT to bring together all the players in the space cybersecurity domain.
CyberWiseCon Europe 2025 (Vilnius and virtual, Lithuania, May 21 - 23, 2025) CyberWiseCon is a premier IT security conference that brings together cybersecurity experts, industry leaders, and IT professionals from around the Europe.
NICE Conference (Denver, Colorado, USA, Jun 1 - 4, 2025) The NICE Conference is the annual convening of community members and thought leaders from education, government, industry, and non-profits to explore ways of developing a skilled cybersecurity workforce ready to meet the challenges of the future. This event provides an opportunity to share best practices from around the world and across sectors in order to build the workforce we need to confront cybersecurity risks today and in years to come.
Sponsor & SupportGrow your brand, generate leads, and fill your funnel.With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.
RSA Innovation Sandbox 2025 (San Francisco, California, USA, Apr 28, 2025) RSA Conference 2025 marks 20 years for cybersecurity’s top innovation startup competition: RSAC Innovation Sandbox contest. The contest puts the spotlight on cybersecurity’s boldest new innovators while highlighting their potentially game-changing ideas. Hundreds of submissions are reviewed and narrowed down to only 10 finalists. The Top 10 Finalists will take the stage during RSA Conference 2025 and will have three minutes to make their award-winning pitch to a panel of leading industry experts. Since the start of the contest, the Top 10 Finalists have collectively seen over 90 acquisitions and over $16.4 billion in investments.*
RSA Conference 2025 (San Francisco, California, USA, Apr 28 - May 1, 2025) At RSAC 2025, you're not just attending a conference—you're stepping into a vibrant, thriving community of thinkers, innovators, and achievers. Though we come from different corners of the cybersecurity world, we are united by a common mission: to foresee risks, counter threats, and embrace the challenges ahead. Together, we shape the future of security. Together, we shine as one.
CYSAT (Paris, France, May 14 - 15, 2025) In today’s society, we heavily rely on space-based assets, and considering the continuously evolving cyber threats in the current geopolitical environment, securing space data is a major challenge. Since 2021, CYSEC has been organizing CYSAT to bring together all the players in the space cybersecurity domain.
CyberWiseCon Europe 2025 (Vilnius and virtual, Lithuania, May 21 - 23, 2025) CyberWiseCon is a premier IT security conference that brings together cybersecurity experts, industry leaders, and IT professionals from around the Europe.
NICE Conference (Denver, Colorado, USA, Jun 1 - 4, 2025) The NICE Conference is the annual convening of community members and thought leaders from education, government, industry, and non-profits to explore ways of developing a skilled cybersecurity workforce ready to meet the challenges of the future. This event provides an opportunity to share best practices from around the world and across sectors in order to build the workforce we need to confront cybersecurity risks today and in years to come.
Comments
Post a Comment
Please leave a comment about our recent post.