Svoboda

Svoboda Cybersecurity Brief April 15, 2025

DaVita Hit by Ransomware Attack

Dialysis provider DaVita suffered a ransomware attack encrypting parts of its network, disrupting operations. The company activated containment measures but cannot estimate the full impact yet. Impact: Potential patient data exposure and operational delays.
Mitigation: Isolate affected systems, review backups, and monitor for data exfiltration.
Source: DataBreaches.net

New ResolverRAT Targets Healthcare and Pharma

A previously undocumented RAT, ResolverRAT, was delivered via phishing emails with legal/copyright lures. It uses DLL sideloading, in-memory execution, and multi-stage persistence. Impact: Data theft and system compromise.
Mitigation: Block suspicious PowerShell executions, monitor for registry modifications.
Source: BleepingComputer

Hertz Confirms Data Breach via Cleo Zero-Day

Hertz disclosed a breach involving customer data (names, driver’s licenses, SSNs) stolen via Cleo zero-day exploits (Oct/Dec 2024). Clop ransomware gang leaked the data. Impact: 3,409+ Maine residents affected.
Mitigation: Enable MFA, monitor for fraudulent activity.
Source: BleepingComputer

IAF Jet GPS Spoofed During Myanmar Relief Mission

Indian Air Force aircraft faced GPS spoofing during a humanitarian mission, forcing pilots to rely on inertial navigation. Suspected state-linked actors exploited geopolitical tensions. Impact: Navigation disruption.
Mitigation: Use multi-factor navigation systems.
Source: DataBreaches.net

Queensland Enforces Mandatory Breach Notification Law

Effective July 1, 2025, Queensland’s new law requires reporting eligible data breaches (unauthorized access + serious harm risk). Impact: Stricter compliance for agencies.
Mitigation: Implement incident response plans.
Source: DataBreaches.net

SSL/TLS Certificate Lifespans Reduced to 47 Days

CA/Browser Forum voted to reduce certificate validity from 398 days to 47 days by 2029 to mitigate outdated crypto risks. Impact: Increased operational overhead.
Mitigation: Adopt automated certificate management (e.g., ACME).
Source: BleepingComputer

SideCopy Expands Attacks with CurlBack RAT

Pakistan-linked SideCopy targeted Indian railways/oil sectors using MSI packages, Xeno RAT, and new CurlBack RAT (Linux/Windows compatible). Impact: Cross-platform data theft.
Mitigation: Block suspicious MSI executions, monitor for lateral movement.
Source: The Hacker News

Gladinet CentreStack Exploited via Hardcoded Keys

Attackers exploited CVE-2025-30406 (9.0 CVSS) in Gladinet/Triofox using default cryptographic keys for RCE. Impact: 120+ endpoints compromised.
Mitigation: Apply patches, audit IIS processes.
Source: SecurityWeek

Nvidia Container Toolkit Patch Incomplete

Trend Micro found Nvidia’s patch for CVE-2024-0132 (9.0 CVSS) fails to fully mitigate container escape risks in AI environments. Impact: Host system compromise.
Mitigation: Disable allow-cuda-compat-libs-from-container.
Source: SecurityWeek

Fortinet Warns of Persistent VPN Backdoors

Threat actors maintain access to patched FortiGate devices via symbolic links in language folders. Impact: Credential theft.
Mitigation: Update to FortiOS 7.6.2+/7.4.7+.
Source: SecurityWeek

Malicious NPM Packages Target Crypto Wallets

Packages like pdf-to-office hijack Atomic/Exodus Wallet transactions. Impact: Funds diverted to attacker addresses.
Mitigation: Reinstall wallets, audit dependencies.
Source: SecurityWeek

Share this brief: https://svo.bz/Qlnv