Svoboda Cybersecurity Brief April 20, 2025
Apr 20, 2025Critical Erlang/OTP SSH Vulnerability Exploited in the Wild
A critical vulnerability (CVE-2025-32433) in Erlang/OTP’s SSH daemon allows unauthenticated remote code execution (RCE). Public exploits are now available, increasing the risk of widespread exploitation, particularly in telecom and high-availability systems. Over 600,000 IPs run Erlang/OTP, with CouchDB instances being a common target.
Impact: Unauthenticated RCE on vulnerable systems, potentially affecting critical infrastructure.
Mitigation: Update to Erlang/OTP versions 25.3.2.10 or 26.2.4 immediately.
Source: BleepingComputer
Baltimore State’s Attorney’s Office Suffers Data Leak by Hacktivists
The Baltimore City State’s Attorney’s Office was breached by the group Kairos, leaking 325 GB of sensitive data, including juvenile offender records, police personnel details, and victim/witness information. The office failed to respond to inquiries or disclose the breach publicly.
Source: DataBreaches
SuperCard X Android Malware Steals NFC Payment Data
A new Android malware-as-a-service (MaaS) platform, SuperCard X, steals credit card data via NFC relay attacks, enabling fraudulent POS/ATM transactions. The malware evades detection by requesting minimal permissions and uses mTLS for secure C2 communications.
Impact: Unauthorized financial transactions using stolen card data.
Mitigation: Avoid sideloading apps, verify bank communications, and monitor for unusual transactions.
Source: BleepingComputer
Rogue npm Packages Deliver SSH Backdoors to Linux Systems
Three malicious npm packages (node-telegram-utils, node-telegram-bots-api, node-telegram-util) mimic a legitimate Telegram bot API to plant SSH backdoors on Linux systems. The packages use starjacking to appear legitimate and persist even after removal.
Impact: Persistent remote access to compromised systems.
Mitigation: Audit npm dependencies, remove suspicious packages, and rotate SSH keys.
Source: The Hacker News
ASUS AiCloud Routers Exposed to Critical Authentication Bypass
ASUS confirmed a critical flaw (CVE-2025-2492, CVSS 9.2) in routers with AiCloud enabled, allowing unauthorized function execution. Firmware updates are available for affected models.
Impact: Remote compromise of router functionality.
Mitigation: Update firmware, disable AiCloud/WAN services, and use strong passwords.
Source: The Hacker News
HIPAA Breach Lawsuit Highlights Contractual Risks for MSPs
Molecular Testing Labs sued its MSP, Ntirety, for failing to meet HIPAA Security Rule obligations after a ransomware attack exposed PHI. The lawsuit emphasizes the importance of BAAs and indemnification clauses.
Source: DataBreaches
Nigerian Health Sector Strengthens Data Protection Framework
Nigeria’s Data Protection Commission (NDPC) partnered with the Health Ministry to enforce the Nigeria Data Protection Act (NDPA) 2023, aiming to safeguard sensitive patient data and prevent misuse.
Source: DataBreaches
Whitman Hospital Revises Breach Disclosure After Forensic Findings
Whitman Hospital initially claimed no patient data was compromised in a December-February cyberattack but later confirmed exposure of sensitive health information after forensic analysis.
Source: DataBreaches
Share this brief: https://svo.bz/yyV8