svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief July 23, 2025

Jul 23, 2025

bulletproof VPN - stay anonymous

PowerSchool Strengthens Security After Canadian Data Breach

PowerSchool has committed to enhanced security measures following a breach impacting millions of Canadian students, parents, and educators. Sensitive data including names, contact details, dates of birth, medical info, and Social Insurance Numbers was exposed. The company is implementing improved monitoring and detection tools.
Source: DataBreaches.net

Chinese APTs Exploit SharePoint Zero-Days (CVE-2025-53770, CVE-2025-53771)

Microsoft attributes ongoing SharePoint Server attacks to Chinese state-linked groups Linen Typhoon and Violet Typhoon, exploiting zero-days since July 7, 2025. The flaws allow unauthenticated RCE via crafted API requests, leading to web shell deployment and MachineKey theft for persistent access.
Impact: Full system compromise, data exfiltration, and bypass of MFA/SSO.
Mitigation: Apply emergency patches for SharePoint 2016/2019/Subscription Edition, rotate MachineKeys, and enable AMSI in Full Mode.
Source: SecurityWeek

Interlock Ransomware Targets Healthcare in Double Extortion Campaigns

CISA and FBI warn of Interlock ransomware escalating attacks, particularly against healthcare. The group uses drive-by downloads from compromised sites and FileFix social engineering to deploy NodeSnake RAT. Recent victims include DaVita and Kettering Health.
Impact: Data encryption, exfiltration, and operational disruption.
Mitigation: Enable DNS filtering, enforce MFA, segment networks, and train staff on phishing.
Source: BleepingComputer

AMEOS Healthcare Network Breach Exposes Patient and Staff Data

AMEOS Group, a major European healthcare provider, suffered a cyberattack potentially exposing patient/employee data across 100+ facilities. Systems were shut down, and external forensic teams engaged. No ransomware group has claimed responsibility yet.
Source: BleepingComputer

Lumma Stealer Resurges After Law Enforcement Takedown

The Lumma infostealer has rebounded post-May 2025 infrastructure seizures, now using GitHub repos, fake cracks, and YouTube lures to distribute malware. Operators migrated to Russian hosting (Selectel) to evade detection.
Impact: Credential theft, financial fraud, and endpoint compromise.
Mitigation: Block TDS-fingerprinting domains, monitor PowerShell executions, and restrict untrusted cloud services.
Source: BleepingComputer

UK Bans Public Sector Ransom Payments to Russian Hackers

The UK will prohibit hospitals, councils, and critical infrastructure from paying ransoms to sanctioned Russian groups. The policy aims to disrupt the ransomware economy, which generated $1B in 2023.
Source: SecurityWeek

Coyote Malware Abuses Windows UIA for Banking Fraud

A new Coyote RAT variant exploits Windows’ UI Automation framework to steal credentials from 75+ Brazilian banking/crypto sites. It bypasses EDR by querying browser UI elements for target matching.
Impact: Session hijacking and financial fraud.
Mitigation: Monitor UIA API calls and restrict PowerShell execution.
Source: BleepingComputer

Cisco ISE Flaws (CVE-2025-20281/20282/20337) Actively Exploited

Cisco confirms attacks targeting unpatched ISE/ISE-PIC systems, allowing root-level RCE via API abuse. All three CVEs are rated CVSS 10.0 and require immediate patching.
Impact: Full network compromise and credential theft.
Mitigation: Upgrade to ISE 3.3 Patch 7 or 3.4 Patch 2.
Source: The Hacker News

Hungarian Police Arrest Suspect in Media DDoS Attacks

A 23-year-old Budapest man was arrested for DDoS attacks against Hungarian independent media and the International Press Institute. Attacks began in April 2023 and disrupted multiple news sites.
Source: DataBreaches.net

Helmholz Industrial Router Vulnerabilities Expose Critical Systems

Eight flaws (3 high-severity) in Helmholz REX 100 routers allow command injection, SQLi, and DoS. Default credentials exacerbate risks. Patched in firmware v2.3.3.
Impact: ICS network compromise and operational disruption.
Mitigation: Update firmware and change default credentials.
Source: SecurityWeek

Dior Discloses Data Breach Impacting Luxury Customers

Dior confirmed a January 2025 breach exposing names, IDs, and SSNs of fashion/accessories clients. No payment data was stored. Free credit monitoring offered for 24 months.
Source: SecurityWeek

Darktrace Acquires Mira Security for Encrypted Traffic Analysis

Darktrace expands network security with Mira’s inline decryption tech, enhancing visibility for regulated industries. Mira’s team will integrate into Darktrace’s R&D.
Source: SecurityWeek

Share this brief: https://svo.bz/jEjp

If you want to support us, you can donate here: Donate