svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief August 11, 2025

Aug 11, 2025

bulletproof VPN - stay anonymous

Blue Locker Ransomware Targets Pakistani Institutions

Pakistan’s NCERT issued an advisory warning of Blue Locker ransomware attacks targeting key national institutions. The malware encrypts files and demands ransom, with incidents reported across government and financial sectors.

Source: DataBreaches.net

Win-DDoS Flaws Exploit Public Domain Controllers via RPC LDAP

Researchers uncovered Win-DDoS vulnerabilities (CVE-2025-XXXXX) enabling attackers to hijack public domain controllers into a DDoS botnet via RPC LDAP abuse. Exploits require minimal privileges, amplifying reflection attacks.
Impact: Large-scale DDoS attacks leveraging high-bandwidth LDAP responses.
Mitigation: Patch vulnerable LDAP implementations, restrict RPC access, and monitor anomalous LDAP traffic.

Source: The Hacker News

Windows EPM Poisoning Enables Domain Privilege Escalation

A new EPM (Endpoint Protection Manager) poisoning exploit chain allows attackers to escalate privileges to Domain Admin by manipulating Windows Defender configurations. The attack abuses misconfigured Group Policy Objects (GPOs).
Impact: Full domain compromise via privilege escalation.
Mitigation: Audit GPO permissions, enforce strict EPM policies, and apply Microsoft’s latest security updates.

Source: The Hacker News

Connex Credit Union Hack Exposes 172,000 Members

Connex Credit Union disclosed a cyberattack affecting 172,000 members, with compromised data including names, SSNs, and account details. The breach occurred via a third-party vendor vulnerability.

Source: DataBreaches.net

Federal Judiciary Reports Continued Data Leaks Post-Cyberattack

The U.S. federal judiciary confirmed ongoing data leaks despite security enhancements following a recent cyberattack. Independent researchers uncovered exposed sensitive court documents linked to the breach.

Source: DataBreaches.net

Bank of America Denies Reimbursement to Hacked Customer

A Georgia customer lost $15,000 to hackers due to account takeover fraud, but Bank of America initially refused reimbursement. The bank reversed its decision after media intervention.

Source: DataBreaches.net

Share this brief: https://svo.bz/0ALU

If you want to support us, you can donate here: Donate