Svoboda Cybersecurity Brief August 16, 2025
Aug 16, 2025bulletproof VPN - stay anonymous
Critical Cisco Secure FMC RADIUS Vulnerability Allows Remote Code Execution
A max-severity (CVSS 10.0) vulnerability (CVE-2025-20265) in Cisco’s Secure Firewall Management Center (FMC) allows unauthenticated attackers to execute arbitrary commands via crafted RADIUS authentication input. Affects FMC versions 7.0.7 and 7.7.0 when RADIUS auth is enabled for web/SSH management.
Impact: Remote code execution with high privileges.
Mitigation: Apply patches immediately or disable RADIUS authentication.
Source: BleepingComputer
WarLock Ransomware Claims Attack on Colt Telecom, Data for Sale
UK telecom giant Colt Technology Services suffered a multi-day outage after a cyberattack, with WarLock ransomware gang claiming responsibility. Attackers allegedly exploited CVE-2025-53770 (SharePoint RCE) and are selling 1M stolen documents (financial, customer, and employee data) for $200k.
Source: BleepingComputer
Keenan & Associates Settles 1.5M-Record Data Breach for $14M
Keenan & Associates settled litigation over a 2023 breach exposing 1.57M individuals’ SSNs, health data, and IDs. Attackers accessed systems between August 21-27, 2023, but breach details (e.g., ransomware) remain unclear. Settlement includes 3 years of credit monitoring and up to $10k reimbursement per victim.
Source: DataBreaches.net
UAT-7237 APT Targets Taiwan with Customized Open-Source Tools
Chinese-speaking group UAT-7237 breached Taiwanese web servers using customized open-source tools like SoundBill loader (based on VTHello) to deploy Cobalt Strike. Tactics include SoftEther VPN for persistence and RDP access, diverging from parent group UAT-5918’s web shell reliance.
Source: TheHackerNews
US Sanctions Grinex Crypto Exchange as Garantex Successor
The US Treasury sanctioned Grinex, a Russian crypto exchange linked to Garantex, for laundering $100M+ in ransomware payments. Grinex emerged post-Garantex’s March 2025 takedown and processed billions in crypto transactions. Operators used A7A5 token to bypass sanctions.
Source: TheHackerNews
Plex Urges Patch for Unspecified Media Server Vulnerability
Plex warned users to update Media Server (v1.41.7.x-1.42.0.x) due to an unpatched vulnerability reported via its bug bounty program. No CVE or details disclosed, but exploit risk is high given Plex’s history of RCE flaws (e.g., CVE-2020-5741).
Source: BleepingComputer
Android pKVM Achieves SESIP Level 5 Security Certification
Google’s pKVM (protected KVM) for Android earned SESIP Level 5, the highest assurance for IoT security, with AVA_VAN.5 penetration testing validation. Ensures resistance to advanced attackers and protects on-device AI data.
Source: SecurityWeek
Rockwell Patches Critical Flaws in Micro800 and ControlLogix
Rockwell fixed critical RCE flaws in Micro800 PLCs (Azure RTOS) and ControlLogix (CVE-2025-7353), plus high-severity issues in FactoryTalk and Studio 5000. No exploits observed.
Source: SecurityWeek
Mobile Phishers Shift Focus to Brokerage Accounts for “Ramp-and-Dump” Scams
Phishing kits targeting brokerage accounts (e.g., Schwab) now manipulate Chinese penny stocks via compromised accounts. Attackers use OTP phishing to liquidate holdings and inflate prices before dumping shares.
Source: KrebsOnSecurity
Share this brief: https://svo.bz/t0T7
If you want to support us, you can donate here: Donate