Svoboda Cybersecurity Brief August 21, 2025
Aug 21, 2025bulletproof VPN - stay anonymous
RapperBot Botnet Administrator Charged After Disruption
US authorities charged 22-year-old Ethan Foltz for operating the RapperBot botnet, which launched 370,000+ DDoS attacks using compromised IoT devices (DVRs, routers). The botnet peaked at 6 Tbps attack volume and targeted victims in 80+ countries. Law enforcement seized control of botnet infrastructure in August 2025.
Impact: Massive DDoS disruption affecting 18,000 victims, including US govt networks.
Mitigation: Secure IoT devices with strong credentials, disable unused services, monitor for DDoS traffic.
Source: SecurityWeek
FSB-Linked Hackers Exploit Unpatched Cisco Devices for Espionage
Russian group Static Tundra (linked to FSB) targets telecom, education, and manufacturing sectors globally using CVE-2018-0171, a critical flaw in Cisco Smart Install. The group deploys SYNful Knock malware for persistent access and exfiltrates network traffic via GRE tunnels.
Impact: Long-term espionage, data theft, and network compromise.
Mitigation: Patch Cisco devices, disable Smart Install, monitor SNMP traffic.
Source: The Hacker News
Inotiv Pharma Hit by Qilin Ransomware, Data Stolen
Pharmaceutical firm Inotiv confirmed a ransomware attack on August 8, disrupting operations and encrypting internal systems. The Qilin group claimed responsibility, leaking 176GB of sensitive data (financial docs, agreements). Systems remain partially offline.
Impact: Operational disruption, sensitive data exposure.
Mitigation: Isolate affected systems, restore from backups, improve endpoint security.
Source: SecurityWeek
Major Password Managers Vulnerable to Clickjacking Exploits
Six password managers (1Password, LastPass, Bitwarden, etc.) are vulnerable to DOM-based clickjacking, allowing credential theft via hidden autofill prompts. Researcher Marek Tóth demonstrated exploits at DEF CON 33. Bitwarden patched in v2025.8.0; others remain unpatched.
Impact: Credential, 2FA, and credit card data theft via malicious sites.
Mitigation: Disable autofill, use copy/paste, update to patched versions.
Source: BleepingComputer
Orange Belgium Data Breach Exposes 850K Customers
Attackers accessed names, phone numbers, SIM/PUK codes, and tariff plans of 850K Orange Belgium customers in late July. No financial data was exposed. The breach was contained, and authorities notified.
Impact: Privacy risks, potential SIM-swapping attacks.
Mitigation: Monitor for phishing, enable SIM lock features.
Source: DataBreaches.net
AI Website Builder Lovable Abused for Phishing, Malware
Cybercriminals abuse Lovable AI to host phishing kits (Tycoon, zgRAT malware) and fake shops (e.g., UPS, Aave). Proofpoint observed tens of thousands of malicious URLs. Lovable added real-time detection but gaps remain.
Impact: Credential theft, malware infections, financial fraud.
Mitigation: Block Lovable domains, train users on phishing, enforce MFA.
Source: BleepingComputer
Workhorse Municipal Software Exposed Sensitive Data
CVE-2025-9037 (plaintext credentials) and CVE-2025-9040 (unencrypted DB backups) in Workhorse software exposed SSNs, financial records for 310 US municipalities. Patched in v1.9.4.48019.
Impact: Data tampering, PII exposure.
Mitigation: Apply patches, encrypt backups, restrict file access.
Source: SecurityWeek
Intel Internal Portals Exposed 270K Employee Records
Researcher found authentication bypass flaws in Intel India portals, exposing global employee names, emails, roles. Intel patched in 2024; bug bounty now covers such issues.
Impact: Privacy risks, potential spear-phishing.
Source: SecurityWeek
UK Cannabis Clinic Leaks Patient Prescription Data
CB1 Medical exposed patient names, birth dates, prescriptions via a misconfigured file hosting site. No evidence of malicious access; data removed promptly.
Impact: Privacy violation, medical data exposure.
Source: DataBreaches.net
Share this brief: https://svo.bz/3IuD
If you want to support us, you can donate here: Donate