svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief August 24, 2025

Aug 24, 2025

bulletproof VPN - stay anonymous

Major Cyberattack Disrupts Iranian Maritime Communications

A hacker group dubbed ‘Lip-Dochtjan’ breached Fannava, an Iranian satellite communications firm, disrupting communications for 30 oil tankers and 25 cargo ships. The attackers exploited Linux OS vulnerabilities to disable Falcon, Iran’s central maritime communications system.
Source: DataBreaches.net

GeoServer Exploits Monetize Compromised Bandwidth

Attackers exploited CVE-2024-36401 (CVSS 9.8) in OSGeo GeoServer GeoTools to deploy stealthy monetization payloads. The malware mimics legitimate SDKs, using victims’ bandwidth for residential proxy services or passive income generation.
Impact: Over 7,100 exposed GeoServer instances globally, with China and the U.S. most affected.
Mitigation: Patch GeoServer instances and monitor for unusual bandwidth usage.
Source: The Hacker News

New York AG Sues Zelle for Enabling $1B Fraud

Early Warning Services (EWS), Zelle’s operator, faces lawsuits for failing to implement anti-fraud safeguards, leading to scams like impersonating ConEd. The platform’s quick, irreversible transfers enabled fraudsters to steal over $1B (2017–2023).
Source: DataBreaches.net

PolarEdge Botnet Targets Enterprise and IoT Devices

The PolarEdge botnet exploits vulnerabilities in firewalls, routers, and IP cameras, deploying a custom TLS backdoor. Over 40,000 devices (70% in South Korea/U.S.) are compromised, likely serving as operational relay boxes (ORBs).
Impact: Devices function normally while relaying malicious traffic.
Mitigation: Patch affected devices and monitor non-standard ports.
Source: The Hacker News

Gayfemboy Mirai Variant Expands Targeting Scope

A Mirai variant dubbed gayfemboy targets ARM, MIPS, and x86 systems, delivering DDoS payloads and backdoor access. It evades detection via sandbox evasion and terminates competing processes.
Impact: Targets sectors like manufacturing and tech across Brazil, U.S., and Germany.
Mitigation: Disable unused services and apply vendor patches.
Source: The Hacker News

TA-NATALSTATUS Cryptojacks Redis Servers

Attackers scan exposed Redis servers (port 6379), deploying miners while evading detection via renamed system binaries (e.g., ps.original). The campaign disables SELinux and blocks competing miners.
Impact: Targets unsecured Redis instances for cryptocurrency mining.
Mitigation: Secure Redis with authentication and monitor cron jobs.
Source: The Hacker News

Share this brief: https://svo.bz/fHT3

If you want to support us, you can donate here: Donate