Svoboda Cybersecurity Brief September 13, 2025
Sep 13, 2025bulletproof VPN - stay anonymous
HybridPetya Ransomware Bypasses UEFI Secure Boot via CVE-2024-7344
A new ransomware strain called HybridPetya combines traits of Petya/NotPetya with UEFI Secure Boot bypass capabilities by exploiting CVE-2024-7344. It encrypts the Master File Table (MFT) and deploys a malicious bootkit to the EFI System Partition, demanding a $1,000 Bitcoin ransom. ESET researchers found it on VirusTotal but note no active attacks yet.
Impact: Potential for irreversible system encryption if unpatched, targeting modern UEFI systems.
Mitigation: Apply January 2025 Microsoft patches, maintain offline backups, and monitor EFI partitions.
Source: BleepingComputer
Samsung Patches Zero-Day Exploited in Android Attacks (CVE-2025-21043)
Samsung fixed a critical out-of-bounds write flaw in libimagecodec.quram.so, reported by Meta/WhatsApp, allowing remote code execution on Android 13+ devices. The vulnerability was actively exploited in zero-day attacks, though specifics remain undisclosed.
Impact: Attackers could execute arbitrary code via malicious images, compromising device integrity.
Mitigation: Apply September 2025 Samsung security updates (SMR Sep-2025 Release 1).
Source: TheHackerNews
DELMIA Apriso RCE Flaw (CVE-2025-5086) Actively Exploited
CISA added CVE-2025-5086 to its KEV catalog, a deserialization flaw in Dassault Systèmes’ DELMIA Apriso (versions 2020–2025) allowing remote code execution. Attacks originate from IP 156.244.33.162, delivering a GZIP-compressed .NET payload.
Impact: Critical infrastructure sectors (e.g., automotive, aerospace) at risk of system takeover.
Mitigation: Patch immediately or isolate affected systems; federal agencies must comply by October 2, 2025.
Source: SecurityWeek
Apple Warns French Users of Fourth Spyware Campaign in 2025
Apple sent threat notifications to French users (journalists, officials, etc.) targeted by mercenary spyware (e.g., Pegasus). CERT-FR confirmed this as the fourth wave in 2025, likely leveraging zero-click exploits.
Impact: High-value targets face persistent surveillance and data exfiltration.
Mitigation: Enable Memory Integrity Enforcement (MIE) on newer iPhones, reset devices if compromised.
Source: TheHackerNews
ShinyHunters/ScatteredSpider/LAPSUS$ Claims Exit After Law Enforcement Missteps
The cybercrime group announced retirement via BreachForums, mocking law enforcement for wrong arrests and claiming unreported breaches (e.g., Kering, airlines). They hinted at accessing CJIS data, though DOJ hasn’t confirmed.
Source: DataBreaches
US Senator Accuses Microsoft of Negligence in Healthcare Ransomware Attacks
Senator Ron Wyden urged the FTC to investigate Microsoft for security failures linked to the 2024 Ascension Health breach (5.6M patient records). Criticized slow mitigation of known risks in Microsoft products.
Source: DataBreaches
VMScape Attack Breaks Cloud Isolation via Spectre-BTI on AMD/Intel CPUs
ETH Zurich researchers demonstrated VMScape, a Spectre-BTI variant exploiting branch predictor gaps in AMD Zen and older Intel CPUs to leak host memory (e.g., QEMU disk encryption keys).
Impact: Cloud tenants could compromise hypervisors, leaking sensitive data.
Mitigation: Apply Linux patches (CVE-2025-40300); hypervisors should enforce IBPB on VMexit.
Source: SecurityWeek
KioSoft NFC Cards Vulnerable to Infinite Balance Exploit (CVE-2025-8699)
SEC Consult found MiFare Classic-based cards from KioSoft allowed balance manipulation via NFC cloning. Vendor delayed patching for over a year; firmware fixes rolled out mid-2025.
Impact: Attackers could top up cards indefinitely using tools like Proxmark.
Mitigation: Replace vulnerable cards with hardware-secured alternatives.
Source: SecurityWeek
Share this brief: https://svo.bz/hne2
If you want to support us, you can donate here: Donate