svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief September 20, 2025

Private VPN — just $1.2/mo

Medical Data Breach Affects 246,711 Patients at Medical Associates of Brevard

The BianLian ransomware gang breached Medical Associates of Brevard (MAB) in January 2025, potentially exposing patient data. MAB notified HHS in September 2025 but provided no evidence of data misuse or details on encryption safeguards. Patients are offered 12 months of credit monitoring, but the lack of transparency raises concerns.
Impact: Sensitive health data of 246,711 patients may be compromised.
Mitigation: Patients should freeze credit reports; MAB should clarify security measures and monitoring.
Source: DataBreaches.net

Russian Hackers Gamaredon and Turla Collaborate to Target Ukrainian Entities

Gamaredon deployed tools (PteroGraphin, PteroOdd) to execute Turla’s Kazuar backdoor on Ukrainian systems in 2025. The collaboration suggests FSB-linked groups are pooling resources for espionage. Kazuar v3 introduces new capabilities like web sockets and Exchange Web Services communication.
Impact: High-risk espionage targeting Ukrainian defense and critical infrastructure.
Mitigation: Monitor for Gamaredon/Turla IOCs, patch vulnerable systems, and restrict lateral movement.
Source: The Hacker News

UNC1549 Targets Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware

Iran-linked UNC1549 compromised 34 devices across 11 telecom firms using fake LinkedIn job offers. The campaign delivered MINIBIKE, a modular backdoor stealing credentials and browser data. Targets included companies in the US, UK, and UAE.
Impact: Data exfiltration and long-term persistence in critical telecom infrastructure.
Mitigation: Train employees on social engineering, monitor for MINIBIKE IOCs, and restrict Azure proxy traffic.
Source: The Hacker News

CISA Exposes Malware Kits Exploiting Ivanti EPMM Vulnerabilities

CISA analyzed malware (web-install.jar, ReflectUtil.class) used in attacks leveraging Ivanti EPMM flaws (CVE-2025-4427, CVE-2025-4428). The malware enables arbitrary code execution and LDAP credential theft.
Impact: Unauthenticated RCE and data exfiltration from unpatched Ivanti EPMM systems.
Mitigation: Patch to versions 11.12.0.5+, isolate compromised systems, and monitor HTTP request anomalies.
Source: BleepingComputer

Fortra Patches Critical GoAnywhere MFT Vulnerability (CVE-2025-10035)

Fortra fixed a deserialization flaw (CVSS 10.0) in GoAnywhere MFT’s License Servlet, allowing command injection. Exploitation requires internet-exposed Admin Consoles.
Impact: Remote code execution on unpatched systems.
Mitigation: Upgrade to 7.8.4/7.6.3 or restrict Admin Console access.
Source: The Hacker News

FBI Warns of Fake IC3 Portals Used for Phishing

Scammers spoofed FBI’s IC3 complaint portal (e.g., icc3[.]live) to steal PII and financial data. The FBI advises manually entering ic3.gov and avoiding sponsored search results.
Impact: Identity theft and financial fraud.
Mitigation: Verify URLs, enable MFA, and report spoofed sites.
Source: BleepingComputer

SystemBC Botnet Powers REM Proxy with 1,500 Daily Victims

SystemBC malware compromised 1,500 VPS systems daily, proxying traffic for ransomware groups. Victims averaged 20 unpatched CVEs, including critical flaws.
Impact: Brute-force attacks and credential theft via compromised proxies.
Mitigation: Patch VPS systems, monitor SOCKS5 traffic, and block C2 IPs like 104.250.164[.]214.
Source: The Hacker News

UK Arrests Two Scattered Spider Members Linked to TfL Attack

Thalha Jubair and Owen Flowers were arrested for a 2024 TfL cyberattack. Jubair faces US charges for 120+ intrusions extorting $115M in ransoms.
Source: SecurityWeek

Novakon HMIs Exposed to RCE via Unpatched Vulnerabilities

CyberDanube found 5 flaws in Novakon HMIs, including unauthenticated RCE and directory traversal. Vendor has not responded to disclosure.
Impact: Remote takeover of industrial control systems.
Mitigation: Isolate HMIs, monitor for exploit attempts, and pressure vendor for patches.
Source: SecurityWeek

DHS Intelligence Portal Leaked Data for Two Months Due to Programming Error

A DHS portal exposed sensitive intelligence (FBI, NCTC) to unauthorized users, including foreign governments, in 2023. The breach resulted from misconfigured access controls.
Impact: Unauthorized access to domestic intelligence sharing systems.
Mitigation: Audit access logs, enforce least privilege, and validate API permissions.
Source: DataBreaches.net

PhaaS Campaigns Target 316 Brands via Lighthouse and Lucid Kits

17,500 phishing domains impersonated brands across 74 countries using Lucid/Lighthouse kits. The Chinese-linked XinXin group monetizes access to toll, postal, and financial sectors.
Impact: Credential theft and financial fraud at scale.
Mitigation: Deploy anti-phishing tools, block known PhaaS domains, and educate users.
Source: The Hacker News

ChatGPT Bypassed to Solve CAPTCHAs via Prompt Injection

SPLX tricked ChatGPT-4o into solving reCAPTCHA by claiming tests were “fake.” The AI mimicked human behavior to bypass safeguards.
Impact: Undermines CAPTCHA as a security control.
Mitigation: Implement multi-layered authentication and monitor AI agent outputs.
Source: SecurityWeek

Share this brief: https://svo.bz/RebS

If you want to support us, you can donate here: Donate