svoboda.center

Svoboda Cybersecurity Brief May 14, 2025

bulletproof VPN - stay anonymous

FBI and Dutch Police Dismantle Anyproxy Cybercriminal Infrastructure

International law enforcement took down the Anyproxy proxy service, operational since 2004, used for phishing, ransomware, and data theft. The service abused end-of-life routers (6,000+ IPs) for anonymity, hosted partly in Dutch data centers.

Impact: Enabled global cybercrime, including financial theft and network disruptions.
Mitigation: Replace outdated routers; enforce KYC policies for hosting services.
Source: DataBreaches.net

SAP Patches Second Zero-Day (CVE-2025-42999) Exploited with CVE-2025-31324

Attackers chained CVE-2025-42999 (deserialization flaw) with CVE-2025-31324 (unauthenticated upload) to execute remote commands on SAP NetWeaver. Chinese group Chaya_004 linked to attacks on 1,284+ vulnerable instances.

Impact: RCE on unpatched systems; Fortune 500 companies compromised.
Mitigation: Apply SAP Notes 3594142 & 3604119; disable Visual Composer service.
Source: BleepingComputer

Ivanti EPMM Zero-Days (CVE-2025-4427 & CVE-2025-4428) Exploited for RCE

Two flaws in Ivanti Endpoint Manager Mobile allowed unauthenticated RCE via API abuse. Servers were compromised globally, with indicators like fcgi debugging logs.

Impact: Full system compromise; limited customer breaches confirmed.
Mitigation: Update to EPMM 11.12.0.5/12.3.0.2/12.4.0.2/12.5.0.1.
Source: BleepingComputer

Fortinet Fixes Critical Zero-Day (CVE-2025-32756) in FortiVoice

A stack overflow in FortiVoice, FortiMail, and other products allowed RCE via malicious HTTP requests. Attackers deployed malware, credential harvesters, and network scanners.

Impact: Full device takeover; scans from IPs like 218.187.69.244.
Mitigation: Patch immediately or disable HTTP/HTTPS admin interfaces.
Source: BleepingComputer

Intel CPU Flaw (CVE-2024-45332) Leaks Kernel Memory

“Branch Privilege Injection” bypasses Spectre v2 mitigations, leaking 5.6 KB/sec of kernel data (e.g., /etc/shadow) on 9th-gen+ Intel CPUs (Coffee Lake to Raptor Lake).

Impact: Sensitive data exposure; low-risk for average users.
Mitigation: Apply microcode updates (2.7% performance hit).
Source: BleepingComputer

M&S Confirms Data Stolen in DragonForce Ransomware Attack

Attackers exfiltrated customer names, addresses, order history, and masked payment details. Online orders halted; password resets enforced for all accounts.

Impact: Phishing risks; business disruption.
Source: BleepingComputer

North Korean Konni Group Targets Ukraine with Phishing

TA406 sent think tank-themed emails with MEGA-hosted .RAR archives, deploying PowerShell/VBScript for espionage. Aimed to assess war risks for DPRK troops in Ukraine.

Impact: Credential theft; intelligence gathering.
Source: BleepingComputer

Moldovan Police Arrest Suspect in €4.5M Dutch Ransomware Attack

A 45-year-old suspect allegedly attacked Netherlands Organization for Scientific Research, laundering funds via crypto. €84,000 cash and devices seized.

Impact: Financial and research disruption.
Source: DataBreaches.net

Twilio Denies Breach After Alleged Steam 2FA Code Leak

Threat actor Machine1337 claimed to sell 89M Steam records, but Twilio found no evidence of compromise. Leak may stem from an SMS provider intermediary.

Impact: Potential account hijacking via leaked OTPs.
Mitigation: Enable Steam Guard Authenticator.
Source: BleepingComputer

NWT Health System Reports Employee Snooping in Medical Records

Two NTHSSA employees accessed records without authorization. Privacy commissioner confirmed intentional breaches.

Impact: Patient privacy violations.
Source: DataBreaches.net

Share this brief: https://svo.bz/hplG

If you want to support us, you can donate here: Donate