Svoboda Cybersecurity Brief July 05, 2025

Jul 05, 2025

Nova Scotia Power Breach Impacts 280,000 Customers

Nova Scotia Power disclosed a March 2025 ransomware attack exposing customer data including names, addresses, birthdates, payment history, and Social Insurance Numbers. The attacker accessed systems between March 19 and April 25, but the company refused to pay the ransom. Affected customers are offered two years of credit monitoring.
Source: DataBreaches.net

Critical Sudo Flaws Allow Linux Root Privilege Escalation

Two vulnerabilities (CVE-2025-32462 and CVE-2025-32463) in Sudo versions before 1.9.17p1 let local users execute arbitrary root commands. The more severe flaw (CVSS 9.3) abuses the --chroot option to load malicious libraries. Major Linux distros like Red Hat, Debian, and Ubuntu have issued patches.
Impact: Local privilege escalation to root on unpatched systems.
Mitigation: Update to Sudo 1.9.17p1 or apply vendor patches.
Source: The Hacker News

NightEagle APT Exploits Microsoft Exchange Zero-Day in China

A newly identified threat actor (NightEagle) targets Chinese military/tech sectors using a Go-based Chisel variant and a Microsoft Exchange zero-day to steal emails. Attacks occur during Beijing nighttime (9 PM–6 AM), suggesting North American origins. The exploit leverages insecure machineKey deserialization.
Impact: Unauthorized mailbox access in high-value sectors.
Mitigation: Monitor for suspicious IIS modifications and apply Exchange patches.
Source: The Hacker News

Brandt Kettwick Defense Exposes Sensitive Legal Files via Misconfiguration

A Minnesota law firm left interview transcripts, case files, and sex trafficking evidence exposed in an unsecured Azure blob for months. Researchers spent weeks attempting disclosure, but the firm ignored alerts until law enforcement intervened. No evidence of data recovery or victim notification.
Source: DataBreaches.net

SK Telecom Faces Fines, Criminal Probe Over 23M-Customer Breach

South Korea penalizes SK Telecom for late breach reporting and failing to preserve evidence after a USIM card data leak affecting 23 million users. The breach may date back to August 2021. Regulators ordered waived cancellation fees and launched a criminal investigation.
Source: DataBreaches.net

Louis Vuitton Korea Hit by Cyberattack, Customer Data Leaked

LVMH’s Korean unit suffered a June 8 breach exposing customer data (no financial details). This is the third LVMH brand breach in 2025, with ShinyHunters suspected. French authorities recently arrested alleged group members.
Source: DataBreaches.net

Ingram Micro Global Outage Sparks Ransomware Suspicions

The IT distributor’s systems remain offline globally, with employees and customers locked out. Reddit reports suggest ransomware, but the company has not confirmed the cause. Internal systems and websites show Akamai errors or maintenance messages.
Source: BleepingComputer

Google Fined $314M for Unauthorized Android Cellular Data Use

A California jury ruled Google improperly used background cellular data to transmit logs (OS metrics, app lists) without consent. Tests showed idle Android devices sent 8.88 MB/day, 94% to Google. The company plans to appeal.
Source: The Hacker News

CryLock Ransomware Developer Sentenced to 7 Years in Belgium

A Russian developer behind CryLock ransomware received a seven-year prison term, while an accomplice got five years. Authorities seized €60M (~$70M) in crypto from the operation, which targeted thousands of systems.
Source: SecurityWeek

Share this brief: https://svo.bz/tMRX

If you want to support us, you can donate here: Donate