Svoboda Cybersecurity Brief July 06, 2025
Jul 06, 2025bulletproof VPN - stay anonymous
Kentfield Hospital Cyberattack Exposes Sensitive Patient Data
World Leaks ransomware group breached Kentfield Hospital, stealing 146.4 GB of data including 140,683 files with unprotected PHI (patient names, diagnoses, treatment details, insurance info). The data includes 28,000+ wound care images and disciplinary records of employees, with no encryption detected. Hospital operations appear unaffected, but breach notifications to HHS and California regulators are likely.
Source: DataBreaches
Brazil’s Central Bank Provider Hack Steals $140M via Insider Threat
C&M Software, a service provider for Brazil’s Central Bank, was compromised by an insider who sold credentials for $2,700, enabling theft of $140M from reserve accounts. Hackers laundered $30M-$40M via crypto exchanges. The attack highlights risks of third-party vendor access to critical financial systems.
Source: DataBreaches
Ingram Micro Hit by SafePay Ransomware Attack
IT distributor Ingram Micro suffered a SafePay ransomware attack, forcing shutdowns of Xvantage and Impulse platforms. Attackers likely breached via GlobalProtect VPN, leaving ransom notes but encryption status unclear. SafePay, active since 2024, has 220+ victims and often targets VPNs with credential spraying.
Source: BleepingComputer
Indian Insurance Firm Max Financial Reports Customer Data Breach
Axis Max Life Insurance (subsidiary of Max Financial) disclosed unauthorized access to customer data after an anonymous tip. Investigation underway with infosec experts, but specifics on data scope or attacker identity remain undisclosed.
Source: DataBreaches
Exposed JDWP Interfaces Exploited for Cryptomining Attacks
Threat actors abuse Java Debug Wire Protocol (JDWP) misconfigurations (port 5005) to deploy modified XMRig miners. Attacks target TeamCity, Jenkins, and Elasticsearch, using cron jobs for persistence and hiding wallet addresses via proxy pools. Over 2,600 IPs actively scan for JDWP endpoints.
Impact: Remote code execution leading to cryptojacking and resource theft.
Mitigation: Disable JDWP in production or restrict access to trusted IPs.
Source: The Hacker News
New Hpingbot Botnet Targets SSH for DDoS Campaigns
Go-based Hpingbot malware spreads via SSH brute-forcing, using Pastebin to host C2 instructions and hping3 for TCP/UDP floods. Targets Germany, US, and Turkey, with Windows versions focusing on payload delivery. Distinct from Mirai/Gafgyt, it shows debugging comments in German, suggesting active development.
Impact: DDoS attacks and potential secondary payload delivery.
Mitigation: Enforce SSH key authentication and monitor Pastebin-linked traffic.
Source: The Hacker News
Taiwan Warns Against Chinese Apps Over Data Privacy Risks
Taiwan’s NSB flags TikTok, Weibo, RedNote for excessive data collection (15/15 indicators violated by RedNote), including biometrics and device info. Data is sent to Chinese servers, raising national security concerns under China’s data laws.
Source: The Hacker News
Iranian Cyberattacks Against US Targets Since 2011 Documented
FDD report details Iran-linked cyber operations (2011–2025), including IRGC attacks on US banks (2011–2013) and Navy intranet breaches. Recent advisory warns of continued threats to critical infrastructure and defense sectors.
Source: DataBreaches
Nigerian Fraudster Pleads Guilty to $6M Elderly Scam Scheme
Ehis Akhimie admitted to defrauding 400+ elderly US victims via fake inheritance letters, using mules to launder funds. Seven accomplices across UK, Spain, and Nigeria previously sentenced.
Source: DataBreaches
Share this brief: https://svo.bz/hHkH
If you want to support us, you can donate here: Donate