The United States Court of Appeals for the Sixth Circuit has affirmed the new data breach notification and reporting rules established by the Federal Communications Commission (FCC). This ruling, detailed in a recent decision, will take full effect in 2024.…
SinoTrack GPS Devices Exposed: Default Passwords Allow Remote Vehicle Control
June 11, 2025
IoT Security / Vulnerability
Recent security vulnerabilities in SinoTrack GPS devices could enable unauthorized remote control of specific functions in connected vehicles, including location tracking. According to an advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without authorization through the common web management interface.” This access may enable attackers to execute functions such as tracking vehicle location and, where applicable, disconnecting the fuel pump.
The vulnerabilities impact all versions of the SinoTrack IoT PC Platform. Below is a brief overview of the identified flaws:
SinoTrack GPS Devices Expose Vulnerabilities for Remote Vehicle Control On June 11, 2025, significant security vulnerabilities were identified in SinoTrack GPS devices, which could be leveraged by attackers to manipulate certain remote functions of connected vehicles and monitor their locations.…
A sophisticated cyber attack targeting an East Asian IT company involved the use of a custom malware, RDStealer, developed in Golang. “The operation spanned over a year, aimed at stealing credentials and data,” stated Bitdefender security researcher Victor Vrabie in a report shared with The Hacker News. Evidence from the Romanian cybersecurity firm indicates that the operation, dubbed RedClouds, began in early 2022 and reflects the interests of China-based threat actors. Initially, the campaign utilized common remote access and post-exploitation tools such as AsyncRAT and Cobalt Strike, but it later shifted to custom malware in late 2021 or early 2022 to evade detection. A key evasion strategy involved using Microsoft Windows folders typically excluded from security scans, like System32 and Program Files, to conceal the malware.
Experts Uncover Extended Cyber Attack Targeting East Asian IT Firm with Custom Malware RDStealer June 20, 2023 In a significant security breach, cybersecurity experts have revealed a prolonged and sophisticated cyber attack on an information technology firm located in East…
Blockchain & Cryptocurrency, Cryptocurrency Fraud, Fraud Management & Cybercrime Highlights: Coinbase’s Misconfigured Smart Contract, GMX Repayment Plans Rashmi Ramesh (rashmiramesh_) • August 21, 2025 Image: Shutterstock Each week, Information Security Media Group compiles notable cybersecurity incidents in the realm of…
BREAKING: Law Enforcement Dismantles 7,000-Device Botnet Fueled by IoT and End-of-Life Systems in U.S. – Joint Dutch Operation
May 09, 2025
IoT Security / Network Security
In a coordinated effort, Dutch and U.S. authorities have successfully dismantled a vast proxy network powered by thousands of compromised Internet of Things (IoT) and end-of-life (EoL) devices. This botnet was exploited to provide anonymity for malicious activities. In addition to seizing the domains associated with the operation, the U.S. Department of Justice (DoJ) has charged Russian nationals Alexey Viktorovich Chertkov, 37; Kirill Vladimirovich Morozov, 41; Aleksandr Aleksandrovich Shishkin, 36; and Kazakhstani national Dmitriy Rubtsov, 38, for profiting from the proxy services. The DoJ revealed that users subscribed to the service for monthly fees between $9.95 and $110, resulting in over $46 million in revenue for the criminal network, which is believed to have been active since 2004.
Breaking: Criminal Proxy Botnet Utilizing IoT and End-of-Life Devices Dismantled in Collaborative U.S.-Dutch Operation On May 9, 2025, a significant joint operation by Dutch and U.S. law enforcement successfully dismantled a sophisticated criminal proxy network that exploited thousands of compromised…
BOSTON, Aug. 21, 2025 (GLOBE NEWSWIRE) — Thrive, a prominent global provider of technology outsourcing specializing in cybersecurity, cloud services, and traditional managed services, has unveiled a new Network Detection and Response (NDR) service aimed at bolstering cybersecurity for businesses.…
Date: June 11, 2025
Category: Network Security / Threat Intelligence
Threat intelligence firm GreyNoise has issued a warning about a “coordinated brute-force activity” aimed at Apache Tomcat Manager interfaces. On June 5, 2025, a significant uptick in brute-force and login attempts was observed, suggesting an organized effort to “identify and access exposed Tomcat services at scale.” A total of 295 unique malicious IP addresses were detected executing brute-force attempts against Tomcat Manager. In the last 24 hours alone, 188 unique IPs have been recorded, predominantly from the United States, the United Kingdom, Germany, the Netherlands, and Singapore. Furthermore, 298 IPs were noted conducting login attempts against Tomcat Manager instances, with all 246 flagged IPs in the past day classified as malicious and hailing from the same locations.
295 Malicious IPs Initiate Coordinated Brute-Force Attacks on Apache Tomcat Manager June 11, 2025 Network Security / Threat Intelligence GreyNoise, a prominent threat intelligence organization, has issued an alert regarding significant coordinated brute-force attacks aimed at Apache Tomcat Manager interfaces.…
Date: July 7, 2023
In its latest security update, Google has addressed 46 new vulnerabilities in the Android operating system, highlighting three that are actively exploited in targeted attacks. Notably, CVE-2023-26083 pertains to a memory leak issue in the Arm Mali GPU driver for Bifrost, Avalon, and Valhall architectures. This vulnerability was previously exploited in December 2022, allowing spyware to infiltrate Samsung devices. Its severity prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue a patching directive for federal agencies in April 2023. Additionally, CVE-2021-29256 represents a high-severity flaw affecting certain versions of the Bifrost and Midgard Arm Mali GPU kernel drivers, enabling an unprivileged user to access sensitive data and escalate privileges to the root level.
Google Addresses Critical Vulnerabilities in Latest Android Update On July 7, 2023, Google rolled out its monthly security updates for the Android operating system, patching a total of 46 newly identified vulnerabilities. Notably, three of these vulnerabilities have been confirmed…
Data Privacy, Data Security, Fraud Management & Cybercrime Inotiv Inc. Reports Disruptions Due to Cyberattack Marianne Kolbasuk McGee (HealthInfoSec) • August 20, 2025 Inotiv has informed the SEC that a cyberattack on August 8 has compromised its IT systems. (Image:…
May 12, 2025
Secrets Management / DevSecOps
Detecting leaked credentials is only part of the solution. The real challenge—and often the overlooked aspect—is the follow-up after detection. New insights from GitGuardian’s State of Secrets Sprawl 2025 report highlight a concerning trend: a significant number of exposed company secrets found in public repositories remain active for years post-discovery, expanding the attack surface that many organizations neglect. GitGuardian’s analysis of public GitHub repositories reveals that a worrisome percentage of credentials identified as far back as 2022 are still valid today. “Detecting a leaked secret is just the beginning,” notes GitGuardian’s research team. “The true test is prompt remediation.”
This ongoing validity raises two alarming possibilities: either organizations are oblivious to their exposed credentials (indicating a security visibility issue)…
The Persistence Problem: The Ongoing Risk of Exposed Credentials and Strategies for Mitigation May 12, 2025 In the realm of cybersecurity, identifying leaked credentials marks only the initial phase of a much larger challenge. The critical follow-up—how organizations manage and…
