admin

admin

  • Joined: September 10, 2024
  • Articles: 6389

Microsoft Addresses 67 Vulnerabilities, Including Active WEBDAV Zero-Day Exploit

On June 11, 2025, Microsoft unveiled patches for 67 security vulnerabilities, among which is a zero-day flaw in Web Distributed Authoring and Versioning (WebDAV) that has been actively exploited. Of these vulnerabilities, 11 are classified as Critical, while 56 are deemed Important. The update addresses 26 remote code execution issues, 17 information disclosure vulnerabilities, and 14 privilege escalation risks. Additionally, the patches follow the resolution of 13 vulnerabilities in the Chromium-based Edge browser since last month’s Patch Tuesday. The zero-day exploit, designated CVE-2025-33053 (CVSS score: 8.8), allows remote code execution through deceptive URLs. Microsoft credited Check Point researchers Alexandra Gofman and David Driker for identifying and reporting this critical vulnerability. Notably, CVE-2025-33053 marks the first zero-day vulnerability…

Microsoft Addresses 67 Security Vulnerabilities, Including Actively Exploited WebDAV Zero-Day On June 11, 2025, Microsoft announced a significant security update aimed at patching 67 identified vulnerabilities, among which is a concerning zero-day exploit related to Web Distributed Authoring and Versioning…

Clop Ransomware Group Likely Aware of MOVEit Transfer Vulnerability Since 2021

Jun 08, 2023
Ransomware / Zero-Day

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory about the ongoing exploitation of a newly identified critical flaw in Progress Software’s MOVEit Transfer application, which is being used to deploy ransomware. “The Cl0p Ransomware Group, also known as TA505, reportedly began taking advantage of an undisclosed SQL injection vulnerability in the MOVEit Transfer managed file transfer (MFT) solution,” the agencies noted. “Internet-facing MOVEit Transfer web applications were compromised with a web shell called LEMURLOOT, which was then utilized to extract data from the underlying databases.” This notorious cybercrime group has also issued a deadline to several affected organizations, demanding contact by June 14, 2023, or they risk having their stolen information disclosed. Microsoft is monitoring this activity under the name Lace Tempest (also known as Storm).

Clop Ransomware Group Likely Aware of MOVEit Transfer Vulnerability Since 2021 In a concerning development for organizations utilizing Progress Software’s MOVEit Transfer application, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued…

Copilot Retained Access Logs Unless Instructed Otherwise

Artificial Intelligence and Cybersecurity: Copilot Vulnerability Exposed By Pooja Tikekar August 21, 2025 In a recent development, Microsoft has discreetly addressed a vulnerability in its Copilot AI, which allowed users to manipulate access logs concerning corporate files. As the company…

Why Relying Solely on Security Tools Won’t Keep You Safe — The Importance of Control Effectiveness

May 08, 2025
Risk Management / Compliance

Recent data shows that 61% of security leaders experienced breaches due to misconfigured or ineffective controls in the last year, despite utilizing an average of 43 cybersecurity tools. This alarming rate of failure indicates that the issue isn’t simply a matter of investment in security; it’s fundamentally about configuration. Organizations are recognizing that merely having security controls in place doesn’t guarantee protection against real-world threats. A recent Gartner® Report, Reduce Threat Exposure With Security Controls Optimization, highlights the critical gap between intent and actual results. It emphasizes a hard truth: without ongoing validation and tuning, security tools can create a deceptive sense of security. In this article, we’ll explore why focusing on control effectiveness should become the new standard for evaluating cybersecurity success, along with strategies to facilitate this important transition.

The Illusion of Tool Coverage

The longstanding belief that acquiring more tools is the key to security…

Security Tools Alone Are Not Enough—Focus on Control Effectiveness May 8, 2025 Risk Management / Compliance Recent revelations indicate that many organizations continue to face substantial challenges in their cybersecurity defenses. A striking 61% of security leaders reported experiencing a…

SinoTrack GPS Devices Exposed: Default Passwords Allow Remote Vehicle Control

June 11, 2025
IoT Security / Vulnerability

Recent security vulnerabilities in SinoTrack GPS devices could enable unauthorized remote control of specific functions in connected vehicles, including location tracking. According to an advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without authorization through the common web management interface.” This access may enable attackers to execute functions such as tracking vehicle location and, where applicable, disconnecting the fuel pump.

The vulnerabilities impact all versions of the SinoTrack IoT PC Platform. Below is a brief overview of the identified flaws:

  • CVE-2025-5484 (CVSS score: 8.3) – Weak authentication in the central SinoTrack device management interface due to the reliance on a default password and a username that serves as an identifier.

SinoTrack GPS Devices Expose Vulnerabilities for Remote Vehicle Control On June 11, 2025, significant security vulnerabilities were identified in SinoTrack GPS devices, which could be leveraged by attackers to manipulate certain remote functions of connected vehicles and monitor their locations.…

Experts Reveal Year-Long Cyber Assault on IT Firm Using Custom Malware RDStealer

A sophisticated cyber attack targeting an East Asian IT company involved the use of a custom malware, RDStealer, developed in Golang. “The operation spanned over a year, aimed at stealing credentials and data,” stated Bitdefender security researcher Victor Vrabie in a report shared with The Hacker News. Evidence from the Romanian cybersecurity firm indicates that the operation, dubbed RedClouds, began in early 2022 and reflects the interests of China-based threat actors. Initially, the campaign utilized common remote access and post-exploitation tools such as AsyncRAT and Cobalt Strike, but it later shifted to custom malware in late 2021 or early 2022 to evade detection. A key evasion strategy involved using Microsoft Windows folders typically excluded from security scans, like System32 and Program Files, to conceal the malware.

Experts Uncover Extended Cyber Attack Targeting East Asian IT Firm with Custom Malware RDStealer June 20, 2023 In a significant security breach, cybersecurity experts have revealed a prolonged and sophisticated cyber attack on an information technology firm located in East…

NY Man and Company Ordered to Pay $228M in Ponzi Scheme Settlement

Blockchain & Cryptocurrency, Cryptocurrency Fraud, Fraud Management & Cybercrime Highlights: Coinbase’s Misconfigured Smart Contract, GMX Repayment Plans Rashmi Ramesh (rashmiramesh_) • August 21, 2025 Image: Shutterstock Each week, Information Security Media Group compiles notable cybersecurity incidents in the realm of…

BREAKING: Law Enforcement Dismantles 7,000-Device Botnet Fueled by IoT and End-of-Life Systems in U.S. – Joint Dutch Operation

May 09, 2025
IoT Security / Network Security

In a coordinated effort, Dutch and U.S. authorities have successfully dismantled a vast proxy network powered by thousands of compromised Internet of Things (IoT) and end-of-life (EoL) devices. This botnet was exploited to provide anonymity for malicious activities. In addition to seizing the domains associated with the operation, the U.S. Department of Justice (DoJ) has charged Russian nationals Alexey Viktorovich Chertkov, 37; Kirill Vladimirovich Morozov, 41; Aleksandr Aleksandrovich Shishkin, 36; and Kazakhstani national Dmitriy Rubtsov, 38, for profiting from the proxy services. The DoJ revealed that users subscribed to the service for monthly fees between $9.95 and $110, resulting in over $46 million in revenue for the criminal network, which is believed to have been active since 2004.

Breaking: Criminal Proxy Botnet Utilizing IoT and End-of-Life Devices Dismantled in Collaborative U.S.-Dutch Operation On May 9, 2025, a significant joint operation by Dutch and U.S. law enforcement successfully dismantled a sophisticated criminal proxy network that exploited thousands of compromised…