Endpoint Security, Video CEO Amir Ben-Efraim: Acquisition Incorporates AI-Driven File Sanitization into Browser Tools Michael Novinson (MichaelNovinson) • August 21, 2025 Amir Ben-Efraim, co-founder and CEO, Menlo Security (Image: Menlo Security) Menlo Security has fortified its cybersecurity framework by acquiring Votiro, a move that addresses critical challenges concerning file sanitization…
TPG Telecom Suffers Cyberattack: Sensitive Data Compromised TPG Telecom, one of Australia’s leading telecommunications companies, has disclosed a cybersecurity incident it referred to as a “limited” attack. However, the scope of the data breach suggests otherwise, as it has resulted in the unauthorized access and theft of a significant amount…
On June 11, 2025, Microsoft unveiled patches for 67 security vulnerabilities, among which is a zero-day flaw in Web Distributed Authoring and Versioning (WebDAV) that has been actively exploited. Of these vulnerabilities, 11 are classified as Critical, while 56 are deemed Important. The update addresses 26 remote code execution issues, 17 information disclosure vulnerabilities, and 14 privilege escalation risks. Additionally, the patches follow the resolution of 13 vulnerabilities in the Chromium-based Edge browser since last month’s Patch Tuesday. The zero-day exploit, designated CVE-2025-33053 (CVSS score: 8.8), allows remote code execution through deceptive URLs. Microsoft credited Check Point researchers Alexandra Gofman and David Driker for identifying and reporting this critical vulnerability. Notably, CVE-2025-33053 marks the first zero-day vulnerability…
Microsoft Addresses 67 Security Vulnerabilities, Including Actively Exploited WebDAV Zero-Day On June 11, 2025, Microsoft announced a significant security update aimed at patching 67 identified vulnerabilities, among which is a concerning zero-day exploit related to Web Distributed Authoring and Versioning (WebDAV). This specific vulnerability has been reportedly exploited in the…
On June 11, 2025, Microsoft unveiled patches for 67 security vulnerabilities, among which is a zero-day flaw in Web Distributed Authoring and Versioning (WebDAV) that has been actively exploited. Of these vulnerabilities, 11 are classified as Critical, while 56 are deemed Important. The update addresses 26 remote code execution issues, 17 information disclosure vulnerabilities, and 14 privilege escalation risks. Additionally, the patches follow the resolution of 13 vulnerabilities in the Chromium-based Edge browser since last month’s Patch Tuesday. The zero-day exploit, designated CVE-2025-33053 (CVSS score: 8.8), allows remote code execution through deceptive URLs. Microsoft credited Check Point researchers Alexandra Gofman and David Driker for identifying and reporting this critical vulnerability. Notably, CVE-2025-33053 marks the first zero-day vulnerability…
Jun 08, 2023
Ransomware / Zero-Day
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory about the ongoing exploitation of a newly identified critical flaw in Progress Software’s MOVEit Transfer application, which is being used to deploy ransomware. “The Cl0p Ransomware Group, also known as TA505, reportedly began taking advantage of an undisclosed SQL injection vulnerability in the MOVEit Transfer managed file transfer (MFT) solution,” the agencies noted. “Internet-facing MOVEit Transfer web applications were compromised with a web shell called LEMURLOOT, which was then utilized to extract data from the underlying databases.” This notorious cybercrime group has also issued a deadline to several affected organizations, demanding contact by June 14, 2023, or they risk having their stolen information disclosed. Microsoft is monitoring this activity under the name Lace Tempest (also known as Storm).
Clop Ransomware Group Likely Aware of MOVEit Transfer Vulnerability Since 2021 In a concerning development for organizations utilizing Progress Software’s MOVEit Transfer application, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint advisory highlighting the active exploitation of a newly…
Jun 08, 2023
Ransomware / Zero-Day
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory about the ongoing exploitation of a newly identified critical flaw in Progress Software’s MOVEit Transfer application, which is being used to deploy ransomware. “The Cl0p Ransomware Group, also known as TA505, reportedly began taking advantage of an undisclosed SQL injection vulnerability in the MOVEit Transfer managed file transfer (MFT) solution,” the agencies noted. “Internet-facing MOVEit Transfer web applications were compromised with a web shell called LEMURLOOT, which was then utilized to extract data from the underlying databases.” This notorious cybercrime group has also issued a deadline to several affected organizations, demanding contact by June 14, 2023, or they risk having their stolen information disclosed. Microsoft is monitoring this activity under the name Lace Tempest (also known as Storm).
Artificial Intelligence and Cybersecurity: Copilot Vulnerability Exposed By Pooja Tikekar August 21, 2025 In a recent development, Microsoft has discreetly addressed a vulnerability in its Copilot AI, which allowed users to manipulate access logs concerning corporate files. As the company intensifies its integration of this large language model into its…
The Qilin ransomware group has announced a significant data breach at Nissan’s Creative Box Inc. (CBI), allegedly compromising 4TB of sensitive data, including vehicle design files and financial records. According to the group, Nissan CBI, which operates as a design subsidiary of Nissan Motor Co., Ltd. in Tokyo, has been…
May 08, 2025
Risk Management / Compliance
Recent data shows that 61% of security leaders experienced breaches due to misconfigured or ineffective controls in the last year, despite utilizing an average of 43 cybersecurity tools. This alarming rate of failure indicates that the issue isn’t simply a matter of investment in security; it’s fundamentally about configuration. Organizations are recognizing that merely having security controls in place doesn’t guarantee protection against real-world threats. A recent Gartner® Report, Reduce Threat Exposure With Security Controls Optimization, highlights the critical gap between intent and actual results. It emphasizes a hard truth: without ongoing validation and tuning, security tools can create a deceptive sense of security. In this article, we’ll explore why focusing on control effectiveness should become the new standard for evaluating cybersecurity success, along with strategies to facilitate this important transition.
The longstanding belief that acquiring more tools is the key to security…
Security Tools Alone Are Not Enough—Focus on Control Effectiveness May 8, 2025 Risk Management / Compliance Recent revelations indicate that many organizations continue to face substantial challenges in their cybersecurity defenses. A striking 61% of security leaders reported experiencing a breach attributed to inadequately configured or ineffective security controls in…
May 08, 2025
Risk Management / Compliance
Recent data shows that 61% of security leaders experienced breaches due to misconfigured or ineffective controls in the last year, despite utilizing an average of 43 cybersecurity tools. This alarming rate of failure indicates that the issue isn’t simply a matter of investment in security; it’s fundamentally about configuration. Organizations are recognizing that merely having security controls in place doesn’t guarantee protection against real-world threats. A recent Gartner® Report, Reduce Threat Exposure With Security Controls Optimization, highlights the critical gap between intent and actual results. It emphasizes a hard truth: without ongoing validation and tuning, security tools can create a deceptive sense of security. In this article, we’ll explore why focusing on control effectiveness should become the new standard for evaluating cybersecurity success, along with strategies to facilitate this important transition.
The longstanding belief that acquiring more tools is the key to security…
The United States Court of Appeals for the Sixth Circuit has affirmed the new data breach notification and reporting rules established by the Federal Communications Commission (FCC). This ruling, detailed in a recent decision, will take full effect in 2024. The revised framework broadens the definition of reportable data breaches,…
SinoTrack GPS Devices Exposed: Default Passwords Allow Remote Vehicle Control
June 11, 2025
IoT Security / Vulnerability
Recent security vulnerabilities in SinoTrack GPS devices could enable unauthorized remote control of specific functions in connected vehicles, including location tracking. According to an advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without authorization through the common web management interface.” This access may enable attackers to execute functions such as tracking vehicle location and, where applicable, disconnecting the fuel pump.
The vulnerabilities impact all versions of the SinoTrack IoT PC Platform. Below is a brief overview of the identified flaws:
SinoTrack GPS Devices Expose Vulnerabilities for Remote Vehicle Control On June 11, 2025, significant security vulnerabilities were identified in SinoTrack GPS devices, which could be leveraged by attackers to manipulate certain remote functions of connected vehicles and monitor their locations. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an…
SinoTrack GPS Devices Exposed: Default Passwords Allow Remote Vehicle Control
June 11, 2025
IoT Security / Vulnerability
Recent security vulnerabilities in SinoTrack GPS devices could enable unauthorized remote control of specific functions in connected vehicles, including location tracking. According to an advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without authorization through the common web management interface.” This access may enable attackers to execute functions such as tracking vehicle location and, where applicable, disconnecting the fuel pump.
The vulnerabilities impact all versions of the SinoTrack IoT PC Platform. Below is a brief overview of the identified flaws:
