The Breach News

Clop Ransomware Group Likely Aware of MOVEit Transfer Vulnerability Since 2021

Jun 08, 2023
Ransomware / Zero-Day

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory about the ongoing exploitation of a newly identified critical flaw in Progress Software’s MOVEit Transfer application, which is being used to deploy ransomware. “The Cl0p Ransomware Group, also known as TA505, reportedly began taking advantage of an undisclosed SQL injection vulnerability in the MOVEit Transfer managed file transfer (MFT) solution,” the agencies noted. “Internet-facing MOVEit Transfer web applications were compromised with a web shell called LEMURLOOT, which was then utilized to extract data from the underlying databases.” This notorious cybercrime group has also issued a deadline to several affected organizations, demanding contact by June 14, 2023, or they risk having their stolen information disclosed. Microsoft is monitoring this activity under the name Lace Tempest (also known as Storm).

Clop Ransomware Group Likely Aware of MOVEit Transfer Vulnerability Since 2021 In a concerning development for organizations utilizing Progress Software’s MOVEit Transfer application, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint advisory highlighting the active exploitation of a newly…

Read More

Clop Ransomware Group Likely Aware of MOVEit Transfer Vulnerability Since 2021

Jun 08, 2023
Ransomware / Zero-Day

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory about the ongoing exploitation of a newly identified critical flaw in Progress Software’s MOVEit Transfer application, which is being used to deploy ransomware. “The Cl0p Ransomware Group, also known as TA505, reportedly began taking advantage of an undisclosed SQL injection vulnerability in the MOVEit Transfer managed file transfer (MFT) solution,” the agencies noted. “Internet-facing MOVEit Transfer web applications were compromised with a web shell called LEMURLOOT, which was then utilized to extract data from the underlying databases.” This notorious cybercrime group has also issued a deadline to several affected organizations, demanding contact by June 14, 2023, or they risk having their stolen information disclosed. Microsoft is monitoring this activity under the name Lace Tempest (also known as Storm).

Why Relying Solely on Security Tools Won’t Keep You Safe — The Importance of Control Effectiveness

May 08, 2025
Risk Management / Compliance

Recent data shows that 61% of security leaders experienced breaches due to misconfigured or ineffective controls in the last year, despite utilizing an average of 43 cybersecurity tools. This alarming rate of failure indicates that the issue isn’t simply a matter of investment in security; it’s fundamentally about configuration. Organizations are recognizing that merely having security controls in place doesn’t guarantee protection against real-world threats. A recent Gartner® Report, Reduce Threat Exposure With Security Controls Optimization, highlights the critical gap between intent and actual results. It emphasizes a hard truth: without ongoing validation and tuning, security tools can create a deceptive sense of security. In this article, we’ll explore why focusing on control effectiveness should become the new standard for evaluating cybersecurity success, along with strategies to facilitate this important transition.

The Illusion of Tool Coverage

The longstanding belief that acquiring more tools is the key to security…

Security Tools Alone Are Not Enough—Focus on Control Effectiveness May 8, 2025 Risk Management / Compliance Recent revelations indicate that many organizations continue to face substantial challenges in their cybersecurity defenses. A striking 61% of security leaders reported experiencing a breach attributed to inadequately configured or ineffective security controls in…

Read More

Why Relying Solely on Security Tools Won’t Keep You Safe — The Importance of Control Effectiveness

May 08, 2025
Risk Management / Compliance

Recent data shows that 61% of security leaders experienced breaches due to misconfigured or ineffective controls in the last year, despite utilizing an average of 43 cybersecurity tools. This alarming rate of failure indicates that the issue isn’t simply a matter of investment in security; it’s fundamentally about configuration. Organizations are recognizing that merely having security controls in place doesn’t guarantee protection against real-world threats. A recent Gartner® Report, Reduce Threat Exposure With Security Controls Optimization, highlights the critical gap between intent and actual results. It emphasizes a hard truth: without ongoing validation and tuning, security tools can create a deceptive sense of security. In this article, we’ll explore why focusing on control effectiveness should become the new standard for evaluating cybersecurity success, along with strategies to facilitate this important transition.

The Illusion of Tool Coverage

The longstanding belief that acquiring more tools is the key to security…

Court of Appeals Affirms FCC Regulations on Data Breach Reporting and Notification | Cooley LLP

The United States Court of Appeals for the Sixth Circuit has affirmed the new data breach notification and reporting rules established by the Federal Communications Commission (FCC). This ruling, detailed in a recent decision, will take full effect in 2024. The revised framework broadens the definition of reportable data breaches,…

Read MoreCourt of Appeals Affirms FCC Regulations on Data Breach Reporting and Notification | Cooley LLP

SinoTrack GPS Devices Exposed: Default Passwords Allow Remote Vehicle Control

June 11, 2025
IoT Security / Vulnerability

Recent security vulnerabilities in SinoTrack GPS devices could enable unauthorized remote control of specific functions in connected vehicles, including location tracking. According to an advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without authorization through the common web management interface.” This access may enable attackers to execute functions such as tracking vehicle location and, where applicable, disconnecting the fuel pump.

The vulnerabilities impact all versions of the SinoTrack IoT PC Platform. Below is a brief overview of the identified flaws:

  • CVE-2025-5484 (CVSS score: 8.3) – Weak authentication in the central SinoTrack device management interface due to the reliance on a default password and a username that serves as an identifier.

SinoTrack GPS Devices Expose Vulnerabilities for Remote Vehicle Control On June 11, 2025, significant security vulnerabilities were identified in SinoTrack GPS devices, which could be leveraged by attackers to manipulate certain remote functions of connected vehicles and monitor their locations. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an…

Read More

SinoTrack GPS Devices Exposed: Default Passwords Allow Remote Vehicle Control

June 11, 2025
IoT Security / Vulnerability

Recent security vulnerabilities in SinoTrack GPS devices could enable unauthorized remote control of specific functions in connected vehicles, including location tracking. According to an advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without authorization through the common web management interface.” This access may enable attackers to execute functions such as tracking vehicle location and, where applicable, disconnecting the fuel pump.

The vulnerabilities impact all versions of the SinoTrack IoT PC Platform. Below is a brief overview of the identified flaws:

  • CVE-2025-5484 (CVSS score: 8.3) – Weak authentication in the central SinoTrack device management interface due to the reliance on a default password and a username that serves as an identifier.

Experts Reveal Year-Long Cyber Assault on IT Firm Using Custom Malware RDStealer

A sophisticated cyber attack targeting an East Asian IT company involved the use of a custom malware, RDStealer, developed in Golang. “The operation spanned over a year, aimed at stealing credentials and data,” stated Bitdefender security researcher Victor Vrabie in a report shared with The Hacker News. Evidence from the Romanian cybersecurity firm indicates that the operation, dubbed RedClouds, began in early 2022 and reflects the interests of China-based threat actors. Initially, the campaign utilized common remote access and post-exploitation tools such as AsyncRAT and Cobalt Strike, but it later shifted to custom malware in late 2021 or early 2022 to evade detection. A key evasion strategy involved using Microsoft Windows folders typically excluded from security scans, like System32 and Program Files, to conceal the malware.

Experts Uncover Extended Cyber Attack Targeting East Asian IT Firm with Custom Malware RDStealer June 20, 2023 In a significant security breach, cybersecurity experts have revealed a prolonged and sophisticated cyber attack on an information technology firm located in East Asia, spearheaded by a custom malware strain known as RDStealer.…

Read More

Experts Reveal Year-Long Cyber Assault on IT Firm Using Custom Malware RDStealer

A sophisticated cyber attack targeting an East Asian IT company involved the use of a custom malware, RDStealer, developed in Golang. “The operation spanned over a year, aimed at stealing credentials and data,” stated Bitdefender security researcher Victor Vrabie in a report shared with The Hacker News. Evidence from the Romanian cybersecurity firm indicates that the operation, dubbed RedClouds, began in early 2022 and reflects the interests of China-based threat actors. Initially, the campaign utilized common remote access and post-exploitation tools such as AsyncRAT and Cobalt Strike, but it later shifted to custom malware in late 2021 or early 2022 to evade detection. A key evasion strategy involved using Microsoft Windows folders typically excluded from security scans, like System32 and Program Files, to conceal the malware.

NY Man and Company Ordered to Pay $228M in Ponzi Scheme Settlement

Blockchain & Cryptocurrency, Cryptocurrency Fraud, Fraud Management & Cybercrime Highlights: Coinbase’s Misconfigured Smart Contract, GMX Repayment Plans Rashmi Ramesh (rashmiramesh_) • August 21, 2025 Image: Shutterstock Each week, Information Security Media Group compiles notable cybersecurity incidents in the realm of digital assets. This week includes a New York Ponzi scammer…

Read MoreNY Man and Company Ordered to Pay $228M in Ponzi Scheme Settlement

BREAKING: Law Enforcement Dismantles 7,000-Device Botnet Fueled by IoT and End-of-Life Systems in U.S. – Joint Dutch Operation

May 09, 2025
IoT Security / Network Security

In a coordinated effort, Dutch and U.S. authorities have successfully dismantled a vast proxy network powered by thousands of compromised Internet of Things (IoT) and end-of-life (EoL) devices. This botnet was exploited to provide anonymity for malicious activities. In addition to seizing the domains associated with the operation, the U.S. Department of Justice (DoJ) has charged Russian nationals Alexey Viktorovich Chertkov, 37; Kirill Vladimirovich Morozov, 41; Aleksandr Aleksandrovich Shishkin, 36; and Kazakhstani national Dmitriy Rubtsov, 38, for profiting from the proxy services. The DoJ revealed that users subscribed to the service for monthly fees between $9.95 and $110, resulting in over $46 million in revenue for the criminal network, which is believed to have been active since 2004.

Breaking: Criminal Proxy Botnet Utilizing IoT and End-of-Life Devices Dismantled in Collaborative U.S.-Dutch Operation On May 9, 2025, a significant joint operation by Dutch and U.S. law enforcement successfully dismantled a sophisticated criminal proxy network that exploited thousands of compromised Internet of Things (IoT) and end-of-life (EoL) devices. This extensive…

Read More

BREAKING: Law Enforcement Dismantles 7,000-Device Botnet Fueled by IoT and End-of-Life Systems in U.S. – Joint Dutch Operation

May 09, 2025
IoT Security / Network Security

In a coordinated effort, Dutch and U.S. authorities have successfully dismantled a vast proxy network powered by thousands of compromised Internet of Things (IoT) and end-of-life (EoL) devices. This botnet was exploited to provide anonymity for malicious activities. In addition to seizing the domains associated with the operation, the U.S. Department of Justice (DoJ) has charged Russian nationals Alexey Viktorovich Chertkov, 37; Kirill Vladimirovich Morozov, 41; Aleksandr Aleksandrovich Shishkin, 36; and Kazakhstani national Dmitriy Rubtsov, 38, for profiting from the proxy services. The DoJ revealed that users subscribed to the service for monthly fees between $9.95 and $110, resulting in over $46 million in revenue for the criminal network, which is believed to have been active since 2004.