July 5, 2025 - Red Dot Security

Header image for the Red Dot Weekly Cyber Security News https://reddotsecurity.news

Hello all,

The United States of America turned 249 on Friday. Hopefully, all of our US based readers still have all of their digits and have recovered most of their hearing from the celebratory fireworks, both public and private. Speaking of fireworks, this coming week is Patch Tuesday, expect an incoming barrage of explosive defects and vulnerabilities from Microsoft and a cadre of other vendors that adhere to the same release schedule.

This email and video commentary is from the RedDotSecurity.news website that contains a plethora of links to other items, not mentioned here, that are worth skimming to see if they interest you or pertain to your particular environment or of those you support. There is a lot more than what is provided in these opening comments.

Headline NEWS:

OpenAI is now opening their logs to the New York Times so that they can search through them for potential instances of ChatGPT serving up copyrighted content. I’ve written about it a few times in the past few weeks, that OpenAI was court ordered to log everything, including items that clients were told would not be logged. To me this looks like the start of a never-ending treasure hunt by disgruntled publishers looking to recoup lost sales due to AI’s insatiable appetite and propensity to ingest everything ever digitally stored.
Google Chrome had another zero-day defect found in the V8 JavaScript engine last week. If you’re keeping track, that’s the fourth one this year. Update your chromium based browsers as soon as the patch is available since this is under active exploitation already.
Mozilla Firefox has a problem with browser extensions being weaponized to steal crypto currency, wallet secrets, and logins. In fact, a study last year found that 50% of browser extensions exist for the purpose of stealing credentials, track activity, inject malicious code into websites, and grant access to the browser to act as an info stealer.
Cisco can’t seem to stop releasing products that have hard-coded credentials in them. This time their IP telephony Cisco Unified Communications Manager (CUCM) has one that grants root access via SSH. While not known to be exploited yet, this one is a severe as it gets, so patch quickly.

In Ransomware, Malware, and Vulnerabilities News:

Ingram Micro experienced Fireworks of a different kind a day early this past week on Thursday as all systems were taken offline as a result a Ransomware attack, tentatively attributed to the group SafePay. Frustratingly, the giant reseller just went dark, with no news or information to clients, other than to be greeted with a website message that said it was down for maintenance. Finally, on Saturday, Ingram broke-radio silence and put a notice out on their website confirming that their systems were taken offline in response to a ransomware attack. Ingram is a major world-wide distributor of tech services and products, with revenue of over $48 billion in 2023. If you used Ingram to license Microsoft 365 products, it would be a wise move to check for and remove Ingram’s GDAP permissions in your Partner Portal, and/or block their delegated access, since we have no way to know what the threat actor managed to access and exfil
Hunters International ransomware group, in a bit of good news, has shut down and is releasing “free decryption software to all companies that have been impacted” by their evil work. Back in November they revealed that they were planning to shut down soon due to increasing law enforcement activity. I suspect that they encrypted the wrong organization or three-letter agency and have been paying the price ever since. Unfortunately, these scum are not going away, they are merely rebranding and switching to non-encrypting exfiltrating extortion. But even a small win is still a win.

In Other News Events of Note and Interest:

Massive SD Card Testing Database exposes fakes and charts their performance and endurance. Many years ago, when mere 1GB SD USB sticks were common, I saw a too-good-to-be-true advertisement at my favorite online reseller. It was a Sony branded 512GB USB stick for only $25. I knew it couldn’t be true, but my curiosity was piqued, so I ordered it. I received an absolutely gorgeous metal swiveling USB stick, engraved with the Sony logo and 512GB. When I plugged it in, it read 512GB! However, you know the rest of the story, the true capacity was only about 256MB and anything written to it past that number was simply discarded. I still have that drive and show it off to people to demonstrate that despite the impressive exterior packaging, it is what is inside that counts! Oh, and Sony didn’t even make USB thumb drives. I applaud Matt Cole the person behind The Great MicroSD Card Survey. He’s performing an invaluable service. Well done sir!

Musings:

Many years ago, I visited a friend of mine who was working as a missionary in Guatemala. While there I went to the local “mercado”. It was an experience; a pale comparison would be a flea market in the US. It was in an area about the size of a small city block, mostly covered, stiflingly hot, boasting every imaginable item that you could fathom wanting to purchase, live animals, food, clothes, electronics, spices, household goods, and so on. The sounds, the colors, the haggling back and forth to get good deals, and the smells… some were amazing and wonderful, such as music, flowers, and cooking food. Others, like the fish markets and similar, still amazing, but in a very different way. The internet is very much like the mercado, the sights, the sounds, the unbelievable variety – amazing in both senses of the word. You can find anything, and there are deals to be had, but the same warning that I got when going to the mercado applies to the online world, watch your wallet, beware of deals that are too good to be true, and pay attention to your surroundings, some areas are just not safe.

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Like this: