In a significant cybersecurity incident, an unidentified government entity in Afghanistan has fallen victim to a previously unreported web shell identified as HrServ, suggesting links to an advanced persistent threat (APT) attack. The exploit involves a dynamic-link library (DLL) file named "hrserv.dll," which boasts advanced functionalities, including custom encoding for…
AT&T Data Breach Exposes Wireless Customer Information Recent reports indicate that American telecom giant AT&T has suffered a significant data breach, leading to the unauthorized access of sensitive information pertaining to "nearly all" of its wireless customers. This security incident also affects customers of mobile virtual network operators (MVNOs) that…
In a significant cybersecurity incident, dental patients across the United States may be entitled to substantial compensation, with one-time payments potentially reaching up to $6,000 due to a multi-million dollar settlement resulting from a data breach involving Great Expressions. This prominent dental care network, which operates 246 centers nationwide, faced…
VMware has recently issued critical updates to address significant vulnerabilities affecting its Cloud Foundation, vCenter Server, and vSphere ESXi platforms. These flaws are particularly concerning as they could potentially allow attackers to escalate privileges or execute remote code. The vulnerabilities have been assigned high CVSS scores, underscoring their severity. Among…
SaaS Security: Revealing the Gaps in Protection and Responsibility A startling 34% of security professionals lack knowledge regarding the number of Software as a Service (SaaS) applications deployed within their organizations, a fact brought to light in the recent AppOmni 2024 State of SaaS Security Report. The report further illustrates…
Singapore’s Banking Sector Moves Away from One-Time Passwords Amid Increased Phishing Risks In a significant shift aimed at enhancing cybersecurity, the Monetary Authority of Singapore (MAS) and the Association of Banks in Singapore (ABS) announced that retail banks will discontinue the use of one-time passwords (OTPs) for online account authentication…
In response to a series of alarming data breaches and incidents of online fraud, notably with companies like Star Health Insurance, the Insurance Regulatory and Development Authority of India (IRDAI) is advocating for rigorous measures aimed at mitigating fraudulent activities within the insurance sector. The proposal outlines a framework designed…
Malware Campaign Targets Exposed Docker APIs for Cryptocurrency Mining Cybersecurity experts have identified a new malware campaign exploiting publicly accessible Docker API endpoints to deliver cryptocurrency miners and other malicious payloads. The analysis highlights a variety of tools used by threat actors, including a remote access tool designed to retrieve…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed its response to a cyberattack involving the exploitation of Unitronics programmable logic controllers (PLCs) aimed at the Municipal Water Authority of Aliquippa, located in western Pennsylvania. This incident has been attributed to a hacktivist group known as Cyber Av3ngers, which…
