Data Privacy, Data Security, Fraud Management & Cybercrime Mount Sinai Health System Settles Class Action Over Patient Data Misuse Marianne Kolbasuk McGee ( HealthInfoSec) • August 27, 2025 A settlement of nearly $5.3 million by Mount Sinai Health Systems highlights ongoing issues surrounding the unauthorized use of online tracking on…
Farmers Insurance has announced a data breach affecting approximately 1.1 million customers. This incident, linked to the hacker groups ShinyHunters and Scattered Spider, reflects a troubling trend of cyberattacks targeting organizations using Salesforce’s platform. Farmers Insurance has recently revealed a significant data breach impacting over 1.1 million customers. The company…
April 16, 2025
SaaS Security / Identity Management
Introduction: Why Hack When You Can Log In?
SaaS applications are essential for modern organizations, enhancing productivity and operational efficiency. However, each new application introduces significant security risks through integrations and multiple users, creating potential access points for cyber threats. Recent data reveals a troubling rise in SaaS breaches; according to a May 2024 XM Cyber report, identity and credential misconfigurations were responsible for 80% of security exposures. Subtle indicators of compromise often go unnoticed amid the noise, allowing multi-stage attacks to develop undetected due to disconnected security measures. A scenario could unfold where an account takeover in Entra ID leads to privilege escalation in GitHub and data exfiltration from Slack. When examined individually, these incidents appear unrelated, but together they form a perilous breach.
Wing Security’s SaaS platform offers a comprehensive, multi-layered solution that integrates posture management with real-time identity threat detection and response. This empowers organizations to…
Product Walkthrough: Inside the Layered Identity Defense of Wing Security April 16, 2025 SaaS Security / Identity Management As organizations increasingly rely on SaaS applications to enhance productivity and streamline operations, the associated security risks are growing more significant. Each new application can potentially introduce vulnerabilities through integrations and multi-user…
April 16, 2025
SaaS Security / Identity Management
Introduction: Why Hack When You Can Log In?
SaaS applications are essential for modern organizations, enhancing productivity and operational efficiency. However, each new application introduces significant security risks through integrations and multiple users, creating potential access points for cyber threats. Recent data reveals a troubling rise in SaaS breaches; according to a May 2024 XM Cyber report, identity and credential misconfigurations were responsible for 80% of security exposures. Subtle indicators of compromise often go unnoticed amid the noise, allowing multi-stage attacks to develop undetected due to disconnected security measures. A scenario could unfold where an account takeover in Entra ID leads to privilege escalation in GitHub and data exfiltration from Slack. When examined individually, these incidents appear unrelated, but together they form a perilous breach.
Wing Security’s SaaS platform offers a comprehensive, multi-layered solution that integrates posture management with real-time identity threat detection and response. This empowers organizations to…
KUALA LUMPUR, August 28 — In an era rife with phishing attempts, relentless spam, and the looming threat of scams, safeguarding personal data has become more vital than ever. This necessity underscores the purpose of the Personal Data Protection Act 2010 (PDPA), designed to shield individuals from the misuse of…
Researchers in cybersecurity have identified concerning default identity and access management (IAM) roles within Amazon Web Services (AWS) that could potentially allow attackers to escalate privileges, manipulate other AWS services, and even compromise accounts entirely. According to Aqua researchers Yakir Kadkoda and Ofek Itach, “These roles, typically created automatically or suggested during setup, grant excessively broad permissions, including full access to S3.” They warn that these default roles create silent attack vectors for privilege escalation and cross-service access, leading to possible account breaches. The cloud security firm pinpointed vulnerabilities in default IAM roles established by AWS services such as SageMaker, Glue, EMR, and Lightsail. A similar issue has also been detected in the widely-used open-source framework Ray, which generates a default IAM role (ray-autoscaler-v1) that includes the AmazonS3FullAccess policy.
AWS Default IAM Roles Discovered to Facilitate Lateral Movement and Cross-Service Exploitation May 20, 2025 Cybersecurity researchers have uncovered significant vulnerabilities tied to the default identity and access management (IAM) roles within Amazon Web Services (AWS). These vulnerabilities potentially allow adversaries to escalate privileges, access other AWS services, and in…
Researchers in cybersecurity have identified concerning default identity and access management (IAM) roles within Amazon Web Services (AWS) that could potentially allow attackers to escalate privileges, manipulate other AWS services, and even compromise accounts entirely. According to Aqua researchers Yakir Kadkoda and Ofek Itach, “These roles, typically created automatically or suggested during setup, grant excessively broad permissions, including full access to S3.” They warn that these default roles create silent attack vectors for privilege escalation and cross-service access, leading to possible account breaches. The cloud security firm pinpointed vulnerabilities in default IAM roles established by AWS services such as SageMaker, Glue, EMR, and Lightsail. A similar issue has also been detected in the widely-used open-source framework Ray, which generates a default IAM role (ray-autoscaler-v1) that includes the AmazonS3FullAccess policy.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting ongoing exploitation in real-world scenarios. Among these, three high-severity flaws in Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) may allow attackers to execute privileged commands on the system. These vulnerabilities were addressed in a patch released by Veritas in March 2021.
A recent report from Google-owned Mandiant highlighted that an affiliate tied to the BlackCat (also known as ALPHV and Noberus) ransomware operation is utilizing these vulnerabilities for attacks.
CISA Alerts Businesses to Five Critical Security Vulnerabilities: Immediate Response Needed On April 10, 2023, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent advisory concerning five newly identified security vulnerabilities now included in its Known Exploited Vulnerabilities (KEV) catalog. This addition is backed by evidence indicating active…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting ongoing exploitation in real-world scenarios. Among these, three high-severity flaws in Veritas Backup Exec Agent software (CVE-2021-27876, CVE-2021-27877, and CVE-2021-27878) may allow attackers to execute privileged commands on the system. These vulnerabilities were addressed in a patch released by Veritas in March 2021.
A recent report from Google-owned Mandiant highlighted that an affiliate tied to the BlackCat (also known as ALPHV and Noberus) ransomware operation is utilizing these vulnerabilities for attacks.
Data Security, Encryption & Key Management, Litigation Settlement Reached in Virtru’s Patent Infringement Case Against Microsoft’s Message Encryption Tool Michael Novinson (MichaelNovinson) • August 27, 2025 In a significant development, Virtru has settled a lawsuit against Microsoft that contested the alleged infringement of its patents related to data protection in…
Recent Surge in University Hoax Calls Linked to Extremist Group A self-identified leader of an online collective associated with the violent extremist network known as The Com has confessed to orchestrating a series of hoax active-shooter alerts targeting universities across the United States. This alarming trend coincides with the return…
New BPFDoor Controller Facilitates Covert Lateral Movement in Linux Server Attacks
Apr 16, 2025
Cyber Espionage / Network Security
Cybersecurity researchers have discovered a new component linked to the BPFDoor backdoor, employed in cyber attacks targeting the telecommunications, finance, and retail sectors across South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024. “The controller can establish a reverse shell,” explained Trend Micro researcher Fernando Mercês in a technical report released earlier this week. “This capability permits lateral movement, enabling attackers to penetrate deeper into compromised networks and gain control over more systems or access sensitive data.” The campaign has been tentatively attributed to a threat group known as Earth Bluecrow, also referred to as DecisiveArchitect, Red Dev 18, and Red Menshen. The medium confidence level stems from the BPFDoor malware source code being leaked in 2022, suggesting it could have been adopted by other hacking entities. BPFDoor is a Linux backdoor that first emerged in…
New BPFDoor Controller Enhances Stealthy Lateral Movement in Linux Server Intrusions April 16, 2025 Recent findings by cybersecurity experts reveal the emergence of a new component linked to the BPFDoor backdoor, spotlighting a sophisticated wave of cyber attacks that targeted the telecommunications, finance, and retail sectors across multiple regions, including…
New BPFDoor Controller Facilitates Covert Lateral Movement in Linux Server Attacks
Apr 16, 2025
Cyber Espionage / Network Security
Cybersecurity researchers have discovered a new component linked to the BPFDoor backdoor, employed in cyber attacks targeting the telecommunications, finance, and retail sectors across South Korea, Hong Kong, Myanmar, Malaysia, and Egypt in 2024. “The controller can establish a reverse shell,” explained Trend Micro researcher Fernando Mercês in a technical report released earlier this week. “This capability permits lateral movement, enabling attackers to penetrate deeper into compromised networks and gain control over more systems or access sensitive data.” The campaign has been tentatively attributed to a threat group known as Earth Bluecrow, also referred to as DecisiveArchitect, Red Dev 18, and Red Menshen. The medium confidence level stems from the BPFDoor malware source code being leaked in 2022, suggesting it could have been adopted by other hacking entities. BPFDoor is a Linux backdoor that first emerged in…
