In a significant development in cybersecurity, a new variant of the notorious Mirai botnet—dubbed “Mukashi”—is actively exploiting a newly discovered critical vulnerability affecting network-attached storage (NAS) devices. This attack aims to remotely compromise and commandeer vulnerable machines, reflecting an escalation in tactics employed by cybercriminals. Mukashi employs brute-force techniques, systematically…
Malicious Campaign Targeting MS-SQL Servers Discovered by Researchers Cybersecurity experts have identified a prolonged malicious campaign that has been active since May 2018, focusing on Windows machines equipped with MS-SQL servers. The campaign, named “Vollgar” after the Vollar cryptocurrency it mines, is aimed at deploying backdoors and diverse malware, including…
Emergence of the Dark_Nexus IoT Botnet: A New Threat to Cybersecurity Cybersecurity experts have unveiled a sophisticated new IoT botnet known as “dark_nexus,” which is leveraging compromised smart devices to launch distributed denial-of-service (DDoS) attacks. This emerging threat can be triggered on demand through platforms offering DDoS-for-hire services, placing numerous…
As hospitals globally grapple with the ongoing coronavirus pandemic, cybercriminals are intensifying their attacks on vulnerable healthcare institutions. The latest report from Palo Alto Networks reveals that threat actors are exploiting this crisis, targeting organizations at the forefront of pandemic response with ransomware and data-stealing malware. According to the report…
Dell Unveils New Security Tool to Combat BIOS Vulnerabilities In a notable development within the cybersecurity landscape, Dell Technologies has introduced an innovative security solution tailored for its commercial clientele, aiming to defend against sophisticated cyberattacks that target the BIOS (Basic Input Output System). This new tool, named “SafeBIOS Events…
Recent advisories from U.S. government agencies highlight an ongoing and substantial cyber threat from North Korean state-sponsored hacking groups, particularly targeting global banking and financial institutions. This joint advisory, released by the Departments of State, Treasury, Homeland Security, and the FBI, summarizes a series of cyberattacks attributed to North Korean…
Recent reports indicate that multiple attack groups have successfully breached corporate email accounts belonging to at least 156 high-ranking executives across various firms located in Germany, the UK, Netherlands, Hong Kong, and Singapore. This campaign has been identified as **PerSwaysion**, which has utilized Microsoft’s file-sharing services—specifically Sway, SharePoint, and OneNote—to…
Big Tech’s “Free” Services: The Hidden Cost of Data Access In recent years, the use of so-called “free” services from major technology companies like Google, Facebook, and Microsoft has come at a significant price: the relinquishing of personal data. While embracing cloud technology and utilizing free applications can simplify many…
Shortly after cybersecurity researchers raised warnings about two significant vulnerabilities in the SaltStack configuration framework, an ongoing campaign has already begun exploiting these flaws, targeting organizations such as LineageOS, Ghost, and DigiCert. The vulnerabilities, identified as CVE-2020-11651 and CVE-2020-11652, permit attackers to execute arbitrary code on remote servers operating within…
