Malicious Campaign Targeting MS-SQL Servers Discovered by Researchers Cybersecurity experts have identified a prolonged malicious campaign that has been active since May 2018, focusing on Windows machines equipped with MS-SQL servers. The campaign, named “Vollgar” after the Vollar cryptocurrency it mines, is aimed at deploying backdoors and diverse malware, including…
Big Tech’s “Free” Services: The Hidden Cost of Data Access In recent years, the use of so-called “free” services from major technology companies like Google, Facebook, and Microsoft has come at a significant price: the relinquishing of personal data. While embracing cloud technology and utilizing free applications can simplify many…
Microsoft recently announced the detection of nation-state activities tied to the Kremlin, exploiting a critical security vulnerability in the Outlook email service that has since been patched. This issue allowed unauthorized access to user accounts hosted on Microsoft Exchange servers, raising alarming security concerns for organizations relying on this platform.…
Recent investigations have revealed that a sophisticated group of Chinese hackers, known as ‘Naikon APT,’ has been executing a prolonged cyber espionage campaign targeting various governmental entities across Australia, Indonesia, the Philippines, Vietnam, Thailand, Myanmar, and Brunei. This campaign, which has remained undetected for a minimum of five years, continues…
GitHub Vulnerability Exposes Over 15,000 Go Repositories to Repojacking Attacks Recent research has unveiled that more than 15,000 Go module repositories on GitHub are at risk of repojacking attacks, a significant cybersecurity concern. Jacob Baines, Chief Technology Officer at VulnCheck, reported that over 9,000 of these vulnerabilities stem from changes…
A significant security vulnerability affecting Bluetooth technology poses risks to Android, Linux, macOS, and iOS devices. Identified as CVE-2023-45866, this flaw allows malicious actors to bypass authentication procedures, enabling unauthorized access to susceptible devices and the capability to execute commands remotely. According to security researcher Marc Newlin, who disclosed these…
Scott MacDonald: Leader in Cybersecurity and Risk Management at PwC Principal, Cyber, Risk and Regulatory Scott MacDonald serves as a Principal in PwC’s Cybersecurity practice, boasting two decades of expertise in large-scale Identity and Access Management (IAM) initiatives, particularly within the healthcare sector. His career has been marked by the…
Recent findings have uncovered multiple security vulnerabilities within the open-source Netgate pfSense firewall solution. These vulnerabilities could potentially be combined by an attacker, allowing them to execute arbitrary commands on affected devices. The identified issues involve two reflected cross-site scripting (XSS) issues alongside a command injection vulnerability, as reported by…
Recent findings have revealed two security vulnerabilities in Microsoft Windows that have since been patched but could have been exploited by attackers to carry out remote code execution (RCE) on Outlook email clients without any user intervention. This information was disclosed by Akamai researcher Ben Barnea, who discovered the flaws…
