Mailcow Mail Server Vulnerabilities Expose Servers to Remote Code Execution Recently, two significant security vulnerabilities have been uncovered in the Mailcow open-source mail server suite. These vulnerabilities, which affect all versions prior to 2024-04, were disclosed by SonarSource on March 22, 2024, and could allow malicious actors to execute arbitrary code on vulnerable Mailcow instances. Understanding the Vulnerabilities.

A new Rust-based information-stealing malware named Fickle Stealer has been identified, using multiple attack vectors to compromise systems and extract sensitive information. According to Fortinet FortiGuard Labs, Fickle Stealer is being distributed through four different methods: VBA dropper, VBA downloader, link downloader, and executable downloader. Some of these methods employ a PowerShell script to bypass User Account Control (UAC) and execute the malware.

Microsoft SQL Server is a popular relational database management system (RDBMS). However, determining the effective access rights of users is difficult because in Active Directory (AD) environments, effective access is determined based on not only the user’s direct permissions but also their membership in SQL Server roles, AD groups and Local Windows groups.

The integration of generative AI (GenAI) into healthcare holds tremendous potential for transforming patient care, diagnostics, and operational efficiency. However, developing these applications faces numerous challenges that must be addressed to ensure compliance, accuracy, and security. Here are the top challenges in building healthcare GenAI applications.

Octiga Software, Microsoft 365 Security Management & Monitoring for MSPs, is delighted to announce it has embarked on a benefit partnership with The ASCII Group for 2024. The ASCII Group is a membership-based community of independent North American MSPs, MSSPs and Solution Providers. By partnering with The ASCII Group, Octiga is enhancing its channel program and creating lasting relationships with IT service providers.

A new report from Barracuda has found that email conversation hijacking attacks have risen by 70% since 2022. Additionally, business email compromise (BEC) attacks accounted for 10.6% of social engineering attacks in 2023, compared to 8% in 2022 and 9% in 2021. These attacks require more effort on the part of attackers, but they typically have a much higher payout than other forms of social engineering.

My hacker story does not paint me in the best light, and it is not intended to. I am a firm believer in sharing one's mistakes and being open to learning from them. My incident taught me so much, and many years later, I am still benefiting from the learning opportunities. As the wise quote goes, "We have met the enemy, and they are us" — a sentiment that perfectly sums up my experience.

As our world becomes more connected, keeping up with the latest trends in IoT security is a must for businesses aiming to boost efficiency, enhance customer experiences, and stay ahead of the competition. Let’s dive into the key trends shaping the IoT landscape today and how we are working to make it more secure, from advancements in AI to post-quantum cryptography and cyber resilience.

Servers host applications and services; therefore, they are the center of all web, mobile, and API applications. These origin servers are under constant attack as hackers run probes to exploit open vulnerabilities and launch large-scale DDoS attacks that could bring down the entire infrastructure. Therefore, ensuring availability and protecting the integrity of origin servers is paramount. This article will cover what, why, and how of origin protection.

Setting the maximum log size for event logs is crucial for your security policy. Proper configuration helps detect attacks and investigate their sources. Insufficient storage can result in information loss and undetected breaches. This article covers everything you need to know about configuring maximum security log size. Server hardening can be labor-intensive and costly, often causing production issues.

Cyber security reports are an invaluable tool for keeping stakeholders and senior management informed about your cyber security efforts. This post outlines examples of some of the most popular reporting styles, with a particular focus on a field of cybersecurity drawing increasing interest among executive teams - Vendor Risk Management. Each of the cyber security report examples in this list have been pulled from the UpGuard platform.