A growing number of North Korean IT workers are posing as remote freelancers from other countries in an effort to gain access to companies in Europe, raising concerns about potential espionage, data theft, and operational disruption.

According to Google’s Threat Intelligence Group (GTIG), these workers—who refer to themselves as “warriors”—are securing remote roles with foreign organisations to generate revenue for the Democratic People’s Republic of Korea (DPRK). The activity, previously concentrated in the United States, is now increasingly being observed in European countries such as Germany, the United Kingdom, and Portugal.

Since GTIG’s last report on DPRK IT worker activity, recent crackdowns in the US have made it more difficult for these individuals to secure and maintain employment there. According to a blog post by Jamie Collier, lead adviser for Europe at Google’s Threat Intelligence Group, GTIG has observed a rise in operations globally, with particular growth in Europe over the past few months. Countries targeted include Germany, the UK, and Portugal.

The workers often misrepresent their nationalities, claiming to be from countries such as Italy, Japan, Malaysia, Singapore, Ukraine, the United States, and Vietnam. They find jobs through freelance platforms like Upwork and Freelancer, as well as communication channels such as Telegram. Payments are typically made in cryptocurrency or through digital payment platforms including Wise and Payoneer.

Upwork provided a statement following publication, clarifying it did not receive the initial request for comment. The company said:

“Fraud prevention and compliance with US and international sanctions are critical priorities for Upwork. The tactics outlined in this report represent a challenge that affects the entire online work industry, and Upwork is at the forefront of combating these threats. Any attempt to use a false identity, misrepresent location, or take advantage of Upwork customers is a strict violation of our terms of use, and we take aggressive action to detect, block, and remove bad actors from our platform.

Upwork has long invested in industry-leading security and identity verification measures, deploying advanced technology alongside a dedicated team of global professionals across legal, investigations, intelligence, identity risk management, compliance, anti-money laundering, and machine learning detection. These experts work relentlessly to prevent fraudulent activity before it reaches our customers, and quickly respond to new methodologies and trends.

As fraud tactics evolve, Upwork continuously enhances its proactive screening for attempts to bypass geographic restrictions, monitoring for signs of misrepresentation both before and after contracts begin. Our sophisticated detection tools, paired with strong partnerships with law enforcement and regulatory bodies, enable us to take swift and decisive action when fraudulent behaviour is identified.

While no online platform is immune to fraud, Upwork is setting the standard for trust and safety in the industry. We will continue to invest in cutting-edge fraud prevention measures and vendor solutions, collaborate with industry stakeholders, and innovate to protect our customers and uphold the integrity of our marketplace.”

Freelancer, Telegram, Wise, and Payoneer did not respond to requests for comment.

GTIG reports that since October, there has been an uptick in cases where previously terminated workers attempt to extort their former employers by threatening to leak sensitive company information to competitors. Collier suggested that mounting pressure on these workers may be pushing them toward more aggressive tactics to maintain income.

One case in late 2024 involved a North Korean individual operating under at least 12 separate identities while applying to organisations in the defence and public sectors, reportedly using false references. In the UK, North Korean IT workers have been linked to work ranging from standard web development to more advanced projects in blockchain and artificial intelligence.

Google’s research points to risks associated with bring-your-own-device (BYOD) policies, where employees use personal devices to access internal systems. These setups often lack proper security oversight, making it more difficult to detect unauthorised access.

Authorities in the US and UK have issued multiple warnings about these activities. The FBI has advised firms to improve identity verification practices, while the US Treasury in January sanctioned two individuals and four entities accused of generating revenue for the North Korean government. Officials allege the regime withholds up to 90% of wages earned by these workers.

In a separate legal action, a US federal court in Missouri indicted 14 North Korean nationals in December for allegedly participating in an employment scheme that generated US$88 million over six years. Some of these individuals were reportedly employed by US firms for extended periods, earning hundreds of thousands of dollars without detection.

The UK’s Office of Financial Sanctions Implementation has also responded. In September, it recommended employers implement stricter identity checks, including video interviews, and advised against using cryptocurrency for payments.

Collier noted that North Korea has a long history of engaging in cyber operations to fund its regime. “A decade of diverse cyberattacks (encompassing SWIFT targeting, ransomware, cryptocurrency theft, and supply chain compromise), precedes North Korea’s latest surge,” he wrote.

“This relentless innovation demonstrates a longstanding commitment to fund the regime through cyber operations. Given DPRK IT workers’ operational success, North Korea will likely broaden its global reach. With APAC already impacted by these operations, this problem is set to escalate. These campaigns thrive on ignorance and will likely enjoy particular success in areas of APAC with less awareness of the threat.”

The post Google warns of North Korean freelancers targeting European firms appeared first on TechWire Asia.

A suspected supply chain cyber incident that includes Oracle Cloud has drawn attention from cybersecurity researchers and enterprise users alike. According to cybersecurity firm CloudSEK, a threat actor identified as “rose87168” claims to have accessed and extracted sensitive data from Oracle Cloud systems, including files and passwords associated with over 140,000 customer environments.

The data—allegedly obtained from Oracle’s Single Sign-On (SSO) and Lightweight Directory Access Protocol (LDAP) systems—includes encrypted credentials, Java KeyStore (JKS) files, and Enterprise Manager JPS keys. CloudSEK says the attack affects tenants across multiple regions and industries, with six million records reportedly compromised.

The activity was first observed in March 2025. In addition to listing the data for sale, the attacker has also used an X account to follow Oracle-related profiles, a move researchers believe may be intended to identify or pressure affected organisations.

Ransom demands and potential exploits

CloudSEK’s report suggests the threat actor has been active since January 2025 and is now demanding payment from companies included in the dataset. The actor is also said to be requesting help to decrypt the credentials in exchange for sharing parts of the data.

The breach appears to have involved the “login.(region-name).oraclecloud.com” endpoint, which is usually used to authenticate users on Oracle Cloud platforms. CloudSEK suspects that the attacker exploited an Oracle WebLogic Server vulnerability to access login services across different regions.

While the actor has no prior known history, researchers have noted the use of advanced tactics and an awareness of Oracle’s infrastructure.

CloudSEK has assigned a high-severity rating to the incident, citing risks such as data leaks, unauthorised access, and broader supply chain vulnerabilities if the stolen credentials are decrypted. The exposure of key files could, in theory, allow attackers to compromise systems connected to affected Oracle environments.

In response, CloudSEK has recommended immediate action from organisations using Oracle Cloud. Suggested steps include resetting credentials, conducting forensic investigations, monitoring dark web sources for leaked data, and reinforcing access controls.

Oracle denies any breach of its cloud systems

Following reports of a possible breach, Oracle has responded by stating that no intrusion into its cloud infrastructure has occurred. A company spokesperson told The Register that the credentials circulating online are not linked to Oracle Cloud and that no customer data has been exposed.

“There has been no breach of Oracle Cloud,” the spokesperson said. “The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.”

The denial comes after a user claiming to be behind the incident posted on a cybercrime forum, offering what they described as Oracle Cloud customer data for sale. The individual also uploaded a file to one of Oracle’s login servers—specifically login.us2.oraclecloud.com—as apparent proof of access. The file contained an email address tied to the seller and was archived on the Internet Archive’s Wayback Machine earlier this year.

Security researchers explore possible entry points

Security analysts reviewing the claims noted that the affected Oracle Cloud login server appeared to be running Oracle Fusion Middleware 11G as recently as February 2025. CloudSEK believes the server may not have been patched against CVE-2021-35587, a known critical vulnerability in Oracle Access Manager’s OpenSSO Agent.

If unpatched, that vulnerability could allow an attacker to gain access without authentication via a publicly available exploit. Whether this route was used in the alleged intrusion has not been confirmed, and Oracle has not commented further on the security posture of its login servers.

Data listing and extortion attempts surface online

On March 21, a user going by “rose87168” listed six million records for sale on BreachForums, claiming the data included Java KeyStore files, encrypted SSO and LDAP passwords, and Enterprise Manager keys. While the exact number of potentially affected organisations remains unclear, the attacker shared domain names of companies allegedly caught in the exposure and suggested that those wishing to avoid publication could pay for their information to be removed.

No specific asking price has been disclosed publicly, but the attacker reportedly approached Oracle with a demand for more than $200 million in cryptocurrency in exchange for full disclosure of the attack. That request was not accepted.

The forum post also included a call for help in decrypting the credentials. The attacker claimed they were unable to access the full dataset themselves but offered to share portions of it with anyone willing to assist.

The post Reports of Oracle Cloud data breach raise questions amid denials appeared first on TechWire Asia.

Google plans to acquire cybersecurity company Wiz for $32 billion in its largest-ever acquisition, strengthening the US giant’s position in the highly-competitive cloud computing market. If the deal is approved, Wiz will be integrated into Google Cloud, which generated $43.2 billion in revenue last year, up 64% from 2022.

The deal comes as Google faces antitrust inquiry in the United States, and lawsuits targeting its advertising practices and search engine dominance. Google’s acquisition of Wiz reflects a broader industry trend in which organisations seek to expand their cloud security capabilities in response to growing demand for data-intensive services.

Google’s push into cybersecurity

Google’s proposed acquisition of Wiz aims to strengthen its position in cloud, where it trails in third place behind Amazon and Microsoft.

Wiz, founded in 2020, has quickly become a major player in cloud security, obtaining contracts with large organisations to monitor and manage cloud vulnerabilities.

Wiz CEO Assaf Rappaport said the company shares Google’s goal of making cloud security more accessible and effective. “Wiz and Google Cloud are both fueled by the belief that cloud security needs to be easier, more accessible, more intelligent, and democratised, so more organisations can adopt and use cloud and AI securely,” they said in a blog post. Google CEO Sundar Pichai stated that the acquisition would let the company provide stronger security at a lower cost.

Wedbush analysts have described the deal as a strategic move to compete with Microsoft and Amazon, which have already invested heavily in cybersecurity. Google’s acquisition of Mandiant for $5.4 billion in 2022 helped boost its cloud division’s operating profit to $6.1 billion last year, and Wiz is expected to expand its portfolio of offerings.

High price and market impact

The $32 billion price tag exceeds Google’s previous largest deal – a $12.5 billion acquisition of Motorola Mobility in 2012. According to Mergermarket, the Wiz deal ranks among the 20 most expensive software company acquisitions to date. Investors have responded cautiously, with Alphabet’s shares dropping 2% following the announcement.

Google has been in discussions with Wiz for several months, reportedly increasing its offer from a previous $23 billion bid that was rejected in July. Wiz initially planned to pursue an IPO but decided against it owing to market volatility.

Industry-wide impact and antitrust concerns

The acquisition comes as the cybersecurity market continues to grow. Mark Smith, a director at Houlihan Lokey’s Technology Group, said the global cybersecurity market exceeds $50 billion, growing over 10% annually. Cloud security, in particular, is expanding even faster due to increasing threats and regulatory demands. “Strategic acquirers are competing to secure emerging technologies, driving up valuations,” he said. He highlighted AI’s role in shaping security measures and creating more resilient defences.

The Google-Wiz deal raises antitrust concerns. The US Justice Department has already filed cases against Google’s search and advertising businesses, threatening to force the company to divest itself of Chrome and/or Android. It’s thought, therefore, that regulators are expected to scrutinise the Wiz acquisition closely. The Justice Department is also exploring the impact made by Google’s deals to make its search engine the default for Apple and other platforms.

Despite these challenges, Google and Wiz anticipate the deal will close in 2026, pending regulatory approval and completion of other conditions. Analysts at Mergermarket believe the companies would not have agreed to the deal without seeing a clear path to approval under the Trump administration.

Business watchdog group, the Demand Progress Education Fund, has urged regulators to block the deal, arguing it would consolidate too much power in Google’s hands. Emily Peterson-Cassin, the group’s director of corporate power, said the acquisition would undermine competition in the cybersecurity market.

Future of cloud and cybersecurity

The Wiz deal reflects the trend of consolidation in the cybersecurity space. Google, Microsoft, and Amazon are investing heavily in cloud security to address rising threats and meet customer expectations for compliance and protection. According to Wedbush analysts, more deals will likely follow as organisations seek to boost their AI and security capabilities under a receptive US administration.

Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Intelligent Automation Conference, BlockX, Digital Transformation Week, and Cyber Security & Cloud Expo.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

The post Google set for largest-ever deal with $32 billion Wiz acquisition appeared first on TechWire Asia.

Hitachi Energy has completed a migration to Windows 11 on more than 40,000 desktops in 12 countries. The company used ManagementStudio to help it complete the task, which it began in November 2023 starting with a 500-device pilot. The full migration process began in March 2024, and was scheduled to end in October 2024.

ManagementStudio assessed the company’s assets to be 45,335 devices, with 43,568 devices determined as suitable for upgrade. Out of the 3,034 applications in use, 2,330 were deemed to be compatible with Windows 11 (76%).

Eventually, around 40,600 devices made the upgrade to Windows 11 (89%), and the remaining ineligible devices had to settle for an upgrade to the latest version of Windows 10.

ManagementStudio was also used by Hitachi Energy to support the company’s divestment from ABB in June 2020. The platform helped IT staff manage the exit from the Transition Service Agreements (TSA) with ABB inside three years, ending June 2023. The early exit helped the company avoid additional costs that would have been incurred had the transition been delayed.

Marco Rena, Global Head of End User Computing at Hitachi Energy, said the goal of Windows 11 migration was to “upgrade [Hitachi Energy’s] estate with minimal manual intervention and [avoid] the need to individually test every application. The scope was to undergo a readiness migration to verify application and hardware compatibility. This was achieved using ManagementStudio and integrating it with Intune, Active Directory, Flexera Service and ServiceNow. And, we also integrated ManagementStudio with PowerBI to generate […] reports.”

The timescale of the migration was reportedly faster than average. Hitachi Energy managed to upgrade nearly 10,000 devices in May 2024 alone, using the ManagementStudio platform to automate the migration process, following predefined criteria.

Reasons to and method of upgrade to Windows 11

Rena explained how Hitachi Energy implemented its Windows 11 upgrade using a ‘by exception’ approach. “By requesting pilot users from all areas of the business, Hitachi Energy was able to run the new operating system for a few weeks and catch any application issues that occurred. Once the pilot device was approved, its application portfolio could be considered compatible and used as the basis for confidently selecting more desktops throughout the business.”

The pilot helped ensure a reliable, smooth migration by resolving any issues early on, before the upgrade was rolled out on a larger scale.

As Windows 10 approaches its end-of-support in the Autumn this year, moving PC fleets to supported and secure operating systems will help lower the instances of cybersecurity issues. The March ‘Patch Tuesday’ update from Microsoft contained security updates to address 57 known flaws, including six actively-exploited zero-day vulnerabilities, and six vulnerabilities that were marked as ‘Critical’, each of which was a remote code execution vulnerability.

Given the ubiquity of Microsoft operating systems on enterprise desktops, organisations should be considering their options ahead of the cut-off in a few months. If more time is required for the upgrade to Windows 11, users can pay on a per-seat basis for a further 12 months support from Microsoft.

(Image source: “Old banger” by 70023venus2009 is licensed under CC BY-ND 2.0.)

The post Hitachi Energy upgrades 89% of PCs to Windows 11 with ManagementStudio appeared first on TechWire Asia.

Lazarus Group has long been a strong player in cybercrime, specifically targeting bitcoin exchanges and financial institutions. According to Cointelegraph, the North Korean-backed hacking organisation has stolen billions of dollars while using advanced evasion tactics.

On February 21, the organisation pulled off its largest known robbery, stealing $1.4 billion from Bybit. Blockchain investigator ZachXBT linked the attack to an $85 million breach of Phemex, as well as intrusions at BingX and Poloniex, reinforcing suspicions that North Korea’s cyber army was behind the theft.

Since 2017, Lazarus Group has stolen an estimated $6 billion from the crypto sector, according to Elliptic. A United Nations report suggests these stolen funds help finance North Korea’s weapons program.

Lazarus Group: Who’s behind it?

The US Treasury identifies Lazarus as being controlled by North Korea’s Reconnaissance General Bureau (RGB), the country’s intelligence agency. The FBI has publicly named three North Korean hackers tied to the group, also known as APT38.

• Park Jin Hyok: Charged in 2018, allegedly linked to the 2014 Sony Pictures hack, the 2016 Bangladesh Bank heist ($81 million stolen), and the 2017 WannaCry ransomware attack.
• Jon Chang Hyok & Kim Il: Indicted in 2021 for financial cybercrimes, including cryptocurrency theft and laundering operations for the North Korean regime.

Jon allegedly developed malicious crypto applications used to infiltrate financial institutions, while Kim helped coordinate crypto-related heists and fraudulent ICOs.

The Bybit hack: How it happened

Shortly before the Bybit breach, North Korea reaffirmed its plans to expand its nuclear arsenal, while the US, South Korea, and Japan called for denuclearisation. Days later, Lazarus struck.

Security analysts quickly recognised familiar tactics. “Within minutes of ETH moving out of Bybit’s wallet, we saw Lazarus’ unique fingerprint,” said Fantasy, an investigator at crypto insurance firm Fairside Network.

The hackers used a phishing attack to compromise Bybit’s security, disguising their operation with a fake version of Bybit’s wallet management system. This allowed them to transfer 401,000 Ether ($1.4 billion) to wallets under their control, according to blockchain forensics firm Chainalysis.

Once the funds were stolen, the laundering process began. Investigators found that parts of the funds were converted into Bitcoin and Dai, using decentralised exchanges, cross-chain bridges, and no-Know Your Customer (KYC) swap services.

One platform, eXch, was identified as a laundering tool but has refused to freeze the stolen assets despite industry-wide intervention.

A significant portion of the funds remains spread across multiple wallets— a common tactic used by North Korean hackers to evade detection.

Crypto theft and social engineering

Lazarus Group has escalated its attacks on the crypto industry, stealing $1.34 billion across 47 breaches in 2024, more than double the $660.5 million stolen in 2023, according to Chainalysis.

The firm reports that private key compromises accounted for 43.8% of all crypto hacks that year. This method was used in the $305-million DMM Bitcoin breach and the $600-million Ronin hack—both attributed to Lazarus.

Beyond large-scale hacks, the group also engages in long-term social engineering schemes. Microsoft Threat Intelligence has identified a North Korean subgroup called Sapphire Sleet (Bluenoroff), which targets cryptocurrency firms and corporate networks.

Posing as recruiters and venture capitalists, these operatives lure victims into fake job interviews and investment scams, deploying malware to gain access to financial accounts. Over six months, they reportedly stole over $10 million through these tactics.

Infiltrating the global tech workforce

North Korea’s cyber operations extend beyond hacking. Thousands of North Korean IT workers operate remotely across Russia, China, and other regions, using AI-generated profiles and stolen identities to land high-paying tech jobs.

Once inside companies, these workers steal intellectual property, extort employers, and funnel earnings to the regime.

In August 2024, ZachXBT exposed 21 North Korean developers earning $500,000 per month by embedding themselves in cryptocurrency startups.

A federal court in St. Louis later unsealed indictments against 14 North Korean nationals, accusing them of:

• Sanctions violations
• Wire fraud & identity theft
• Laundering millions for the North Korean regime

These individuals reportedly worked for Yanbian Silverstar and Volasys Silverstar, North Korean-controlled tech firms operating in China and Russia.

The US Department of Justice estimates that these operatives earned at least $88 million over six years, with some required to send $10,000 per month back to the North Korean government.

A persistent cyber threat

Despite global scrutiny, Lazarus Group continues to evolve its tactics, adapting to new security measures and increasing its reach into financial and tech sectors.

Billions in stolen cryptocurrency, deep infiltration of global tech firms, and an expanding network of fraudulent IT workers highlight North Korea’s growing cyber capabilities.

While US authorities have intensified efforts to crack down on these operations through federal indictments and cyber task forces, Lazarus remains one of the world’s most active cybercrime syndicates.

With an ability to shift tactics and evade detection, the threat posed by Lazarus Group is far from over.

Want to learn more about blockchain from industry leaders? Check out Blockchain Expo taking place in Amsterdam, California and London.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

The post The rise of Lazarus Group from Sony hacks to billion dollar crypto heists appeared first on TechWire Asia.

Cryptocurrency exchange Bybit has experienced total outflows exceeding $5.5 billion after suffering a $1.4 billion security breach, reportedly carried out by hackers linked to North Korea’s Lazarus Group. The attackers targeted the exchange’s ether cold wallet, prompting Bybit to secure emergency funding to maintain withdrawal operations.

Massive withdrawals and emergency response

Data from DeFiLlama showed assets associated with Bybit’s wallets dropped from $16.9 billion to $11.2 billion following the breach. In an X Spaces session, Bybit CEO Ben Zhou stated that as soon as the attack was identified, the exchange prioritised processing withdrawals. According to Zhou, hackers drained 70% of clients’ ether holdings, forcing Bybit to secure loans to maintain withdrawal liquidity. However, stablecoin withdrawals quickly overtook ether, as most users moved their funds to other platforms.

Bybit had the reserves to support withdrawals, but the situation was complicated when Safe, a decentralised custody protocol, temporarily shut down smart wallet functionalities to address security concerns.

Zhou noted that $3 billion in USDT was locked in a Safe wallet, delaying access to important reserves.

Safe stated on social media that while it had not found evidence of a frontend compromise, certain functionalities were paused as a precautionary measure. With mounting withdrawal requests, Bybit’s security team worked to develop software that manually verified transaction signatures, allowing funds to be moved from the Safe wallet. Despite challenges, the exchange managed to transfer its $3 billion in stablecoin reserves, but not before experiencing a 50% bank run.

Authorities and blockchain analysts investigate

Bybit has engaged law enforcement agencies, including Singaporean authorities and Interpol, to track the stolen assets. Blockchain analysis firms, like Chainalysis, have also been asked to assist in identifying the movements of the stolen funds. Zhou emphasised that Bybit is committed to monitoring the attackers’ activities in the hope that the stolen assets can be traced and recovered.

Rolling back ethereum considered

During the session, Zhou acknowledged that some industry figures, including BitMEX co-founder Arthur Hayes, suggested the possibility of an Ethereum blockchain rollback to recover lost funds. Bybit’s team collaborated with Ethereum co-founder Vitalik Buterin and the Ethereum Foundation to explore alternative solutions.

However, Zhou pointed out that such a choice would require community consensus and is unlikely to be taken unilaterally. “I’m not sure it’s a one-man decision based on the spirit of blockchain. It should be a work in process to see what the community wants,” Zhou said.

A rollback on Ethereum would be technically complex, given its smart contract infrastructure. Any attempt to alter the blockchain’s state would likely lead to a contentious hard fork, splitting the network and facing resistance from parts of the community.

Investigation into the attack

Bybit continues to investigate the exact cause of the security breach. Zhou stated that the exchange’s computers were not compromised, and an internal review of transaction signers has so far revealed no irregularities in their activity. “We know the cause is definitely around the Safe cold wallet. Whether it’s a problem with our laptops or on Safe’s side, we don’t know,” they added.

Bybit replenishes ether reserves after hack

Despite its losses, Bybit has restored a 1:1 backing of client assets after securing additional funds. On-chain tracking service Lookonchain reported Bybit has replenished 446,870 ETH – worth approximately $1.23 billion – through a mix of loans, large deposits, and ether purchases. Blockchain activity suggests that Bybit obtained over $400 million in ETH through over-the-counter trades, an additional $300 million from exchanges, and nearly $300 million through cryptocurrency fund-backed loans.

The ETH price initially saw a 4% rise over the weekend due to increased buying activity but later dropped 2% as market sentiment remained cautious. Meanwhile, Bybit stated that as of Sunday, deposits and withdrawals have returned to normal levels, with deposits slightly exceeding withdrawals.

Attack linked to North Korea’s Lazarus group

The security breach has been linked to the Lazarus Group, an alledgedly state-sponsored North Korean hacking collective known for high-profile cryptocurrency attacks. Blockchain analyst ZachXBT identified transaction patterns similar to those used in previous attacks by Lazarus. The hacking group has been responsible for several major incidents, including the $600 million Ronin Network hack (2022), and a $230 million attack on Indian exchange WazirX in 2024.

Hackers reportedly gained access to Bybit’s cold wallet by manipulating a UI vulnerability and altering smart contract logic to redirect funds. The stolen ether was then split across multiple wallets and exchanged for other assets on other decentralised platforms.

Next steps for Bybit

Following the attack, Bybit has moved a large portion of its funds away from Safe cold wallets and is reviewing alternative custody solutions. The exchange continues to assess work with security experts and law enforcement to recover stolen assets. The case underscores ongoing security risks in the cryptocurrency industry, particularly with the increasing sophistication of cyberattacks targeting centralised exchanges.

Want to learn more about blockchain from industry leaders? Check out Blockchain Expo taking place in Amsterdam, California and London.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

The post Bybit saw $5.5 billion in outflows following crypto’s biggest hack appeared first on TechWire Asia.

The world of data centres is transforming rapidly, but one thing remains constant: certifications are still a smart move for anyone looking to advance their IT career. While data centres shift from traditional facilities to AI-driven powerhouses, certifications are evolving to match the demands of today’s cutting-edge technology, from AI and cybersecurity to sustainability.

What’s the appeal? Higher salaries and job security. According to an InformaTech survey, 77% of data centre professionals reported pay raises last year, with a median salary now at US$130,000. However, not everything is going smoothly. Managers are taking on more responsibilities, overseeing larger teams, and taking on responsibilities in non-technical areas such as finance and sustainability.

The infrastructure landscape is evolving, too, especially with AI driving change. As organisations focus on integrating AI solutions, the need for robust, AI-ready data centres becomes important. “AI is a transformative technology that requires a lot of power, dense computing, and fast networks,” says Robert Beveridge, professor and technical manager at Carnegie Mellon University’s AI Engineering Center. “And they’re very resource-intensive — AI is poised to grow power demand.”

Why certifications matter

Certifications aren’t just resume boosters — they can be career game-changers. For individuals, they validate skills, boost confidence, and open doors to advancement. “Individuals want to seek out certifications for their own knowledge, skills, and competencies,” says Matt Hawkins, director of Uptime Education. “And for their current job or career aspiration and career advancements.”

For employers, certifications offer benefits beyond skills verification. They’re tools for managing risks, retaining staff, and investing in personnel’s professional development. “How do we make sure we’re retaining the individuals we already have? One way to do that is investing in the individual, helping them grow in their roles and careers, and the certification is a way of doing that,” says Hawkins.

There’s financial proof to back it up, too. A Skillsoft survey found that 96% of IT leaders believe certifications hold measurable value, with nearly half estimating certified employees bring an extra $20,000 or more in value to the table.

What about salary growth?

Certifications have historically been tied to salary bumps. According to a Foote Partners’ report, the average market value for IT certifications saw its biggest positive swing in over a decade in 2024. But for data centre-specific certifications, it’s a mixed bag.

“Significant changes in the data centre landscape are impacting pay for related tech talent,” says David Foote, chief analyst at the company. “Right now, cash premiums for these certifications have stagnated. But it probably will rebound within six to 12 months as businesses solidify their AI strategies.”

In other words, now is the perfect time to gear up with certifications, especially as the industry braces for its next wave of transformation.

Which certifications should you consider?

Whether you’re just starting out or been in the field for years, there’s a certification out there to fit most career goals. Entry-level certifications are perfect for those new to the industry, offering foundational knowledge to help would-be professionals understand how data centres operate. For instance, the Uptime Institute’s Data Center Fundamentals program gives a broad overview of the industry, including topics like energy management and market trends. Similarly, CompTIA Server+ focuses on essential server skills, while Schneider Electric’s certification covers physical infrastructure, such as cooling and power systems.

For those with more experience, advanced certifications validate in-depth skills and often open doors to senior roles. Programmes like the Uptime Institute’s Certified Data Center Technician Professional (CDCTP) focus on optimising data centre operations, while Cisco’s CCNP Data Center certification tests candidates’ ability to manage complex networks. VMware’s Data Center Virtualization certification is another great option, focussing on virtualisation technologies, a critical area of modern data centres.

Sustainability-focused certifications are also gaining momentum, reflecting the growing importance of energy efficiency in data centre operations. Uptime Institute’s Certified Data Center Energy Professional (CDCEP) program is designed to help professionals manage energy use effectively, while Schneider Electric’s Professional Energy Manager certification targets comprehensive energy management practices. As sustainability becomes a business imperative, these credentials are increasingly valuable.

Planning your next move

With so many certifications to choose from, the best path depends on your goals. Are you transitioning to a new role? Looking to solidify your expertise? Certifications can guide the way. “Hiring managers look for not just the certification but the motivation behind it,” says Beveridge from Carnegie Mellon. “From a hiring manager perspective, I find that extremely valuable. It tells me that the employee takes initiative, that they want to learn.”

In a time of rapid change, staying ahead of industry trends is key. Whether you’re an entry-level technician or an experienced manager, certifications remain a solid investment in your career. With data centres at the forefront of technological transformation, now’s the time to prepare for the opportunities ahead in the space.

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. Explore other upcoming enterprise technology events and webinars powered by TechForge here.

The post Data centre certifications are still worth it. Here’s why. appeared first on TechWire Asia.

Recent security advisories have identified critical vulnerabilities in QNAP’s Network Attached Storage (NAS) and QuRouter systems, allowing attackers to execute arbitrary commands on compromised devices. These flaws have prompted the company to remind users to update their systems.

QNAP, a well-known provider of network and software solutions with customers such as Accenture, Cognizant, and Infosys, has identified several severe issues in its NAS and router products. The vulnerabilities, which include missing authentication and OS command injection flaws, pose serious risks to users.

In a statement published over the weekend, QNAP acknowledged the issue, saying, “Multiple vulnerabilities have been reported to affect Notes Station 3 and QuRouter.” The company underlined the importance of using the latest updates to minimise risks.

The importance of securing NAS and routers

NAS systems and routers play a crucial role in both personal and professional settings. The devices are essential for centralised data storage, file sharing, and network traffic management. Given their role in storing sensitive data and maintaining connectivity, they are prime targets for cyberattacks.

NAS devices frequently house critical information, such as patient records, business files, and academic research. Routers, like those in QNAP’s QuRouter series, are responsible for ensuring secure and efficient data transmission. Exploiting vulnerabilities in such systems can allow attackers to gain unauthorised access, disrupt operations, or compromise networks.

The growing reliance on remote work and cloud computing has made securing these devices critical. Vulnerabilities like those found in QNAP’s products highlight the need for users to implement timely updates and adopt proactive security measures.

Among the identified issues, a vulnerability tracked as CVE-2024-38643 affects QNAP’s Notes Station 3. The missing authentication flaw could allow remote attackers to access systems without authorisation. The issue has been assigned a critical CVSS severity rating of 9.8/10. It affects Notes Station 3 versions 3.9.x, although QNAP addressed the problem in version 3.9.7 and later.

Another flaw, CVE-2024-38645, is a server-side request forgery (SSRF) vulnerability. After gaining access via the first flaw, attackers can read sensitive application data. This issue has a CVSS rating of 9.4/10.

CVE-2024-38644 is a command-injection vulnerability that enables attackers to execute arbitrary commands on affected systems. While rated slightly lower at 8.8/10, when combined with the other two vulnerabilities, it considerably raises the chance of a full system takeover.

QNAP has also disclosed flaws in its QuRouter networking devices, designed to manage routers for home and business users. The critical vulnerability, CVE-2024-48860, allows remote attackers to execute commands on the host system. This vulnerability has received a CVSS severity rating of 9.8/10.

The problem affects QuRouter versions 2.4.x but was resolved in version 2.4.3.106 of the device’s software. Another vulnerability, CVE-2024-48861, allows local attackers to execute commands on affected systems and carries a CVSS rating of 7.8.

Addressing the security risks

QNAP’s response to the vulnerabilities has been swift, with patches released to address the issues. However, users must act promptly by updating their devices to the latest software. The updates are critical to safeguarding data and maintaining the integrity of networks.

The vulnerabilities in QNAP’s NAS and router systems serve as a stark reminder of the importance of cybersecurity in a connected world. By staying vigilant and applying updates as soon as they become available, users can reduce risk and protect their systems from potential threats.

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Digital Transformation Week, IoT Tech Expo, Blockchain Expo, and AI & Big Data Expo.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

The post QNAP patches severe vulnerabilities in NAS and router systems appeared first on TechWire Asia.

If you’re working from home, chances are you share your computer with family members—maybe even a gamer or two. What you might not know is that a popular open-source game engine, Godot Engine, is being misused in a new malware campaign called GodLoader, which has already infected over 17,000 systems since June 2024.

Cybercriminals have found a clever way to exploit Godot Engine to run malicious code, slipping under the radar of most antivirus software. According to Check Point, “The technique remains undetected by almost all antivirus engines in VirusTotal.” That means your computer could be at risk, especially if it’s being used for both work and gaming.

The Godot Engine, a powerful game development tool, is being targeted because of its flexibility and platform-agnostic nature, allowing malware to spread stealthily across multiple systems. Threat actors are taking advantage of the trust placed in open-source platforms, using the engine’s capabilities to execute devastating cross-platform attacks.

How attackers are spreading GodLoader

This malware operation uses GitHub as a distribution channel, where attackers create hundreds of fake repositories and accounts to make their malware appear authentic. The repositories host Godot Engine executables—files that act as a gateway for malware such as RedLine Stealer and XMRig, a cryptocurrency miner. By using legitimate-looking GitHub repositories and accounts, attackers make it difficult for unsuspecting users to discern the threat. The repositories were released in waves, targeting not only gamers but also developers and general users, illustrating the attackers’ ability to cast a wide net.

The attacks, observed on September 12, September 14, September 29, and October 3, 2024, have introduced a new level of sophistication. Godot Engine executables, also referred to as pack files (.PCK), are exploited to deliver the loader malware. The loader downloads and executes final-stage payloads from Bitbucket repositories, ranging from data-stealing malware like RedLine Stealer to resource-intensive tools like XMRig.

GodLoader’s ability to evade detection is what makes it particularly dangerous. The malware can bypass sandboxes and virtual environments designed for malware analysis. It can manipulate Microsoft Defender Antivirus by adding the entire C:\ drive to the exclusions list, effectively neutralising the security software. While Windows systems are the primary targets, experts believe that adapting the malware to macOS or Linux systems would require minimal effort. This cross-platform flexibility broadens the risk, making the campaign more effective.

Why WfH workers should be concerned

GodLoader poses particularly alarming risks to folks who share their home computers with gamers. Attackers can tamper with legitimate Godot-built games by obtaining the encryption keys used to extract game files. This means that downloading a seemingly harmless game from an untrusted source could bring malware directly into a system.

Work-from-home setups are particularly vulnerable because the lines between personal and professional use blur. Malware doesn’t distinguish between gaming and work files, meaning sensitive work documents, login credentials, and other critical information could be at risk. For remote workers who use their computers for both gaming and accessing corporate networks, the consequences could extend beyond personal loss to jeopardise company data.

The broader implications highlight a growing trend of attackers targeting trusted platforms and brands. Cybercriminals frequently target open-source tools and widely used frameworks due to their popularity and perceived legitimacy. In this case, the Godot Engine, which is trusted by developers worldwide, has inadvertently become a tool in a bigger malicious operation.

The role of open-source security and trust

This campaign is a wake-up call for both individual users and the tech sector as a whole. According to Eli Smadja, security research group manager at Check Point Software Technologies, “The Godot Engine’s flexibility has made it a target for cybercriminals, enabling stealthy, cross-platform malware like GodLoader to spread rapidly by exploiting trust in open-source platforms.” The incident emphasises the significance of proactive cybersecurity measures for Godot’s 1.2 million game users, and anyone sharing a computer with a gamer.

The Godot Security Team responded to the findings, reminding users that malicious programs can be written in any programming language. They emphasised the importance of downloading software only from trusted sources and double-checking executables signed by reputable parties. They also urged users to avoid cracked software, which frequently has hidden risks. Additionally, the team advocates for stronger encryption methods, such as asymmetric-key algorithms, to protect games and systems from tampering.

Steps to remain secure

Individuals and businesses must adopt proactive risk management measures. It is critical to only download software from official sources, verify executable signatures, and steer clear of cracked software. For work-from-home employees, separating personal and professional device use can add an essential layer of security. Keeping antivirus software up to date is equally important, as is investing in advanced solutions capable of detecting unconventional malware techniques.

The GodLoader campaign serves as a reminder of cybercriminals’ continual innovation. By exploiting trusted tools like Godot Engine and using deceptive distribution methods, they’ve infiltrated systems on a massive scale. For those working from home, particularly on shared devices, vigilance and robust security practices are not just recommended—they are imperative.

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Digital Transformation Week, IoT Tech Expo, Blockchain Expo, and AI & Big Data Expo.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

The post GodLoader malware: A threat to WfH workers sharing computers with gamers appeared first on TechWire Asia.

The Wipro CyberTransformSM Optimisation Service, powered by Netskope, will help improve cybersecurity outcomes for technology investments, people, and processes by analysing their current cybersecurity and infrastructure investments. Customers can benefit from consolidation guidelines for better efficiency and enjoy cost-optimised solutions that reduce expenses without compromising on security or performance.

Global Head of Advisory Services, Cybersecurity and Risk Services at Wipro Limited, Saugat Sindhu, says this latest collaboration will help organisations manage the complexity of cybersecurity tools and technologies.

“Many organisations today face the challenge of managing application sprawl with distributed technologies in their cybersecurity operations. Through this partnership with Netskope, we will be able to deliver tailored SASE business cases and comprehensive financial analyses, enabling our clients to optimise their cybersecurity spend and achieve superior performance outcomes.”

The Wipro CyberTransformSM Optimisation Service combines Wipro’s Automated Regulatory Compliance (ArC) and Netskope’s Valueskope platform to help businesses maintain compliance and improve financial efficiency.

ArC is a service that allows users to track any changes in industry-specific national and international regulations, ensuring compliance. Valueskope is an SaaS-based platform offering detailed financial analysis and tailored business cases.

This latest partnership between Wipro and Netskope promises to streamline cybersecurity strategies, enhance compliance, and strengthen technology investments, resulting in improved performance and cost efficiency for global enterprises.

The post Wipro and Netskope partner for cybersecurity appeared first on TechWire Asia.