Areas Of Expertise
Eva Georgieva
Senior Security Researcher
Eva is a security engineer, researcher, and penetration tester with over 5 years of experience working on both red teams and blue teams.
She specializes in offensive security attacking on-premise infrastructure, cloud infrastructure, and web and mobile applications.
Recent Articles:
Continuous Penetration Testing: How To Lower Costs & Improve Security
There are many definitions of continuous penetration testing. At PurpleSec, we believe conducting a penetration test at least quarterly means you’re continuously assessing your security posture.
Linux Malware Targets 30+ WordPress Plugins
A Linux backdoor malware has been discovered that has the capabilities to exploit around 30 WordPress plugins with the goal to inject malicious JavaScript code.
Kubernetes Clusters Hacked: What You Need To Know
In order to get early access to Kubernetes setups, the threat actors behind the Kinsing Crypto Jacking operation have been seen taking advantage of unprotected and improperly configured PostgreSQL servers.
Rackspace Ransomware Attack: What You Need To Know
Rackspace Technology noticed that users were experiencing issues while trying to access their Exchange Environment which turned out to be a ransomware attack.
15,000 Sites Compromised In A Massive Google SEO Poisoning Campaign
In the second week of November, around 15,000 sites were compromised in a major search engine optimization (SEO) campaign. The threat actors established the attack to redirect the visitors of the websites to fake Q&A discussion forums.
What Is Cloud Penetration Testing? (& When Do You Need It?)
Cloud Penetration Testing is the process of detecting and exploiting security vulnerabilities by simulating a controlled cyber attack on cloud-native systems, where the cloud infrastructure’s security posture is assessed.
White Box Penetration Testing: When Do You Need One?
You may need to conduct a white box penetration test if you want to evaluate your application security, wireless security, infrastructure, network security, or physical security in an assumed breach scenario.
Advocate Aurora Health Exposes Data Of 3M Patients Because Of A Meta Pixel Tracker
Advocate Aurora Health, AAH, a 26-hospital healthcare system in Wisconsin and Illinois, is notifying its patients of a data breach that exposed the personal data of 3 million patients.
2.4 TB Data Leak Caused By Microsoft’s Misconfiguration
Misconfiguration of an endpoint caused a leakage of 2.4 TB of data of Microsoft’s customers. The issue stemmed from a misconfigured Azure Blob Storage and was spotted on September 24, 2022.
Black Box Penetration Testing: When Do You Need One?
A black box penetration test is a security test performed by an external party that is completely unfamiliar with the target. The security assessor (penetration tester) is provided with no information of the system specifics and no credentials except for the target URL.
Sensitive NATO Data Leaked After Cyber Attack
On September 8, Portuguese local news organization, Diario de Noticias reported that the Portuguese Government’s Department of Defense has allegedly been a subject of a cyber security data breach involving exfiltration of confidential NATO documents.
Uber’s Internal Systems Compromised By An 18 Year Old
On September 15th, an 18 year old managed to hack Uber. The hacker reportedly gained control over the company’s internal systems leveraging social engineering techniques that led to compromising an employee’s Slack account.
Cloudflare And Twilio Targets Of A Sophisticated Smishing Attack
Cloudflare revealed on Tuesday, August 9th that they were also targeted by the threat actors who breached Twilio and gained unauthorized access to some of its systems on August 4th.
Twitter Zero-Day Exposed Data Of 5.4 Million Accounts
Confidential data has been exposed in several places on the dark web and the data exposed is also quite new, with files timestamped as recent as June 2022.
Cleartrip Suffers Massive Data Breach
Confidential data has been exposed in several places on the dark web and the data exposed is also quite new, with files timestamped as recent as June 2022.
