Nair is principal correspondent for Information Security Media Group's global news desk. He has previously worked at TechCircle, IDG, Times Group and other publications where he reported on developments in enterprise technology, digital transformation and other issues.
Acer fixed high-severity bugs that hackers could use to disable the secure boot in several laptops built by the Taiwanese manufacturer. The vulnerability could give threat actors control over operating system boot process and allow them to disable some protection mechanisms.
India's flagship combined public medical university and hospital continues to grapple with the fallout of a cyber incident it underwent last Wednesday. Patient care services remain affected as of Tuesday as physicians and staff use manual processes in place of disabled electronic systems.
In the next three years, CISOs face daunting challenges, including rapidly changing threat vectors, new APT attacks and the implementation of new defensive solutions, says Anuprita Daga, chief information security officer and chief data protection officer at Yes Bank.
The operators behind the banking Trojan SharkBot are targeting Google Play users to spread its malware masquerading as Android file manager apps that already have tens of thousands of installations, according to researchers from Bitdefender.
A hacking-for-hire group dubbed "Bahamut" is distributing malicious apps through a fake SecureVPN website that enables Android apps to be downloaded from Google Play. Research found that hackers use malicious versions of SoftVPN, SecureVPN and OpenVPN software.
Software life cycle management has always been part of the development team, but organizations are now looking to extend the process beyond the development team to manage the entire supply chain, says Nahas Mohammed, regional sales director at GitHub India.
DevSecOps is about security enablement at every stage within the organization - the people, process and technology. To begin the DevSecOps journey, organizations should enable and empower technology teams to think about secure design first, says GitHub's Hatim Matiwala.
The U.S. government seized seven fake cryptocurrency domains used in a confidence scam based on long-term emotional manipulation of victims that netted criminals more than $10 million. Perpetrators scammed five victims by spoofing the website of the Singapore International Monetary Exchange.
Researchers say Black Basta is dropping QBot malware in a widespread ransomware campaign targeting mostly U.S.-based companies. In the group's latest campaign, attackers are again using the QakBot to install a backdoor and then drop in encryption malware and other malicious code.
A large-scale cyberespionage campaign by notorious China-based advanced persistent threat actor Mustang Panda is targeting government, academic and other sectors globally. Its main targets include Asia-Pacific organizations in Myanmar, Australia, the Philippines, Japan and Taiwan.
The U.S. Department of Justice on Friday charged 10 individuals with using business email compromise and money laundering schemes to target public and private insurers. These schemes targeted Medicare, state Medicaid programs, private health insurers and numerous other victims.
The U.S. Federal Trade Commission pushed until June 9 the date for nonbanking financial firms to follow cybersecurity mandates in the updated Safeguards Rule. The agency approved the update in a partisan vote in October 2021, imposing requirements such as a written information security program.
It's been a year since Beijing imposed regulations requiring disclosure to authorities of vulnerabilities - a period that correlated with an uptick in zero-day exploitation by Chinese state-backed hackers, says computing giant Microsoft. China is likely stockpiling and weaponizing the disclosures.
With massive digitization and cloud adoption, the attack surface has broadened and new threats have emerged. Challenges like ransomware, supply chain attacks and financial fraud continue to pose problems for security practitioners.
Cybercrime syndicate Robin Banks is back with a new cookie-stealing feature that cybercriminals can purchase as an add-on to the phishing kit in order to bypass multi-factor authentication in attacks and to attract more sophisticated, persistent actors set on compromising specific targets.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.
