Nair is principal correspondent for Information Security Media Group's global news desk. He has previously worked at TechCircle, IDG, Times Group and other publications where he reported on developments in enterprise technology, digital transformation and other issues.
Microsoft is making available the CodeQL queries it used to detect malicious implants in the massive supply chain attack that affected SolarWinds, tech firms and government agencies.
Security firm Positive Technologies says more than 6,000 VMware vCenter devices worldwide that are accessible via the internet contain a critical remote code execution vulnerability. VMware has issued recommendations for patching the flaw.
The operators behind the Minebridge remote-access Trojan have updated the malware, which is targeting security researchers by using a malicious payload disguised in an attached document, according to the security firm Zscaler.
The Python Software Foundation is issuing updates for Python 3.9.2 and 3.8.8 to address critical security vulnerabilities, including a remote code execution vulnerability that can be exploited to shut down systems.
A newly-discovered phishing campaign posts harvested credentials using the Telegram messaging app's application programming interface to bypass secure email gateways, report researchers at the Cofense Phishing Defense Center.
Venture capital firm Sequoia Capital confirmed it was recently involved in a "cybersecurity incident," but offered no details on exactly what may have transpired. Cybersecurity teams and law enforcement agencies have been notified.
More than 1,000 developers likely worked on rewriting code for the massive SolarWinds supply chain attack that affected many companies and U.S. government agencies, Microsoft President Brad Smith said in a Sunday interview, pointing out the attack is most likely continuing.
Two more breaches have been tied to the vulnerable 20-year-old Accellion File Transfer Appliance. The latest victims are Singapore telecom company Singtel and Australian medical research institute QIMR Berghofer.
SAP has issued a patch and remediation advice for a critical remote code execution vulnerability in its SAP Commerce product that could, if exploited, disrupt the entire system.
Hackers used a fake Forcepoint extension, leveraging the Google Chrome Sync feature, to exfiltrate data and send commands to infected browsers, according to a report by a Croation security researcher writing for the SANS Institute.
Researchers at Kaspersky are warning that fraudsters are targeting Discord users with a scam centered on a fake cryptocurrency exchange and using the lure of free bitcoin or ethereum cryptocurrency to steal money and personal data.
The Fonix ransomware gang has closed down its operations and has released a decryptor key, according to Malwarebytes and Kaspersky. But security researchers warn the gang, like others, might re-emerge with new tactics.
Bharti Airtel, one of the largest telecommunications firms in India, is refuting claims by an independent security researcher that data on more than 2.5 million subscribers was breached and offered for sale by hackers.
Security researchers at Armorblox uncovered an unusual invoice-themed phishing campaign designed to extract victims' Microsoft Office 365 login credentials, alternate email addresses and phone numbers.
Malwarebytes researchers have uncovered unusual payment card skimming code designed to harvest data that is already being stolen by other hackers on a website.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.
