Asokan is senior correspondent for Information Security Media Group's global news desk. She has previously worked with IDG and other publications where she reported on developments in technology, minority-rights and education.
The U.S. National Security Agency has issued "zero trust" guidance aimed at securing critical networks and sensitive data within key federal agencies. The NSA adds it is also assisting Defense Department customers with the zero trust implementations.
Microsoft has patched a critical vulnerability in Windows that can be exploited by tricking users to visit websites that use a malicious font. The flaw was found by Google's Project Zero bug-hunting team.
The Russian hacking group known as Turla is deploying a new IronPython-based malware loader called "IronNetInjector" as part of a new campaign, Palo Alto Networks' Unit42 reports. It comes with capabilities to obfuscate malware codes and encrypt and decrypt NET injector and payloads.
Critical, unpatched vulnerabilities that could enable hackers to access sensitive data have been found in India's National Critical Information Infrastructure Protection Center, according to ethical hacking group Sakura Samurai.
A Nigerian national has been sentenced to 10 years in prison after pleading guilty to taking part in a business email compromise operation that extorted $11 million from its victims, according to the U.S. Department of Justice.
A remote code vulnerability in the Android version of the file-sharing app SHAREit could allow hackers to tamper with the app's permissions, enabling them to steal sensitive data, reports security firm Trend Micro.
Microsoft has patched a 12-year-old vulnerability in Microsoft Defender that, if exploited, could enable nonadministrative users to escalate privilege in the application. The patch was made after security firm SentinelOne recently notified Microsoft about the flaw.
Siemens has mitigated 21 vulnerabilities in two of its virtualization software tools that, if exploited, could enable attackers to gain remote control, exfiltrate data or cause systems to crash. It's urging customers to shift to updated versions of the software that fix the flaws.
Researchers at the security firm Lookout have identified two new Android spyware tools used for cyberespionage campaigns in South Asia which they say are linked to "Confucius," an pro-India advanced persistent threat group.