Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.
It wasn't a sophisticated hack on Jan. 9 that allowed hackers to briefly take control of an official U.S. Securities and Exchange Commission social media account, the agency said Monday. The hackers simply scammed the account's mobile phone provider in a SIM swap attack.
A federal judge sentenced "Pompompurin," the administrator of a now-defunct data breach marketplace, to 20 years of supervised release - instead of the recommended 15-year prison sentence - for his role in BreachForums, once considered the largest English-language data breach forum of its kind.
Thermostats sold across the globe by German multinational engineering company Bosch contained a flaw allowing hackers to cut power to the heating system and override the firmware, warn researchers from cybersecurity firm Bitdefender. Bosch pushed an over-the-air update in October.
A Chinese state hacking group is attacking superseded Cisco routers to target government entities in the United States, the United Kingdom and Australia. Beijing cyberespionage hackers dubbed "Volt Typhoon" are using vulnerabilities that were first disclosed in early 2019.
Financially motivated Turkish hackers are targeting Microsoft SQL servers in the United States, Europe and Latin America in hacking that ultimately ends with deployment of Mimic ransomware or the sale of access to infected hosts on criminal online markets.
A new cryptomining campaign uses a quirkily customized Mirai botnet to spread cryptomining malware designed to hide the digital wallet that collects the ill-gotten gains. Security researchers at Akamai dubbed the Mirai variation NoaBot when it first appeared in early 2023.
Researchers found a path traversal vulnerability in Kyocera's Device Manager product, which is used for overseeing large printer fleets in mid- to large-sized enterprises. Attackers could exploit the flaw to obtain NTLM hashes by changing the location of a backup database.
Ivanti issued an urgent alert to users of its endpoint security product to patch a critical vulnerability that exposes systems to potential exploitation by unauthorized attackers. The SQL injection vulnerability tracked as CVE-2023-39336 is in all supported versions of Ivanti Endpoint Manager.
Mimecast announced the acquisition of human risk management solutions specialist Elevate Security as part of its initiative to enhance digital workplace protection. The move aims to address evolving cyberthreats by offering insights into human behaviors and risks and empowering customers.
This week, hackers took over Mandiant's X account, authorities charged a Nigerian hacker with stealing $7.5 million from charities, the DOJ fined XCast $10 million for illegal robocalls, and attackers exploited an SMTP smuggling flaw in a phishing email campaign.
Cybersecurity firm SentinelOne is set to acquire PingSafe for an undisclosed sum of cash and stock. The move will integrate PingSafe's cloud-native application protection platform into SentinelOne's Singularity Platform, creating a unified and advanced cloud security solution.
Hackers celebrated the year-end holidays with a malicious "Free Leaksmas" posting on the dark web, releasing 50 million stolen consumer records, including credit card information. Researchers said the leaked data can be used for identity theft and fraud.
This week, a breach at real estate firm Wealth Network exposed 1.5 billion records, Corewell Health patients were hit by a second breach, data of 1.3M LoanCare mortgage customers was exposed, and Yakult Australia admitted to experiencing a "cybersecurity incident" that exposed 95 gigabytes of data.
Hackers are targeting Linux Secure Shell servers to install tools for port scanning and dictionary attacks to compromise other vulnerable servers, forming a network for cryptocurrency mining and distributed denial-of-service attacks, say researchers at AhnLab Security Emergency Response Center.
Microsoft said Iranian state hackers are using a newly developed backdoor to target organizations in the American defense industrial base. The Iranian state threat actor that Microsoft tracks as Peach Sandstorm employed a custom backdoor named FalseFont.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.