Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.
Cybersecurity researchers say an experiment in developing a fake, malicious extension for Microsoft's Visual Studio Code, the world's most popular integrated development environment, succeeded beyond their wildest expectations. VSCode doesn't manage permissions or visibility, the researchers said.
A ransomware operation with a history of exploiting widespread internet vulnerabilities lost little time in making use of a critical-severity vulnerability in scripting language PHP. The TellYouThePass ransomware group sees opportunity whenever system administrators must scramble to patch systems.
A promise of better security through biometrics fell short after security researchers dismantled an access system made by a Chinese manufacturer and discovered that it contained 24 vulnerabilities. ZKTeco specializes in hybrid biometric verification technology.
Half a dozen vulnerabilities in a moderately priced Netgear router could allow attackers to bypass authentication, putting home users and small businesses at risk. The flaws could cause unauthorized access, network manipulation and exposure of sensitive data.
A financially motivated hacker claims to have stolen over 34 gigabytes of data belonging to Singapore-based Telecom company Absolute Telecom. The hacker dubbed GhostR claims to have access to the company's data including corporate accounting, credit cards and customer information.
A critical remote code execution vulnerability in PHP for Windows, affecting all releases since version 5.x, requires immediate action from server administrators. The flaw enables attackers to execute arbitrary code on remote PHP servers through an argument injection attack.
This week, Robinhood said it will acquire Bitstamp in a $200 million deal, a senior promoter of the Forcount crypto Ponzi scheme pleaded guilty, crypto scammers targeted work-from-home job seekers, and Tether and CoinGecko warned of crypto phishing attacks.
Networking solutions vendor Zyxel fixed critical vulnerabilities in end-of-life network-attached storage devices that allow remote code execution. It left two vulnerabilities allowing attacks by authenticated local attackers unpatched.
Financially motivated hackers with a track record of data breaches claimed on a criminal forum that they stole data from Australian logistics company Victorian Freight Specialists. GhostR said in a Tuesday post on BreachForums that the group possesses 846 gigabytes of company data taken on May 26.
Cybercriminals are targeting European banking clients with a phishing-as-a-service platform that retails for between $130 and $450 per month. The VB3 phishing kit supports real-time interaction to allow fraudsters to bypass MFA,and it handles the QR Codes and PhotoTAN methods.
The onset of war between Israel and Hamas led to a spike in cyberattacks against operational technology, says Microsoft in a warning to critical infrastructure operators about the dangers of internet-exposed operational technology.
Cryptomining malware that might be North Korean in origin is targeting edge devices, including a zero-day in Palo Alto Networks' custom operating system that the company hurriedly patched in April. It appears threat actors operate their own mining pools or pool proxies rather than using public ones.
A gaming Wi-Fi router contained a zero-day that allowed a remote unauthenticated attacker to execute arbitrary code - a flaw that a static analysis cybersecurity firm attributed to insecure coding practices. Routers are a perennial source of risk to enterprises and home users alike.
A North Korean hacking group wants to make money for the cash-starved Pyongyang regime and conduct bread-and-butter cyberespionage, say Microsoft researchers in a profile of a group they track as "Moonstone Sleet." North Korea has a well-established history of hacking for profit.
Why bother building a crypto-locker when Microsoft has perfectly acceptable encryption software preloaded on desktops? Many ransomware hackers agree with that statement - and they're learning to make such attacks even harder to recover from.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.