Asokan is senior correspondent for Information Security Media Group's global news desk. She has previously worked with IDG and other publications where she reported on developments in technology, minority-rights and education.
Google removed two Android apps made by Baidu, a Chinese company, from its Google Play store after security researchers found they were collecting and possibly leaking data that could have been used to track individuals.
Researchers have identified a fresh variant of the Grelos skimmer that has co-opted the infrastructure that MageCart uses for its own skimming attacks against e-commerce sites, according to RiskIQ. The malware has been found on several small and mid-size e-commerce sites worldwide.
The Chinese hacking group "Cicada" is exploiting the critical Zerologon vulnerability in Windows Server as part of a cyberespionage campaign that's mainly targeting Japanese companies' locations around the world, according to the security firm Symantec.
A recently identified Chinese hacking group dubbed "FunnyDream" has targeted more than 200 government entities in Southeast Asia since 2018 as part of an ongoing cyberespionage campaign, according to research from Bitdefender.
North Korean hackers are suspected of carrying out a supply chain attack that targeted businesses in South Korea using stolen digital certificates, according to researchers with ESET. The analysts believe that this campaign is related to the Lazarus Group.
Citing human rights concerns, the European Parliament is moving toward tightening export rules for companies that sell so-called dual-use technologies, such as spyware, to countries outside the EU's 27 member countries.
A hacking operation that targeted defense contractors earlier this year was more expansive than first thought, with hackers using never-before-seen malicious tools to target specific victims, McAfee reports. A North Korean-linked APT group is suspected of carrying out the attack.
The Hong Kong Monetary Authority's Cybersecurity Fortification Initiative 2.0, an updated version of a framework designed to strengthen cyber resilience in the banking and financial sector, will officially roll out in January and be implemented over the following two years.
A recently identified hacking group dubbed UNC1945 used a never-before-seen zero-day vulnerability in the Oracle Solaris operating system to target corporate networks and plant malware, according to FireEye Mandiant. This threat actor is known to focus on telecom, financial and consulting firm targets.
Aleksandr Brovko, a Russian national, has been sentenced to eight years in federal prison for stealing personally identifiable data and online banking credentials using a botnet, according to the U.S. Justice Department. Federal prosecutors estimate the losses at $100 million.
Turla, a hacking group based in Russia, is deploying a revamped set of customized tools to target potential victims, including a European government agency, for its espionage campaigns, according to Accenture.
The Treasury Department has issued sanctions against a Russian research institute that U.S. officials now claim helped deploy Triton, destructive malware designed to damage industrial control systems. The announcement follows other economic penalties levied against Iran in the same week.
The Treasury Department has fined the owner of two bitcoin "mixing" sites $60 million for violating anti-money laundering laws. It's the first time the department's Financial Crimes Enforcement Network has issued a civil monetary penalty against the operator of a cryptocurrency site.