Nair is principal correspondent for Information Security Media Group's global news desk. He has previously worked at TechCircle, IDG, Times Group and other publications where he reported on developments in enterprise technology, digital transformation and other issues.
The increasing reliance on collaboration tools such as Slack and Discord to support those working remotely during the COVID-19 pandemic has opened up new ways for fraudsters and cybercriminals to bypass security tools and deliver malware, Cisco Talos reports.
Capital One is warning additional customers that their Social Security numbers may have been exposed in a massive 2019 breach. Meanwhile, a suspect in the breach is slated to go to trial in October.
New York state officials are warning insurance and financial firms that fraudsters continue to probe for security weaknesses in websites offering instant quotes, as a way to target consumers' data. Attackers are now using credential stuffing techniques and targeting unprotected data in transition.
A Kansas man faces federal charges for allegedly accessing the network of a local water treatment facility and tampering with the systems that control the cleaning and disinfecting procedures, according to the Justice Department. The charges follow a similar security incident at a Florida facility.
An Israeli citizen who served as the administrator of the now-shuttered DeepDotWeb portal that connected internet users with dark web marketplaces selling malware, data and contraband has pleaded guilty to a money laundering conspiracy charge.
VMware has issued patches for two critical vulnerabilities in its IT operations management platform, vRealize Operations, which, if expoited, could allow attackers to steal administrative credentials.
Android device users are being targeted by a sophisticated spyware app that disguises itself as a "system update" application, warns mobile security firm Zimperium. The app can steal data, messages and images and take control of phones.
Users of the OpenSSL crypto library should upgrade immediately to the latest version to eliminate serious flaws that attackers could exploit to shut down servers, some security experts warn.
The SolarWinds supply chain attackers manipulated OAuth app certificates to maintain persistence and access privileged resources, including email, according to researchers at Proofpoint.
Swiss cybersecurity firm Prodaft says it has accessed several servers used by an advanced persistent threat group tied to the SolarWinds supply chain attack. These attackers continue to target large corporations and public institutions worldwide, with a focus on the U.S. and the European Union, the researchers say.
Ahead of presenting a long-term review of national security strategy in Parliament on Tuesday, U.K. Prime Minister Boris Johnson issued a statement calling for a boost to the country’s capacity to conduct cyberattacks on foreign adversaries.
An ongoing spear-phishing campaign by the threat group TA800 is distributing a new malware loader based on the Nim programming language that's designed to help avoid detection, according to the cybersecurity company Proofpoint.
Adobe has released security updates to address eight vulnerabilities, which, if exploited, could enable an attacker to take control of an affected system.
A new phishing campaign distributes ZLoader malware using advanced delivery techniques that demonstrate sophisticated understanding of Microsoft Office document formats and techniques, the security firm Forcepoint X-Labs reports.
An aviation IT company that says it serves 90% of the world's airlines has been breached in what appears to be a coordinated supply chain attack. Customers of at least four companies - Malaysia Airlines, Singapore Airlines, Finnair Airlines and Air New Zealand - may have been affected by the incident.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.
