Nair is principal correspondent for Information Security Media Group's global news desk. He has previously worked at TechCircle, IDG, Times Group and other publications where he reported on developments in enterprise technology, digital transformation and other issues.
Attackers have been actively targeting Log4j vulnerabilities, or Log4Shell, vulnerabilities in the servers of virtualization solution VMware Horizon to establish persistent access via web shells, according to an alert by the U.K. National Health Service.
After the defacement of multiple Ukrainian government websites last week and subsequent deployment of destructive malware against Ukraine over the weekend, Lithuanian officials have offered to deploy the EU's Cyber Rapid Response Team to help Ukraine deal with cyberattacks.
More than a year after the December 2020 cyberattack on Accellion's File Transfer Appliance, the company has agreed to an $ 8.1 million settlement to resolve a class action against it following the data exposure that resulted in the theft of both consumer and patient data.
Microsoft released its first rollout of 2022 patches that covers 96 new CVEs, plus 24 CVEs patched by Microsoft Edge (Chromium-based) earlier this month and two other CVEs fixed previously in open-source projects. This makes a January total of 122 CVEs. Nine are rated critical in severity.
Cybercrime gang FIN7 is impersonating the U.S. Department of Health and Human Services and Amazon to trick enterprises in the U.S. into using a malicious flash drive, according to the FBI. The threat actor targeted undisclosed companies in the transportation, defense and insurance sectors.
Researchers have identified a new wave of phishing attacks exploiting a vulnerability in the comments feature of Google Docs to deliver malicious phishing websites. It hit more than 500 inboxes across 30 tenants, with hackers using more than 100 different Gmail accounts, Avanan researchers say.
A California man has pleaded guilty to his role in a scheme to commit a $50 million wire and securities fraud that involved the creation of fake websites to solicit funds from investors, the Department of Justice announced Wednesday.
A Zloader malware campaign has been exploiting Microsoft’s digital signature verification to steal cookies, passwords and sensitive information, according to Check Point Research. The threat actor, likely MalSmoke, used legitimate remote management software to gain initial access.
Remember Y2K? Widespread disruption was feared since systems that rendered dates as two digits needed to be updated to work with four. Well, Microsoft Exchange just issued a workaround to fix a fatal error that disrupted email delivery due to a date check failure with the change of the New Year.
The U.S. e-commerce website, PulseTV, recently disclosed a data security breach involving over 200,000 customer credit card details. It is believed that only customers who purchased products on the website with a credit card between Nov. 1, 2019 and Aug. 31, 2021 may have been affected.
A vulnerability in Polygon, a framework used to build Ethereum-compatible blockchain networks, has been fixed. The bug, discovered by white hat hackers at bug bounty platform Immunefi, would have put 9,276,584,332 MATIC, worth nearly $23 billion, at risk.
LastPass says none of its users accounts have been compromised, although multiple users of the password manager reported receiving email warnings that are normally sent to users who log in from different devices and locations, causing them to think their master passwords had been compromised.
Internet-based photo-sharing and publishing company Shutterfly says a ransomware attack has disrupted some its operations. The company is currently assessing the full scope of damage, but says no financial account information or Social Security numbers have been leaked.
Security researchers have discovered two severe vulnerabilities in a popular WordPress SEO plug-ins used by more than 3 million website owners. If left unpatched, the vulnerabilities could enable an attacker to take advantage of a privilege-escalation bug and an SQL-injection problem.
French IT services firm Inetum Group has confirmed that it was the subject of a ransomware attack last week that disrupted certain operations. The group has ruled out, however, that the incident has any links to the Log4j vulnerability.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.
