Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.
The Log4j vulnerability exists in unpatched versions of Ubiquiti's UniFi Network applications, and is being actively targeted by attackers via a customized exploit, researchers at security firm Morphisec warn. While updates are available, systems remain at risk until patched.
North Korean advanced persistent threat group Lazarus - an entity sanctioned by the U.S. and the United Nations - has emerged with a fresh spear-phishing campaign that exploits Windows Updates to execute a malicious payload, using GitHub as a command-and-control server.
Israeli spyware company NSO's flagship product, Pegasus, was tested by the FBI, according to reports, prior to the company being sanctioned by the U.S in the wake of revelations of misuse of its tools. Now, U.S. venture capital company Integrity Partners is in negotiation to take control of the company.
A memory corruption vulnerability has been uncovered in Polkit’s pkexec, a SUID root program that is installed by default on every major Linux distribution, allowing any unprivileged user to gain root privileges on the vulnerable host.
Twitter has said it is firing Peiter "Mudge" Zatko, the network security expert it hired in November 2020 as head of security. The security team changes - the CISO is also set to depart - follow "an assessment of how the organization was being led," according to a corporate memo shared with The New York Times.
The U.K. government is considering new measures to boost cybersecurity standards in the country. The proposed laws recommend levying large fines on essential digital service providers for noncompliance with strict cybersecurity rules, and improving incident reporting.
Attackers have been actively targeting Log4j vulnerabilities, or Log4Shell, vulnerabilities in the servers of virtualization solution VMware Horizon to establish persistent access via web shells, according to an alert by the U.K. National Health Service.
After the defacement of multiple Ukrainian government websites last week and subsequent deployment of destructive malware against Ukraine over the weekend, Lithuanian officials have offered to deploy the EU's Cyber Rapid Response Team to help Ukraine deal with cyberattacks.
Researchers have uncovered a serious bug in Apple Safari 15 browser that can leak your browsing activity and reveal personal information attached to your Google account.
More than a year after the December 2020 cyberattack on Accellion's File Transfer Appliance, the company has agreed to an $ 8.1 million settlement to resolve a class action against it following the data exposure that resulted in the theft of both consumer and patient data.
Microsoft released its first rollout of 2022 patches that covers 96 new CVEs, plus 24 CVEs patched by Microsoft Edge (Chromium-based) earlier this month and two other CVEs fixed previously in open-source projects. This makes a January total of 122 CVEs. Nine are rated critical in severity.
Cisco Talos researchers have discovered a heap-based buffer overflow vulnerability in the Chitubox Anycubic plug-in. The vulnerability - which scores a 7.8 in criticality - triggers if the user opens a specially crafted .gf file. There is no official fix available.
Cybercrime gang FIN7 is impersonating the U.S. Department of Health and Human Services and Amazon to trick enterprises in the U.S. into using a malicious flash drive, according to the FBI. The threat actor targeted undisclosed companies in the transportation, defense and insurance sectors.
Researchers have identified a new wave of phishing attacks exploiting a vulnerability in the comments feature of Google Docs to deliver malicious phishing websites. It hit more than 500 inboxes across 30 tenants, with hackers using more than 100 different Gmail accounts, Avanan researchers say.
With increasing data breaches and ransomware attacks, Nilesh Roy says his top priority is implementing a passwordless environment and securing Spocto's data using its artificial intelligence engine, which processes large amounts of personal financial information without any human intervention.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.