Critical issues in India's digital lending ecosystem were identified by a RBI working group. These include the existence of fake and illegal apps and unscrupulous money recovery practices. Establishment of a self-regulatory body to oversee operations of lending platforms is recommended.
Researchers have uncovered an ongoing spear-phishing campaign using short-lived Glitch apps that host credential-harvesting URLs and reportedly are able to bypass any defensive tooling. These apps host a SharePoint phishing page containing obfuscated JavaScript designed to harvest credentials.
Hacker group MosesStaff has targeted Israeli organizations with encryption attacks, according to Check Point researchers. Archived records show that at least 16 organizations - including the Israel Post, the Ministry of Defense and Israeli Intelligence Corps Unit 8200 - were targeted.
Google’s Threat Analysis Group has released details of a watering hole campaign targeting a macOS zero-day exploit chain to install a never-before-seen malware on devices of users visiting Hong Kong websites of a media outlet and a prominent pro-democracy labor and political group.
Cloud video conferencing provider Zoom has released patches for multiple vulnerabilities in its product that could have allowed criminals to intercept data from meetings and attack customer infrastructure.
NSO Group CEO-designate Itzik Benbenisti, currently NSO's co-president, has resigned from the Israel-based intelligence company, citing its blacklisting by the U.S. Department of Commerce last week. But the company has other troubles, too.
The top cybercrime threats facing organizations in Europe and beyond include ransomware affiliate programs, more sophisticated mobile malware and cryptocurrency-hawking investment fraud, among other types of crime, according to Europol's latest Internet Organized Crime Threat Assessment.
Vulnerabilities in Apple Pay, Samsung Pay and Google Pay allow attackers to make unlimited purchases using stolen smartphones enabled with express transport schemes, according to a research report from Positive Technologies. These findings were presented at Black Hat Europe this week.
A subsidiary of the Central Depository Services Ltd. has patched a critical vulnerability that exposed sensitive data such as Permanent Account Numbers, income and net worth, broker names, amount of annual income tax return filed and CDSL client IDs for close to 44 million Indian investors.
Microsoft's November Patch Tuesday security update covers 55 security fixes, six of which are zero-day vulnerabilities, with two flaws being actively exploited in the wild. Does the relatively low number for November mean there is a patch backlog at Microsoft?
The calculus facing cybercrime practitioners is simple: Can they stay out of jail long enough to enjoy their ill-gotten gains? A push by the U.S. government and allies aims to blunt the ongoing ransomware scourge. But will practitioners quit the cybercrime life?
Threat actors have breached critical systems internationally by exploiting a recently patched vulnerability in Zoho’s ManageEngine product ADSelfService Plus, with a suspected Chinese threat group leveraging leased infrastructure to scan hundreds of vulnerable organizations.
Two researchers from the University of Cambridge have discovered a vulnerability that affects most computer code compilers and many software development environments, according to a new research paper. The bug could cause a SolarWinds-like open-source supply chain attack scenario, they say.
While doing digital transformation, CISOs tend to look more at technology and try to adapt it without making the distinction between technologies that are must-have and good to have. Krishnamurthy Rajesh of ICRA says CISOs must analyze risks, update security, and change the mindset of employees.
Six national data protection and privacy authorities – from Australia, Canada, Gibraltar, Hong Kong SAR, China and Switzerland - have joined with the U.K. information Commissioner’s Office to issue guidance to video teleconferencing companies on privacy, calling for end-to-end encryption.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.