Security researchers at SonarSource discovered five vulnerabilities that create a critical vulnerability chain in elFinder, an open source web file manager. An updated version of the manager patches the flaws.
Researchers at The Citizen Lab at the University of Toronto say they've found a new zero-click iMessage exploit that's been used by the government of Bahrain to install the NSO Group's Pegasus spyware on the devices of human rights and political activists.
The Biden administration is hosting a White House meeting Wednesday with technology, banking, insurance and education executives to focus on cybersecurity and national security issues, such as protecting critical infrastructure from attacks and how to hire more security professionals to meet demand.
ALTDOS, an advanced persistent threat group, has recently targeted several organizations in Singapore by waging "double extortion" ransomware attacks in an attempt to gain ransom payments, local government authorities say.
Threat modeling can help give organizations the extra insights needed to secure their on-premises and cloud environments at a time when attackers are using increasingly sophisticated methods to gain entry to networks and maintain persistence. Experts offer tips on making the right moves.
Want defensive advice from a ransomware-wielding attacker? In a tell-all interview, a LockBit 2.0 representative not only extols the virtues of his malware, but also advises would-be victims to hire red teams, keep their software updated and educate employees to resist social engineering attacks.
Now that the RBI has issued guidance on how payment system operators must manage risks associated with third-party relationships to help prevent fraud, security experts say that the regulator needs to promote compliance among outsourcers and hold them accountable for fraud prevention.
Google has removed eight fake cryptomining apps from its Play Store, but researchers at security firm Trend Micro have flagged 120 other apps on users' phones purporting to also be cryptomining. Users paid for services the eight apps never delivered.
To help balance security and user convenience, organizations should offer centralized user access to applications, says Krishnamurthy Rajesh, head of IT and information security at ICRA, an India-based credit rating agency.
Despite these financial headwinds, new ways are emerging for FIs to differentiate on the quality of fraud prevention and outreach they can provide to customers.
The U.S. and Singapore have announced three agreements to expand their collaborative efforts - including shoring up information sharing, research and training - to address global cybersecurity issues.
Researchers at Mnemonics Labs have found a vulnerability in the server name indication, or SNI, of the TLS Client Hello extension. Exploitation could enable attackers to bypass the security protocol of many security products, leading to stealthy exfiltration of data, researchers say.
To protect manufacturing operations and data, there are some important cybersecurity gaps to address. Cybersecurity company Lookout explains how to close the five most common security gaps in manufacturing, which are created as a result of digital transformation.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.