Nair is principal correspondent for Information Security Media Group's global news desk. He has previously worked at TechCircle, IDG, Times Group and other publications where he reported on developments in enterprise technology, digital transformation and other issues.
The U.K. government is considering new measures to boost cybersecurity standards in the country. The proposed laws recommend levying large fines on essential digital service providers for noncompliance with strict cybersecurity rules, and improving incident reporting.
Attackers have been actively targeting Log4j vulnerabilities, or Log4Shell, vulnerabilities in the servers of virtualization solution VMware Horizon to establish persistent access via web shells, according to an alert by the U.K. National Health Service.
Microsoft released its first rollout of 2022 patches that covers 96 new CVEs, plus 24 CVEs patched by Microsoft Edge (Chromium-based) earlier this month and two other CVEs fixed previously in open-source projects. This makes a January total of 122 CVEs. Nine are rated critical in severity.
Cybercrime gang FIN7 is impersonating the U.S. Department of Health and Human Services and Amazon to trick enterprises in the U.S. into using a malicious flash drive, according to the FBI. The threat actor targeted undisclosed companies in the transportation, defense and insurance sectors.
Researchers have identified a new wave of phishing attacks exploiting a vulnerability in the comments feature of Google Docs to deliver malicious phishing websites. It hit more than 500 inboxes across 30 tenants, with hackers using more than 100 different Gmail accounts, Avanan researchers say.
With increasing data breaches and ransomware attacks, Nilesh Roy says his top priority is implementing a passwordless environment and securing Spocto's data using its artificial intelligence engine, which processes large amounts of personal financial information without any human intervention.
A Zloader malware campaign has been exploiting Microsoft’s digital signature verification to steal cookies, passwords and sensitive information, according to Check Point Research. The threat actor, likely MalSmoke, used legitimate remote management software to gain initial access.
Remember Y2K? Widespread disruption was feared since systems that rendered dates as two digits needed to be updated to work with four. Well, Microsoft Exchange just issued a workaround to fix a fatal error that disrupted email delivery due to a date check failure with the change of the New Year.
LastPass says none of its users accounts have been compromised, although multiple users of the password manager reported receiving email warnings that are normally sent to users who log in from different devices and locations, causing them to think their master passwords had been compromised.
Security researchers have discovered two severe vulnerabilities in a popular WordPress SEO plug-ins used by more than 3 million website owners. If left unpatched, the vulnerabilities could enable an attacker to take advantage of a privilege-escalation bug and an SQL-injection problem.
French IT services firm Inetum Group has confirmed that it was the subject of a ransomware attack last week that disrupted certain operations. The group has ruled out, however, that the incident has any links to the Log4j vulnerability.
Microsoft is urging customers to apply patches issued in November for two Active Directory domain controller bugs following publication of a proof-of-concept tool that leverages these bugs, which when chained can allow easy Windows domain takeover.
Apache has released Log4j version 2.17 to fix yet another high-severity denial-of-service vulnerability - tracked as CVE-2021-45105 with a CVSS score of 7.5 - that affects all versions from 2.0-beta9 to 2.16.0.
Multiple new attacks exploiting the explosive Apache Log4j vulnerabilities have been uncovered, including a newly discovered JavaScript WebSocket attack, threat actors injecting Monero miners via Remote Method Invocation and the comeback of an old and relatively inactive ransomware family.
December’s Microsoft Patch Tuesday covers 67 security fixes, one of which is a zero-day vulnerability spreading Emotet malware. Five of the other bugs are listed as publicly known, but not yet exploited. Additionally, Google, Apple and Adobe also released critical updates.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing devicesecurity.io, you agree to our use of cookies.
