Asokan is senior correspondent for Information Security Media Group's global news desk. She has previously worked with IDG and other publications where she reported on developments in technology, minority rights and education.
Cyberattackers used spyware from the Israeli firm Candiru to target at least 100 human rights defenders, dissidents, journalists and others across 10 countries, according to researchers at the University of Toronto’s Citizen Lab, which tracks illegal hacking and surveillance.
Newly uncovered malware dubbed "BioPass" is targeting clients of Chinese online gambling companies, Trend Micro says. The malware exploits popular livestreaming and video recording app Open Broadcaster Software Studio.
Attackers have been exploiting a zero-day flaw in SolarWinds' Serv-U Managed File Transfer Server and Serv-U Secured FTP software, the security software vendor warns. The company has released patched versions that mitigate the flaw, discovered by Microsoft, and is urging users to update.
Investment banking giant Morgan Stanley is the latest company to report a data breach tied to zero-day attacks on Accellion's legacy File Transfer Appliance - yet another indicator of the sustained impact of supply chain attacks.
Microsoft's emergency, out-of-band patch for a critical remote code vulnerability dubbed "PrintNightmare" falls short in addressing the local privilege escalation part of the flaw, according to security researchers.
U.S. President Joe Biden has ordered federal intelligence agencies to investigate the incident involving IT management software vendor Kaseya. Attackers reportedly compromised Kaseya's remote monitoring system, VSA, potentially affecting scores of managed service providers and their clients.
The European Commission has proposed creating a Joint Cyber Unit to help EU member states respond to and prevent cyberattacks, especially those involving ransomware. The goal is for the unit to begin operations by the end of next year.
Ransomware actors continue to target schools and universities across the U.K., and attacks have surged since February, a new report by the U.K's National Cyber Security Center warns. The agency has also released a free tool to help schools detect any compromise.
The European Commission has released two new tools aimed at easing the current legal hurdles associated with data sharing by European Union-based organizations and other businesses operating in the region. Tech giants embroiled in controversy over the EU's data -sharing polices welcomed the move.
Hackers are exploiting a critical zero-day flaw in the WordPress plug-in Fancy Product Designer, which allows remote code execution, the Wordfence Threat Intelligence team at Defiant Inc. says. Because a patch has not yet been released, the team urges users to immediately uninstall the vulnerable plug-in.
Siemens has released patches for certain automation products that have a critical memory protection vulnerability, which attackers could exploit to run arbitrary code to access memory areas, enabling them to read sensitive data and use it to launch further attacks.