Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.
The U.S. National Security Agency has released guidance on how the Defense Department, other federal agencies and the contractors that support them should replace obsolete encryption protocols that can enable cyber intrusions. NSA also advises other organizations to take the same steps.
JusPay, an Indian online payment platform, acknowledged Monday that it sustained a major breach of customer data in August. The announcement came a day after an independent security researcher reported that data on millions of JusPay customers had been offered for sale on a darknet forum.
Several tech giants, including Microsoft, Google, Cisco and VMware, have filed a brief backing Facebook's lawsuit against Israel-based spyware firm NSO Group, which has been accused of hacking into Facebook-owned WhatsApp's instant messaging app to enable spying by the company's clients.
The NSA has issued a warning about two hacking techniques that could allow threat actors to access cloud resources by bypassing authentication mechanisms. The alert follows a week's worth of revelations over the SolarWinds breach that has affected government agencies and other organizations.
Lawmakers are pressing government agencies for answers following disclosures this week about an advanced persistent threat group's massive hacking campaign involving compromised SolarWinds Orion network management software. Secretary of State Mike Pompeo said Friday Russians "engaged in this activity."
IBM Trusteer reports that a hacking group is using mobile emulators to spoof banking customers' mobile devices and steal millions of dollars from banks in the U.S. and Europe.
Intel and Cisco are among the thousands of SolarWinds Orion customers that were running a Trojanized version of the security software. FireEye, together with Microsoft and GoDaddy, have devised a "kill switch" to disrupt attackers' ability to access the malware on at least some infected systems.
Point-of-sale device manufacturers Verifone and Ingenico have released fixes for flaws in some of their devices after researchers found the vulnerabilities could have enabled attackers to steal payment card data, clone cards or install malware.
An ongoing phishing campaign designed to harvest Office 365 credentials is using a Microsoft Outlook migration message, according to researchers at Abnormal Security. These fake messages have landed in about 80,000 inboxes so far.
Permanent Account Numbers and other personally identifiable information of 7 million debit and credit cardholders in India are circulating on darknet discussion forums, an independent security researcher has discovered.
"Molerats," an Arabic-speaking advanced persistent threat group that has been targeting victims for several years, is now abusing Facebook accounts, as well as other cloud-based platforms, to deploy previously undocumented malware as part of an ongoing espionage campaign, according to Cybereason.
Alexander Vinnik, a Russian national who founded the now-defunct BTC-e cryptocurrency exchange, has been found guilty of money laundering in France and has been sentenced to five years in prison, according to media reports. He faces additional charges in the U.S. and Russia.
Twenty-five countries are likely using spyware sold by a company called Circles that can snoop on mobile phone calls and text messages, according to The Citizen Lab, a research organization based at the University of Toronto.
Fraudsters are increasingly exploiting the auto-forwarding feature in compromised email accounts to help conduct business email compromise scams, the FBI warns.
As part of a cyberespionage campaign, the Russian hacking group known as Turla deployed a backdoor called "Crutch" that uses Dropbox resources to help gather stolen data, according to the security firm ESET.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.asia, you agree to our use of cookies.