Nair is principal correspondent for Information Security Media Group's global news desk. He has previously worked at TechCircle, IDG, Times Group and other publications where he reported on developments in enterprise technology, digital transformation and other issues.
Security researchers at Armorblox uncovered an unusual invoice-themed phishing campaign designed to extract victims' Microsoft Office 365 login credentials, alternate email addresses and phone numbers.
Malwarebytes researchers have uncovered unusual payment card skimming code designed to harvest data that is already being stolen by other hackers on a website.
Embedded software vendor Wind River Systems is investigating a security incident within its internal network, according to a notification filed with California authorities. The data that may have been exposed includes Social Security numbers and passport details.
A data breach of a Washington state auditor's system exposed 1.4 million unemployment claimants’ records. The breach stemmed from an exploit of an unpatched system from Accellion, and the state says it was never notified of the flaw. But Accellion says it notified customers and offered a patch in December.
The operators behind the Agent Tesla remote access Trojan have updated the malware to enable it to disable endpoint protection software and have added features to hide communications, according to a report from the security firm Sophos.
Other darknet marketplaces apparently are preparing to fill the underground economy's need for a steady stream of stolen payment card data if the Joker's Stash site closes Feb. 15 as its administrator has announced. Some researchers believe the administrator may even launch a new marketplace.
A recently updated cryptojacking malware variant called Pro-Ocean, which is associated with hacking group called Rocke, is targeting vulnerable Apache and Oracle WebLogic servers, according to Palo Alto Networks. It now includes rootkit and worming capabilities.
Wireless carrier UScellular is investigating an incident involving hackers tricking employees into downloading malicious software that compromised a customer relationship management platform, exposing personal data.
In Britain, the National Crime Agency and the Financial Conduct Authority warn that the number of "clone firm" scams has significantly increased during the COVID-19 pandemic. Over a six-month period, these fraudulent schemes have led to more than 78 million pounds ($107 million) in losses for victims.
Researchers at the security firm RiskIQ have discovered a phishing kit they call "LogoKit" that fraudsters can use to easily change lures, logos and text in real time to help trick victims into opening up messages and clicking on malicious links.
The operators of the Nefilim ransomware used the credentials of a deceased system administrator to plant their crypto-locking malware in about 100 vulnerable systems during one attack, according to Sophos. These types of "ghost" accounts are an increasing issue for security teams.
The security firm FireEye reports that a recently uncovered phishing campaign spoofed DHL's delivery service as way to collect personal information, including credit card data, from victims.
A Cypriot hacker has pleaded guilty to a pair of federal charges after admitting that he hacked the websites of several U.S. organizations, stole data and then threatened to disclose it unless a ransom was paid, federal prosecutors say.
Threat actors are exploiting vulnerable Microsoft Remote Desktop Protocol servers to amplify DDoS attacks, according to a report from Netscout, which offers mitigation advice.
A Russian national who served as the administrator for the now-defunct Deer.io online clearinghouse - which sold stolen credentials, hacked servers and criminal services, such as assistance performing hacking activities - has pleaded guilty to a federal charge.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
