Asokan is senior correspondent for Information Security Media Group's global news desk. She has previously worked with IDG and other publications where she reported on developments in technology, minority rights and education.
Security researchers have identified two vulnerabilities in the Joomla content management system that can be chained together for complete compromise of the network, a report by security firm Fortbridge finds.
Japanese conglomerate Fujifilm has shut down part of its network after it was compromised in a suspected ransomware attack, the company said in an update on Wednesday. The attack is the latest in a series of ransomware incidents targeting multinational companies.
Hackers are exploiting a critical zero-day flaw in the WordPress plug-in Fancy Product Designer, which allows remote code execution, the Wordfence Threat Intelligence team at Defiant Inc. says. Because a patch has not yet been released, the team urges users to immediately uninstall the vulnerable plug-in.
Siemens has released patches for certain automation products that have a critical memory protection vulnerability, which attackers could exploit to run arbitrary code to access memory areas, enabling them to read sensitive data and use it to launch further attacks.
A newly uncovered ransomware variant dubbed 'Epsilon Red' is targeting organizations in the U.S. hospitality sector, with the threat actor successfully extorting $210,000 from one of its victims, a new report by security firm Sophos notes.
Advanced persistent threat groups are continuing to exploit unpatched flaws in Fortinet products, the FBI warns in a flash alert. For example, an APT group apparently recently exploited a Fortigate appliance to access a web server hosting the domain for a U.S. municipal government, the bureau says.
A week after Ireland's health services provider was hit by a ransomware attack, the Conti gang has provided a decryptor, which officials are now testing to determine whether to use it, Reuters reports. But the gang is still threatening to release stolen data unless a $19 million ransom is paid.
A new WastedLocker malware variant, dubbed WastedLoader, is exploiting two vulnerabilities in Internet Explorer to insert malicious advertisements into legitimate websites, the security firm Bitdefender reports.
Security researchers at FortiGuard Labs have uncovered another DarkSide ransomware variant with destructive capabilities. But the researchers say the variant is "unrelated to the Colonial Pipeline campaign" and no longer active.
Attackers co-opted the Hancitor malware downloader and recently used it to deliver Cuba ransomware as part of an email spam campaign for data exfiltration and ransom extortion, a new report by security firm Group-IB finds.
Security researchers have uncovered a flaw dubbed TsuNAME in DNS resolver software that attackers could used to carry out distributed denial-of-service attacks against authoritative DNS servers. Google and Cisco have resolved the issue in their DNS servers.