Nair is principal correspondent for Information Security Media Group's global news desk. He has previously worked at TechCircle, IDG, Times Group and other publications where he reported on developments in enterprise technology, digital transformation and other issues.
The increasing reliance on collaboration tools such as Slack and Discord to support those working remotely during the COVID-19 pandemic has opened up new ways for fraudsters and cybercriminals to bypass security tools and deliver malware, Cisco Talos reports.
Capital One is warning additional customers that their Social Security numbers may have been exposed in a massive 2019 breach. Meanwhile, a suspect in the breach is slated to go to trial in October.
A Kansas man faces federal charges for allegedly accessing the network of a local water treatment facility and tampering with the systems that control the cleaning and disinfecting procedures, according to the Justice Department. The charges follow a similar security incident at a Florida facility.
An Israeli citizen who served as the administrator of the now-shuttered DeepDotWeb portal that connected internet users with dark web marketplaces selling malware, data and contraband has pleaded guilty to a money laundering conspiracy charge.
VMware has issued patches for two critical vulnerabilities in its IT operations management platform, vRealize Operations, which, if expoited, could allow attackers to steal administrative credentials.
Android device users are being targeted by a sophisticated spyware app that disguises itself as a "system update" application, warns mobile security firm Zimperium. The app can steal data, messages and images and take control of phones.
Users of the OpenSSL crypto library should upgrade immediately to the latest version to eliminate serious flaws that attackers could exploit to shut down servers, some security experts warn.
The SolarWinds supply chain attackers manipulated OAuth app certificates to maintain persistence and access privileged resources, including email, according to researchers at Proofpoint.
Swiss cybersecurity firm Prodaft says it has accessed several servers used by an advanced persistent threat group tied to the SolarWinds supply chain attack. These attackers continue to target large corporations and public institutions worldwide, with a focus on the U.S. and the European Union, the researchers say.
This tax season, as in years past, a major phishing campaign is targeting U.S. taxpayers in an effort to deliver malware, according to researchers at security firm Cybereason. This time, the messages contain remote access Trojans.
As concerns about the number of attacks targeting domain name system protocols continue to grow, the NSA and CISA have released new guidance on how to choose and deploy a Protective Domain Name System service to strengthen security.
Ahead of presenting a long-term review of national security strategy in Parliament on Tuesday, U.K. Prime Minister Boris Johnson issued a statement calling for a boost to the country’s capacity to conduct cyberattacks on foreign adversaries.
An ongoing spear-phishing campaign by the threat group TA800 is distributing a new malware loader based on the Nim programming language that's designed to help avoid detection, according to the cybersecurity company Proofpoint.
Adobe has released security updates to address eight vulnerabilities, which, if exploited, could enable an attacker to take control of an affected system.
A new phishing campaign distributes ZLoader malware using advanced delivery techniques that demonstrate sophisticated understanding of Microsoft Office document formats and techniques, the security firm Forcepoint X-Labs reports.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.
