Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.
Operators of a Russian-speaking ransomware group launched a new encryptor with enhanced measures for defeating cyber defenders including wiping logs, disrupting backup systems and stopping decryption without insiders knowledge. The same group disrupted London hospitals in a July attack.
Traditional technology risk frameworks may suffice for AI threats, but organizations must strengthen their approach to talent management and workforce resourcing to address emerging challenges in artificial intelligence deployment, said Jenny Tan, president, ISACA Singapore Chapter.
Traditional data center security approaches do not translate very well to cloud environments as cloud computing and Layer 7 applications have fundamentally changed the way organizations should implement security controls, said Traceable AI's Richard Bird.
A recently constituted and apparently well-resourced ransomware player is developing and testing tools to disable security defenses, including a method that exploits a vulnerability in drivers. Embargo first surfaced in April amid an ongoing shakeup in the ransomware world.
More incidents, vulnerability remediation timelines that can stretch into a year and mismatched budget priorities - such is the state of operational technology cybersecurity in 2024, according to participants in an annual SANS survey. Incident response remains a weak point.
In the evolving landscape of digital transformation, cybersecurity should become a reflex and not just a ritual. Security organizations need to promote cultural change in addition to security tools, said Milind Mungale, former CISO of Protean eGov Technologies Ltd.
The proliferation of data in today’s hyperconnected world presents both opportunities and risks. Rigo Van den Broeck, executive vice president of cybersecurity at Mastercard, said the sheer scale and accessibility of data require organizations to adopt proactive cybersecurity strategies.
Ivanti confirmed that hackers are exploiting an SQL injection vulnerability in its Ivanti Endpoint Manager enabling remote code execution, despite the company addressing the issue with a patch in May. The flaw allows unauthenticated attackers within the same network to execute arbitrary code.
Don't pull data from an operational technology network: OT networks should push data out. Segment critical OT networks. Don't introduce cybersecurity systems into an OT network unless administrators can guarantee they won't hinder a restart after a complete loss of electricity.
Rackspace confirmed that criminals exploited a zero day vulnerability in a ScienceLogic third-party application, forcing the cloud-hosting provider to take monitoring dashboards offline. ScienceLogic confirmed it issued a patch for the zero-day remote code execution vulnerability.
Now patched vulnerabilities in online services from carmaker Kia allowed attackers to remotely control vehicle functions using only a license plate number, putting millions of cars at risk. The flaws were present in the South Korean automaker's official website for owners and in its iOS app.
Attackers can exploit a series of vulnerabilities in the OpenPrinting Common Unix Printing System utility to remotely execute arbitrary code on certain machines. Major Linux distributions reacted Friday by releasing patches. Exploitation requires a victim to attempt to print from a malicious device.
Industrial control systems made by different manufacturers for monitoring fuel storage tanks including those used in everyday gas stations contain critical zero-days that could convert them into targets for cyberattacks that cause physical damage.
FBI and U.S. Department of Homeland Security officials are in Arkansas City, Kansas, to investigate a cyberattack at the city's water treatment facility. "There has been no disruption to service. Out of caution, the Water Treatment Facility has switched to manual operations," said the city manager.
A new version of the Octo Android malware is spreading across Europe, posing as legitimate apps such as NordVPN and Google Chrome. The latest iteration includes advanced anti-detection mechanisms and a domain generation algorithm for command-and-control communication.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.