An employee of a Ukrainian utility company installed an unlicensed version of Microsoft Office from a torrent website resulting in two remote access Trojans infecting the company's systems. The Computer Emergency Response Team of Ukraine attributes the malware to a group it tracks as UAC-0145.
A West Virginia hospital will soon begin notifying patients and employees affected by ransomware attackers who leaked data on the dark web. Hackers encrypted a handful of servers hosting historic "institutional data," including budget documents, cost reports and payments to vendors.
The Royal ransomware group has been running a social engineering campaign designed to trick targets into thinking they've fallen victim to a crypto-locking and data exfiltration attack by giving them a purported list of what was stolen that, if opened, installs Royal ransomware, researchers warn.
India is leading the digital payments revolution on the world stage with its widely accepted unified payments interface. N. Rajendran, the chief digital officer of the Multi Commodity Exchange of India, who has worked on UPI since its inception, discusses its successful implementation.
Retired Lt. Gen. Deependra Singh Hooda recommends applying military principles to assess and enhance cybersecurity readiness and organizational resilience of enterprises. By drawing parallels with military strategies, he stressed the need to prepare for and adapt to evolving threats.
The proposed Personal Data Protection and Privacy Bill, which was tabled in the Indian Parliament, needs to guarantee the fundamental right of privacy and have a methodology to establish a secure data flow across the border, under Section 17 of the IT Act, said retired Justice B.N. Srikrishna.
Indian national cybersecurity coordinator and retired Lt. Gen. Rajesh Pant says Indian enterprises need to start investing in cybersecurity to respond to increasing cyberattacks since cyberspace is now borderless and interconnected with little attribution.
Days after Google suspended the popular budget e-commerce application Pinduoduo from its Play Store, researchers are alleging that the Chinese app can bypass phones' security and monitor activities of other apps, including accessing private messages and changing settings.
Security researchers have uncovered more evidence that the North Korean Lazarus Group is responsible for the software supply chain attack on 3CX, a voice and video calling desktop client used by major multinational companies. Tools and code samples match previous Lazarus hacks.
Ukrainian law enforcement busted a transnational group of scammers that used more than 100 phishing websites to defraud Europeans. The scammers embezzled nearly $4.4 million by fooling more than 1,000 victims into handing over payment card details, police said.
Hackers have used a modular toolkit called "AlienFox" to compromise email and web hosting services at 18 companies. Distributed mainly by Telegram, the toolkit scripts are readily available in open sources such as GitHub, leading to constant adaptation and variation in the wild.
Rules coming in April could require publicly traded companies to disclose a breach within four days of deeming it material as well as board member cybersecurity expertise. The SEC in March 2022 proposed a mandate that companies disclose "material" incidents within four business days of discovery.
The parent company of subprime lender TitleMax says hackers made off with the Social Security numbers and financial account information of up to nearly 5 million individuals. The company notified the FBI and "believes the incident has been contained." Hackers stole information over an 11-day period.
Every CISO's dream includes improved outcomes, maturity, increased return on security investments and a faster response to cyber incidents. Retired Commander Sanjeev Singh, CISO and data protection officer at Birlasoft, shares his secret of adopting XDR and realizing that dream.
Every week, Information Security Media Group rounds up cybersecurity incidents in the world of digital assets. In focus between March 24 and 30: SafeMoon, an update on Euler Finance, crypto-stealing Clipper malware, BitKeep, theft fail at Swerve Finance, THORChain, APT43 and an update on ParaSpace.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.