Nair is principal correspondent for Information Security Media Group's global news desk. He has previously worked at TechCircle, IDG, Times Group and other publications where he reported on developments in enterprise technology, digital transformation and other issues.
The increasing reliance on collaboration tools such as Slack and Discord to support those working remotely during the COVID-19 pandemic has opened up new ways for fraudsters and cybercriminals to bypass security tools and deliver malware, Cisco Talos reports.
Capital One is warning additional customers that their Social Security numbers may have been exposed in a massive 2019 breach. Meanwhile, a suspect in the breach is slated to go to trial in October.
An Israeli citizen who served as the administrator of the now-shuttered DeepDotWeb portal that connected internet users with dark web marketplaces selling malware, data and contraband has pleaded guilty to a money laundering conspiracy charge.
Android device users are being targeted by a sophisticated spyware app that disguises itself as a "system update" application, warns mobile security firm Zimperium. The app can steal data, messages and images and take control of phones.
The SolarWinds supply chain attackers manipulated OAuth app certificates to maintain persistence and access privileged resources, including email, according to researchers at Proofpoint.
Swiss cybersecurity firm Prodaft says it has accessed several servers used by an advanced persistent threat group tied to the SolarWinds supply chain attack. These attackers continue to target large corporations and public institutions worldwide, with a focus on the U.S. and the European Union, the researchers say.
This tax season, as in years past, a major phishing campaign is targeting U.S. taxpayers in an effort to deliver malware, according to researchers at security firm Cybereason. This time, the messages contain remote access Trojans.
As concerns about the number of attacks targeting domain name system protocols continue to grow, the NSA and CISA have released new guidance on how to choose and deploy a Protective Domain Name System service to strengthen security.
An ongoing spear-phishing campaign by the threat group TA800 is distributing a new malware loader based on the Nim programming language that's designed to help avoid detection, according to the cybersecurity company Proofpoint.
A new phishing campaign distributes ZLoader malware using advanced delivery techniques that demonstrate sophisticated understanding of Microsoft Office document formats and techniques, the security firm Forcepoint X-Labs reports.
An aviation IT company that says it serves 90% of the world's airlines has been breached in what appears to be a coordinated supply chain attack. Customers of at least four companies - Malaysia Airlines, Singapore Airlines, Finnair Airlines and Air New Zealand - may have been affected by the incident.
State-sponsored groups in China appear to be targeting India’s power supply by dropping malware into systems, according to online digital threat analysis company Recorded Future. The Indian government says it has taken steps to mitigate the risks.
Microsoft is making available the CodeQL queries it used to detect malicious implants in the massive supply chain attack that affected SolarWinds, tech firms and government agencies.
The operators behind the Minebridge remote-access Trojan have updated the malware, which is targeting security researchers by using a malicious payload disguised in an attached document, according to the security firm Zscaler.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.
