Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.
Vulnerabilities in internet-connected temperature monitoring devices - and an accompanying desktop application - mainly used in hospitals could be exploited by hackers to exfiltrate sensitive data or compromise temperature monitoring integrity, researchers warn.
A vulnerability in a common implementation of the firmware booting up desktop computers powered by Intel chips could allow attackers to obtain ongoing persistence, warn security researchers. The flaw is a buffer overflow vulnerability in the Phoenix Technologies SecureCore UEFI implementation.
Cybersecurity researchers say an experiment in developing a fake, malicious extension for Microsoft's Visual Studio Code, the world's most popular integrated development environment, succeeded beyond their wildest expectations. VSCode doesn't manage permissions or visibility, the researchers said.
A ransomware operation with a history of exploiting widespread internet vulnerabilities lost little time in making use of a critical-severity vulnerability in scripting language PHP. The TellYouThePass ransomware group sees opportunity whenever system administrators must scramble to patch systems.
A promise of better security through biometrics fell short after security researchers dismantled an access system made by a Chinese manufacturer and discovered that it contained 24 vulnerabilities. ZKTeco specializes in hybrid biometric verification technology.
Half a dozen vulnerabilities in a moderately priced Netgear router could allow attackers to bypass authentication, putting home users and small businesses at risk. The flaws could cause unauthorized access, network manipulation and exposure of sensitive data.
A financially motivated hacker claims to have stolen over 34 gigabytes of data belonging to Singapore-based Telecom company Absolute Telecom. The hacker dubbed GhostR claims to have access to the company's data including corporate accounting, credit cards and customer information.
A critical remote code execution vulnerability in PHP for Windows, affecting all releases since version 5.x, requires immediate action from server administrators. The flaw enables attackers to execute arbitrary code on remote PHP servers through an argument injection attack.
This week, Robinhood said it will acquire Bitstamp in a $200 million deal, a senior promoter of the Forcount crypto Ponzi scheme pleaded guilty, crypto scammers targeted work-from-home job seekers, and Tether and CoinGecko warned of crypto phishing attacks.
Networking solutions vendor Zyxel fixed critical vulnerabilities in end-of-life network-attached storage devices that allow remote code execution. It left two vulnerabilities allowing attacks by authenticated local attackers unpatched.
Financially motivated hackers with a track record of data breaches claimed on a criminal forum that they stole data from Australian logistics company Victorian Freight Specialists. GhostR said in a Tuesday post on BreachForums that the group possesses 846 gigabytes of company data taken on May 26.
Cybercriminals are targeting European banking clients with a phishing-as-a-service platform that retails for between $130 and $450 per month. The VB3 phishing kit supports real-time interaction to allow fraudsters to bypass MFA,and it handles the QR Codes and PhotoTAN methods.
The onset of war between Israel and Hamas led to a spike in cyberattacks against operational technology, says Microsoft in a warning to critical infrastructure operators about the dangers of internet-exposed operational technology.
Cryptomining malware that might be North Korean in origin is targeting edge devices, including a zero-day in Palo Alto Networks' custom operating system that the company hurriedly patched in April. It appears threat actors operate their own mining pools or pool proxies rather than using public ones.
A gaming Wi-Fi router contained a zero-day that allowed a remote unauthenticated attacker to execute arbitrary code - a flaw that a static analysis cybersecurity firm attributed to insecure coding practices. Routers are a perennial source of risk to enterprises and home users alike.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.