Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.
This week, Solana npm package attack, a Brazilian banking giant entered crypto trading and a Nebraska man pleaded guilty to cryptojacking. Australia tightened rules for crypto businesses and crypto losses dropped in 2024 and DMM Bitcoin will cease operations.
A malware campaign targeting Russian retailers and service businesses aims to deploy remote access tools and install infostealer malware. Kaspersky dubbed the campaign "Horns&Hooves," after a fake organization set up by fraudsters in the 1931 Soviet satirical novel "The Little Golden Calf."
A threat actor is targeting Taiwanese companies using phishing emails and long-standing vulnerabilities to deliver SmokeLoader malware. The threat actor uses plugins for the infamous malware to directly attack systems rather than using SmokeLoader, as its name suggests, as a loader for other malware.
An apparent Russian script kiddie is converting widespread security gaps into powerful botnets capable of launching global-scale distributed denial-of-service attacks. A threat actor with the online moniker "Matrix" is exploiting IoT vulnerabilities such as default credentials and outdated software.
The Taiwanese NAS maker QNAP Systems on Saturday patched multiple flaws in its operating system and applications that could allow attackers to compromise network storage devices. The patch also included multiple flaws in QNAP's router operating system QuRouter OS.
A South Asian threat actor identified as Mysterious Elephant or APT-K-47 by Knownsec 404 researchers is using a Hajj-themed lure to trick victims into malicious payload disguised as a Windows file. The hacker is using upgraded Asyncshell malware disguised as a Microsoft Compiled HTML Help file.
The U.S. National Institute of Standards and Technology plans to revise its Internet of Things cybersecurity framework to address evolving risks posed by emerging technologies and use cases, such as AI and immersive tech. The proposed updates will broaden the focus to entire product ecosystems.
A widely deployed five-in-one security plug-in for WordPress websites contained a flaw that hackers could automate into a large-scale takeover campaign. The critical authentication bypass vulnerability takes advantage of a now-patched flaw in the Really Simple Security plug-in.
Security flaws in a cloud platform for remotely configuring and monitoring Internet of Things gadgets could expose millions of devices to remote code execution hacks. Security researchers at Claroty's Team82 uncovered 10 vulnerabilities in the widely used OvrC cloud platform.
Iranian state hackers are taking a page out of North Korean tactics to entice job seekers into downloading malware, with security researchers spotting a Tehran campaign directed against the aerospace industry. It's possible that Pyongyang shared its attack methods and tools.
French multinational Schneider Electric disclosed critical vulnerabilities in its Modicon M340, Momentum and MC80 programmable automation controllers. The vulnerabilities could allow unauthorized access, data manipulation and system interruptions.
Android Spynote malware is masquerading as antivirus software to exploit Android processes to infiltrate devices, seize control and steal sensitive information from unsuspecting users. A report from Cyfirma shows the malware disguising itself as "Avast Mobile Security" in a recent campaign.
A malicious Python package that mimics a popular SSH automation library has been live on PyPi since 2021 and delivers payloads that steal credentials and create backdoors. The package steals AWS access and secret keys, sending them to a remote server operated through a VPN in Paris
As OT systems become more interconnected, traditional air gaps disappear, creating new risks, said Joseph Carson, chief security scientist and advisory CISO at Delinea. The convergence of IT and OT environments requires a stronger focus on protecting digital identities and access controls.
Organizations mistakenly believe their operational technology systems are air-gapped and immune to cyberthreats. Dawn Cappelli, director of OT-CERT at Dragos, discusses why these assumptions are dangerous security gaps and why organizations need to rethink their approach to OT security.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing paymentsecurity.io, you agree to our use of cookies.