Asokan is senior correspondent for Information Security Media Group's global news desk. She has previously worked with IDG and other publications where she reported on developments in technology, minority-rights and education.
A Russian government-backed hacking group that's been tied to a series of cyberespionage campaigns has been quietly exploiting a critical remote code execution vulnerability in Exim email servers since 2019, the U.S. National Security Agency warns in an alert.
"Hack for hire" groups operating in India are spoofing World Health Organization emails to steal credentials from financial services and healthcare firms around the world, according to Google's Threat Analysis Group.
Turla, a sophisticated hacking group with suspected ties to the Russian government, recently used a revamped version of its malware to target government entities in Eastern Europe, according to new research from the security firm ESET.
The Maze ransomware gang has started releasing payment card data from an attack that happened earlier this year at Banco BCR, the state-owned Bank of Costa Rica. The cybercriminal gang is now threatening to release more of customers' financial data each week.
Microsoft is warning Windows users about an ongoing "massive" COVID-19-themed phishing campaign that is attempting to install the NetSupport Manager on devices. Attackers can turn NetSupport into a remote access Trojan, or RAT.
Hackers tried two methods of exploiting a zero-day vulnerability in Sophos' XG firewall, but Sophos says it made a temporary fix that mitigated the risks. Attackers originally attempted to plant a Trojan, but then switched to ransomware.
A recent phishing campaign bypassed multifactor authentication protections within Microsoft Office 365 to steal users' credentials stored in the cloud or launch other attacks, according to the security firm Cofense.
Although FBI technicians were able to gain access to data in two iPhones belonging to a Saudi national who killed three U.S. sailors at a military base in Pensacola, Florida, the Justice Department continues to criticize Apple's refusal to offer law enforcement a backdoor to its encrypted devices.
The operators of the REvil ransomware strain are attempting to ratchet up pressure on a New York law firm to pay a $42 million ransom, threatening to release more data on the firm's roster of celebrity clients. So far, the REvil gang has released about 2 GB of legal information related to Lady Gaga.
A sophisticated cyber-espionage campaign using spyware called Mandrake has been targeting Android users for at least four years, according to security firm Bitdefender. The malware has the ability steal a range of data, including SMS authentication messages from banks.
A sophisticated hacking group associated with the North Korean government that's been tied to a number of high-profile attacks, including WannaCry, is using three new malware variants, according to the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency.
A recently discovered cyber-espionage toolkit called Ramsay is designed to infiltrate air-gapped networks to steal documents, take screenshots and compromise other devices, according to the security firm ESET.
The operators behind the Zeus Sphinx malware have added new features and functionality to the Trojan, and more cybercriminals have deployed it within phishing campaigns that use the COVID-19 crisis as a lure, according to IBM X-Force. The Trojan has become more efficient at stealing banking data.
Cognizant estimates that the April ransomware attack that affected its internal network will cost the IT services firm between $50 and $70 million, according to the company's latest financial report. The company has said that the Maze ransomware gang was behind the attack.
Over the last five years, a hacking group that's apparently tied to China has been targeting government ministries in the Asia-Pacific region as part of a cyber-espionage campaign, according to Check Point Research.