Asokan is senior correspondent for Information Security Media Group's global news desk. She has previously worked with IDG and other publications where she reported on developments in technology, minority-rights and education.
Researchers have identified a fresh variant of the Grelos skimmer that has co-opted the infrastructure that MageCart uses for its own skimming attacks against e-commerce sites, according to RiskIQ. The malware has been found on several small and mid-size e-commerce sites worldwide.
The Chinese hacking group "Cicada" is exploiting the critical Zerologon vulnerability in Windows Server as part of a cyberespionage campaign that's mainly targeting Japanese companies' locations around the world, according to the security firm Symantec.
A recently identified Chinese hacking group dubbed "FunnyDream" has targeted more than 200 government entities in Southeast Asia since 2018 as part of an ongoing cyberespionage campaign, according to research from Bitdefender.
North Korean hackers are suspected of carrying out a supply chain attack that targeted businesses in South Korea using stolen digital certificates, according to researchers with ESET. The analysts believe that this campaign is related to the Lazarus Group.
Citing human rights concerns, the European Parliament is moving toward tightening export rules for companies that sell so-called dual-use technologies, such as spyware, to countries outside the EU's 27 member countries.
A hacking operation that targeted defense contractors earlier this year was more expansive than first thought, with hackers using never-before-seen malicious tools to target specific victims, McAfee reports. A North Korean-linked APT group is suspected of carrying out the attack.
A recently identified Chinese hacking group is using multiple types of Dynamic Link Library side-loading attack techniques to target non-government organizations in Southeast Asia, especially Myanmar, according to Sophos.
The Hong Kong Monetary Authority's Cybersecurity Fortification Initiative 2.0, an updated version of a framework designed to strengthen cyber resilience in the banking and financial sector, will officially roll out in January and be implemented over the following two years.
A recently identified hacking group dubbed UNC1945 used a never-before-seen zero-day vulnerability in the Oracle Solaris operating system to target corporate networks and plant malware, according to FireEye Mandiant. This threat actor is known to focus on telecom, financial and consulting firm targets.
Aleksandr Brovko, a Russian national, has been sentenced to eight years in federal prison for stealing personally identifiable data and online banking credentials using a botnet, according to the U.S. Justice Department. Federal prosecutors estimate the losses at $100 million.
The U.S. government has released additional details that it says further prove that an "Iranian group" sent a series of threatening emails to some Democratic voters in the weeks leading up to the 2020 elections, as part of a disinformation campaign designed to sow confusion.
Turla, a hacking group based in Russia, is deploying a revamped set of customized tools to target potential victims, including a European government agency, for its espionage campaigns, according to Accenture.
A hacking group linked to Iran's government targeted over 100 security and policy experts who are potentially attending two upcoming security conferences with phishing emails designed to steal credentials and gather intelligence, according to Microsoft.
Online disinformation campaigns by nation-state actors are the biggest cyberthreat to the U.S. election as hackers attempt to influence final vote tallies as a way to undermine confidence, according to a Digital Shadows report. Russian hackers are most active, followed by Iran and China.