Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.
Global data center provider Zenlayer exposed an internal database accessible on the internet, revealing approximately 384 million records. A spokesperson said no internal or customer operational data, credentials or network traffic was affected.
This week, the Zeus leader pleaded guilty, Prudential detected hackers, U.S. telecoms have to report breaches, Microsoft patched zero-days, researchers said Chinese threat intel is faulty, ransomware hit Romanian healthcare entities, Juniper was breached and Poland allegedly previously used Pegasus.
Supply chain security firm Eclypsium found corporate VPN maker Ivanti's Pulse Secure devices - which underwent much emergency patching amid a likely Chinese espionage zero-day hacking campaign - operate on an 11-year old version of Linux and use many obsolete software packages.
A Canadian effort fueled by a surge of car thefts to ban pen-testing devices such as the Flipper Zero that grab wireless signals has provoked a backlash among security researchers and advocates, who accused Ottawa of seeking a scapegoat for bad auto industry security practices.
A still-active phishing campaign using individualized phishing lures is targeting senior corporate accounts in Microsoft Azure environments, said researchers from Proofpoint. They said the hackers have compromised hundreds of user accounts spread across dozens of Microsoft Azure environments.
Here's one reason why Iranian state hackers may have been able to target Israeli-made pressure-monitoring controllers used by American water systems: Nearly 150 of the controllers are exposed to the internet - and some still use the default password 1111.
Software developers are in a race against time to patch a flaw that could result in supply chain attacks, warned the integrated development environment maker JetBrains, which on Monday released an urgent patch for an authentication bypass flaw in its CI/CD TeamCity product.
The novel variant of the banking Trojan Mispadu is targeting Latin American countries, especially Mexico, by exploiting a flaw in Windows SmartScreen. In this latest distribution method, the attackers send spam emails that deliver deceptive URL files that circumvent the SmartScreen banner warning.
Remote desktop application provider AnyDesk acknowledged that hackers recently had gained unauthorized access to the company's production systems in a cyberattack. The firm said it has revoked all security-related certificates as a precaution and is rolling out a new code-signing certificate.
Delivering more proof that the Log4Shell vulnerability is endemic, Akamai researchers detected botnet malware updated to use the flaw as an infection vector. Log4Shell burst into public awareness in late 2021 when security researchers identified a flaw in the ubiquitous Apache Log4J 2 Java library.
U.S. federal prosecutors charged a Florida teenager allegedly involved in a cryptocurrency theft scam that stole at least $800,000 from a minimum of five victims. The suspect, Noah Michael Urban, 19, is part of a cybercriminal group known as Scattered Spider or 0ktapus, reported Brian Krebs.
Hackers are scanning the internet looking for vulnerable instances of the Jenkins server used by software developers for continuous integration and continuous delivery. There are approximately 45,000 exposed Jenkins servers susceptible to a critical remote code execution flaw.
The FBI and the U.S. Department of Justice used a court order to disrupt a Chinese hacking operation that compromised thousands of internet-connected devices and targeted sensitive areas of U.S. critical infrastructure, according to media reports.
Multiple vulnerabilities in a widely used open-source implementation of the UEFI specification allow attackers to introduce malware operating at the firmware level. The vulnerabilities mainly affect server machines in which a boot server delivers the operating system over the local network.
A security vulnerability in Fortra's GoAnywhere managed file transfer software can allow unauthorized users to create a new admin user. The vulnerability is a remotely exploitable authentication bypass flaw. Hackers have targeted file transfer software over the past year, including GoAnywhere MFT.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.