Asokan is senior correspondent for Information Security Media Group's global news desk. She has previously worked with IDG and other publications where she reported on developments in technology, minority-rights and education.
President Joe Biden is asking Congress to boost CISA's budget by $110 million to help enable the agency to address a range of cybersecurity issues following several high-profile incidents in the past six months.
Attackers are targeting unpatched SAP applications, and the exploits could lead to the hijacking of the vulnerable systems, data theft and ransomware attacks, SAP and Onapsis Research Labs report. They note that patches for most of the flaws have been available for several years.
A Russian-speaking cybercriminal recently sold on a darknet forum thousands of stolen payment and gift cards that researchers at Gemini Advisory believe were taken from the now-defunct online gift card exchange Cardpool.com.
CISA and the FBI warn in a new alert that unidentified nation-state actors are scanning for three vulnerabilities in Fortinet's operating system, FortiOS, to potentially target government agencies and companies for cyberespionage.
Although SolarWinds has released a second round of patches for flaws in its Orion network monitoring platform that was targeted in a supply chain attack, some security experts say organizations need to go far beyond patching to manage the risks involved.
Attackers are exploiting a critical remote code vulnerability in F5 Networks' BIG-IP server network traffic security management platform, for which the company released patches on March 10. The vulnerability is considered highly critical.
There has been a spike in web shells being detected as ransomware gangs and other attackers increasingly target vulnerable on-premises Microsoft Exchange servers following publication of proof-of-concept attack code for ProxyLogon, which is one of four zero-day flaws patched by Microsoft in early March.
Email security vendor Mimecast, which was targeted by the SolarWinds supply chain hack in January, reports in a Tuesday update that the hackers used the "Sunburst" backdoor as an initial attack vector to steal some source code. But Mimecast says it "found no evidence of any modifications" to that code.
Microsoft has released an interim mitigation tool designed to help smaller organizations take quick action to prevent attacks that exploit the unpatched ProxyLogon flaw in on-premises Microsoft Exchange servers.
Microsoft is warning users of its Azure cloud platform that hackers are using several "living off the land" attack techniques to evade security measures, escalate privileges and deploy cryptominers. The software giant released a threat detection and mitigation strategy for the platform.
A Microsoft-themed phishing campaign is using phony Google reCAPTCHA in an attempt to steal credentials from senior employees of various organizations, a new report by security firm Zcaler says. The company says it prevented more than 2,500 phishing emails tied to the campaign.