Google says it spotted two "highly targeted" advanced spyware campaigns using zero-days in the Android and iOS operating systems and vulnerabilities in the Samsung Internet Browser. The U.S. Cybersecurity and Infrastructure Security Agency ordered agencies to patch many of the vulnerabilities.
Indian police busted six members of an alleged criminal gang that sold the personal data of 168 million Indian citizens, including defense personnel and government employees. Cyberabad Metropolitan Police Commissioner Stephen Raveendra called the operation a national security risk.
Security researchers uncovered a Pakistani cyberespionage group employing fresh tactics to target workers at India's Defense Research and Development Organization and steal sensitive military secrets. A new campaign uses a PowerPoint file containing information about the India-developed K-4 missile.
Google suspended popular budget e-commerce application Pinduoduo from the Play Store after detecting malware on versions of the Chinese app downloadable from other online stores. Chinese security researchers say they found code designed to monitor users inside Pinduoduo versions.
The union government chastised the operator of Indian Railways ticket booking website Rail Yatri for failing to prevent a December data leak that compromised the personal information of 30 million users. The breach came to light when a criminal underground forum user put the data up for sale.
The Indian government's cybersecurity chief on Friday touted international cooperation on cybercrime and said the union government is preparing legislation to combat threats in cyberspace. National Cyber Security Coordinator Rajesh Pant spoke Friday at ISMG's DynamicCISO Conference in Mumbai.
Records of more than half a million customers of a lending service owned by India's largest private sector bank are apparently downloadable for free on a criminal data breach forum. HDFC Bank says it detected a data breach at one of its service providers that processes customer information.
Threat actors actively targeting multinational clients of data center outsourcers and help desk providers in China and Singapore are posting stolen credentials for sale on data leak sites, and cybersecurity firm Resecurity says these actions could be part of a nation-state cyberespionage campaign.
The Australian government says it will centralize its approach to securing federal agencies by appointing a coordinator to head the new National Office for Cyber Security within the Department of Home Affairs. The appointment comes after back-to-back major data breaches.
The Asia-Pacific region had the dubious distinction of being the global region that faced the most cyberattacks during 2022, as observed by IBM's threat intelligence platform. IBM says the region accounted for 31% of all incidents monitored during 2022.
India and Singapore made it easier and cheaper for their citizens to send and receive money through the integration of UPI and PayNow, but could this move lead to a rise in cross-border online payment scams? Reports of UPI-related fraud surged in India in 2022.
Group-IB says a July 2022 spear-phishing attempt on its own employees came from the Chinese threat actor known variously as Tonto Team and CactusPete. Tonto Team may be a unit of China's People's Liberation Army. Malwarebytes says the group has ramped up spying against Russian government agencies.
The South Korean government sanctioned four North Korean individuals and seven organizations for their involvement in illegal cyber activities to finance the totalitarian regime's nuclear and missile development programs. Stolen cryptocurrency is a principle source of hard currency for North Korea.
Australia's Department of Defense will rip out cameras made by Chinese manufacturers Hikvision and Dahua while the government considers whether to ban their use across all federal agencies. Chinese-made technology has come suspicious internationally for alleged influence by Chinese intelligence.
Cybercriminals found a way to circumvent OpenAI's prohibition on using its natural language artificial intelligence model for malicious purposes, say researchers who already spotted low-level hackers using the firm's ChatGPT chatbot for a machine-learning assist in creating malicious scripts.