Because ransomware attacks in the region are surging, CERT-In has issued an advisory offering tips for preventing ransomware infections and responding to attacks. It advises organizations not to pay ransoms and to report attacks immediately to law enforcement.
More than 60,000 servers running Microsoft's out-of-support IIS 6.0 server software may be vulnerable to a newly revealed zero-day exploit. No patch will be produced, but a workaround can blunt an attack.
The Indian government's move to demonetize high-value currency has given impetus to online and card transactions, creating new challenges for ensuring cashless transactions are secure, says Dr. A.S. Ramasastri, director at the Institute for Development and Research in Banking Technology.
As the threat landscape evolves, with risks exposed by newer technologies and commoditization of attack infrastructure, the motives of targeted attackers may also be evolving as they try new ways to influence change in an increasingly digital world.
The FBI recently warned that hackers are targeting FTP servers run by healthcare organizations in order to obtain medical records. New statistics show more than 750,000 FTP servers can be accessed anonymously worldwide.
A scareware campaign has been locking iOS devices with faux ransomware, demanding a payoff via virtual iTunes gift cards, security researchers warn. A fix for the exploited iOS flaw is included in a massive batch of product patches and updates released by Apple.
An analysis of British Home Secretary Amber Rudd's call for law enforcement to gain access to encrypted communications services, such as WhatsApp, leads the latest edition of the ISMG Security Report. Also, a preview of ISMG's Fraud and Breach Prevention Summit in San Francisco.
Microsoft's docs.com service has been an open window to viewing people's personal data. The company appears to have taken some steps to contain the exposure, but those watching closely say sensitive data can still be found via search engines.
Following last week's Westminster attack in London, British Home Secretary Amber Rudd is demanding that police and intelligence agencies be given on-demand access to end-to-end encrypted communications services such as WhatsApp.
WikiLeaks has released a second batch of CIA attack tools, dubbed Dark Matter, which includes malware designed to exploit Mac OS X and iOS devices. But Apple contends the attacks target vulnerabilities in its software that have long been patched, so users are not at risk.
With the rapid changes in the threat landscape and the risks introduced by DevOps, the cloud and other new elements, organizations need to have a continuous vulnerability assessment program as a security baseline, says Richard Bussiere of Tenable Network Security.
The U.S. Justice Department is reportedly preparing to charge multiple "Chinese middlemen" with helping to orchestrate the $81 million Bangladesh Bank heist on behalf of North Korea. Security experts have long been reporting that the attack code and tactics appear to trace to North Korea.
Password manager LastPass has deployed a server-side fix to repair a vulnerability that could have allowed an attacker to steal a victim's passwords. It's the latest finding from Tavis Ormandy of Google's Project Zero, who's since reported another flaw in LastPass.
RBI has mandated that all banks migrate to Aadhaar-based biometric authentication for electronic payment transactions by June 30. But some information security experts question whether the the technology can handle the potential volume of transactions.