The union government chastised the operator of Indian Railways ticket booking website Rail Yatri for failing to prevent a December data leak that compromised the personal information of 30 million users. The breach came to light when a criminal underground forum user put the data up for sale.
The Indian government's cybersecurity chief on Friday touted international cooperation on cybercrime and said the union government is preparing legislation to combat threats in cyberspace. National Cyber Security Coordinator Rajesh Pant spoke Friday at ISMG's DynamicCISO Conference in Mumbai.
Records of more than half a million customers of a lending service owned by India's largest private sector bank are apparently downloadable for free on a criminal data breach forum. HDFC Bank says it detected a data breach at one of its service providers that processes customer information.
Threat actors actively targeting multinational clients of data center outsourcers and help desk providers in China and Singapore are posting stolen credentials for sale on data leak sites, and cybersecurity firm Resecurity says these actions could be part of a nation-state cyberespionage campaign.
The Australian government says it will centralize its approach to securing federal agencies by appointing a coordinator to head the new National Office for Cyber Security within the Department of Home Affairs. The appointment comes after back-to-back major data breaches.
The Asia-Pacific region had the dubious distinction of being the global region that faced the most cyberattacks during 2022, as observed by IBM's threat intelligence platform. IBM says the region accounted for 31% of all incidents monitored during 2022.
India and Singapore made it easier and cheaper for their citizens to send and receive money through the integration of UPI and PayNow, but could this move lead to a rise in cross-border online payment scams? Reports of UPI-related fraud surged in India in 2022.
Group-IB says a July 2022 spear-phishing attempt on its own employees came from the Chinese threat actor known variously as Tonto Team and CactusPete. Tonto Team may be a unit of China's People's Liberation Army. Malwarebytes says the group has ramped up spying against Russian government agencies.
The South Korean government sanctioned four North Korean individuals and seven organizations for their involvement in illegal cyber activities to finance the totalitarian regime's nuclear and missile development programs. Stolen cryptocurrency is a principle source of hard currency for North Korea.
Australia's Department of Defense will rip out cameras made by Chinese manufacturers Hikvision and Dahua while the government considers whether to ban their use across all federal agencies. Chinese-made technology has come suspicious internationally for alleged influence by Chinese intelligence.
Cybercriminals found a way to circumvent OpenAI's prohibition on using its natural language artificial intelligence model for malicious purposes, say researchers who already spotted low-level hackers using the firm's ChatGPT chatbot for a machine-learning assist in creating malicious scripts.
Hong Kong police and Interpol disrupted an international criminal operation that planted banking Trojans through SMS phishing messages that appeared to originate from a legitimate source. Hong Kong police told the South China Morning Post the gang appears to be based overseas.
An Indian cybersecurity official highlighted Djvu ransomware as a threat, saying that "maximum companies" are attacked by the malware, a variant of the Stop family of ransomware. Djvu often infects computers by masquerading as software whose activation key has been cracked by hackers.
The BlackCat ransomware-as-a-service group says it's selling 2 terabytes worth of military data including classified documents culled from Indian explosives and propellant manufacturer Solar Industries. Ransomware criminals say they've stolen specifications of rocket propellant and warheads.
Researchers from cybersecurity firm WithSecure say they spotted a North Korean espionage campaign they dub "No Pineapple" that reveals a slew of tools in the Pyongyang hacking arsenal. They're confident the hackers were North Korean: One hacker connected to an infected server using a DPRK address.