Apurva Venkat

Principal Correspondent

Apurva Venkat is principal correspondent for the India editions of CIO, CSO, and Computerworld. She has previously worked at ISMG, IDG India, Bangalore Mirror, and Business Standard, where she reported on developments in technology, businesses, startups, fintech, e-commerce, cybersecurity, civic news, and education.

Microsoft patches 3 vulnerabilities in Azure API Management

Microsoft patches 3 vulnerabilities in Azure API Management

The vulnerabilities comprise url formatting bypasses and an unrestricted file upload functionality in the API Management developer portal, according to cybersecurity firm Ermetic.

Malware disguised as ChatGPT apps are being used to lure victims, Meta says

Malware disguised as ChatGPT apps are being used to lure victims, Meta says

Since March, Meta has discovered malware using ChatGPT and other AI themes to steal user data and compromise business accounts.

BlackCat group releases screenshots of stolen Western Digital data

BlackCat group releases screenshots of stolen Western Digital data

The screenshots included an image of a meeting that was held by the company to discuss the response to the recent cybersecurity incident.

White House seeks information on tools used for automated employee surveillance

White House seeks information on tools used for automated employee surveillance

The information will be used to ascertain if employers are violating antitrust and privacy laws, including whether companies use technologies to artificially reduce wages.

Chinese hackers launch Linux variant of PingPull malware

Chinese hackers launch Linux variant of PingPull malware

The identification of a Linux variant of PingPull malware, as well as the recent use of the Sword2033 backdoor, shows Alloy Taurus continues to evolve its operations in support of its espionage activities.

Iranian hacking group targets Israel with improved phishing attacks

Iranian hacking group targets Israel with improved phishing attacks

Research by CheckPoint presents a new and improved infection chain leading to the deployment of a new version of a Windows backdoor called PowerLess.

Hackers behind 3CX breach also breached US critical infrastructure

Hackers behind 3CX breach also breached US critical infrastructure

The attackers have been linked to North Korea and appear to be involved in cyberespionage and financially motivated attacks.

Iran cyberespionage group taps SimpleHelp for persistence on victim devices

Iran cyberespionage group taps SimpleHelp for persistence on victim devices

Group-IB researchers have also identified a previously unknown command and control infrastructure and a PowerShell script that APT group MuddyWater is using for its cyberespionage and IP theft attacks.

New Qbot campaign delivers malware by hijacking business emails

New Qbot campaign delivers malware by hijacking business emails

The new Qbot email campaign uses a combination of PDF and WSF to install the malware and steal the victim’s banking credentials.

Google urges users to update Chrome to address zero-day vulnerability

Google urges users to update Chrome to address zero-day vulnerability

Google has released Chrome version 112.0.5615.121 to address a vulnerability that can allow malicious code execution on Windows, Mac, and Linux systems.

Stolen ChatGPT premium accounts up for sale on the dark web

Stolen ChatGPT premium accounts up for sale on the dark web

There has been an increase in discussions and trades related to ChatGPT on the dark web since March, according to Check Point.

Microsoft patches vulnerability used in Nokoyawa ransomware attacks

Microsoft patches vulnerability used in Nokoyawa ransomware attacks

The vulnerability identified as CVE-2023-28252 is a privilege escalation flaw affecting the Windows Common Log File System driver.

OpenAI starts bug bounty program with cash rewards up to $20,000

OpenAI starts bug bounty program with cash rewards up to $20,000

Based on the severity and impact of the reported vulnerability, OpenAI will hand out cash rewards ranging from $200 for low-severity findings to up to $20,000 for exceptional discoveries.

3CX DesktopApp compromised by supply chain attack

3CX DesktopApp compromised by supply chain attack

3CX will be releasing an update for the DesktopApp in the next few hours; meanwhile, users are urged to use the PWA Client instead.

DarkBit puts data from Israel’s Technion university on sale

DarkBit puts data from Israel’s Technion university on sale

DarkBit had previously demanded 80 bitcoins as ransom, and said it would sell the data within five days if the ransom went unpaid.

Hackers changed tactics, went cross-platform in 2022, says Trend Micro

Hackers changed tactics, went cross-platform in 2022, says Trend Micro

Ransomware groups are adopting corporate structures, Microsoft macros are no longer an easy target, and the Rust programming language is making it easier to write multiplatform malware.

Part of Twitter source code leaked on GitHub

Part of Twitter source code leaked on GitHub

Twitter has filed a case in the US District Court for the Northern District of California seeking GitHub to identify the person who shared the code.

As critical Microsoft vulnerabilities drop, attackers may adopt new techniques

As critical Microsoft vulnerabilities drop, attackers may adopt new techniques

As critical Microsoft software vulnerabilities decline, attackers will need to chain together less severe exploits to achieve code execution, elevate system privilege levels, and move around victim networks.

Developed countries lag emerging markets in cybersecurity readiness

Developed countries lag emerging markets in cybersecurity readiness

Organizations in Asia-Pacific countries including Indonesia, the Philippines, Thailand, and India are generally more prepared for cyberattacks than their peers in more economically developed nations, according to a new Cisco report....

BianLian ransomware group shifts focus to extortion

BianLian ransomware group shifts focus to extortion

The shift in the operating model comes as a result of Avast’s release of a decryption tool that allowed a victim of the BianLian ransomware gang to decrypt and recover their files without paying the ransom.

Load More