Exposed Container Orchestration Systems Putting Many Orgs at Risk
6/18/2018More than 22,600 open container orchestration and API management systems discovered on the Internet.
Post a Comment
Author
Profile of Jai Vijayan
Freelance writer News & Commentary Posts: 547Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics including Big Data, Hadoop, Internet of Things, E-voting and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, IL.
Articles by Jai Vijayan
More than 22,600 open container orchestration and API management systems discovered on the Internet.
Post a Comment
Trump-Kim Meeting Was a Magnet For Russian Cyberattacks
6/15/2018Attacks directed at targets in Singapore went through the roof earlier this week.
Post a Comment
Intel Discloses Yet Another Side Channel Vulnerability
6/14/2018Moderate severity Lazy FP restore flaw affects Intel Core-based microprocessors.
Post a Comment
Containerized Apps: An 8-Point Security Checklist
6/14/2018Here are eight measures to take to ensure the security of your containerized application environment.
Post a Comment
US Slaps Sanctions on Five Russian Entities, Three Individuals for Cyberattacks
6/11/2018Executives from two of the cybersecurity firms on the list say action is unwarranted; another says it's even a Russian entity.
Post a Comment
FBI Slaps New Charges Against Researcher Who Stopped WannaCry
6/7/2018Federal authorities charged Marcus Hutchins with lying to the government and authoring a second piece of malware in addition to the Kronos banking Trojan.
Post a Comment
VPNFilter Poses Broader Threat Than First Thought; Endpoints At Risk Too
6/6/2018New research shows the router and NAS system malware affects more vendor devices as well, Cisco Talos says.
Post a Comment
Financial Services Organizations Face More Sophisticated Threats Than Others
6/5/2018With companies in the financial sector getting better at blocking ordinary threats, attackers have begun going after them with more sophisticated malware, Lastline says.
Post a Comment
US-North Korea Summit News Used as Lure In New Malware Campaign
6/4/2018Previously known threat actor Group 123 likely behind NavRAT malware, security vendor says.
Post a Comment
Open Bug Bounty Offers Free Program For Websites
6/1/2018Non-profit says it will triage and verify certain kinds of Web vulnerability submissions at no cost for those who sign up.
Post a Comment
Banking Botnet Operators Strike Profit-Sharing Partnership
5/31/2018Instead of ripping each other's malware out of victim systems, the groups behind Trickbot and IcedID are playing nice with each other, says Flashpoint.
Post a Comment
Dozens of Vulnerabilities Discovered in DoD's Enterprise Travel System
5/30/2018In less than one month, security researchers participating in the Pentagon's Hack the Defense Travel System program found 65 vulnerabilities.
Post a Comment
6 Ways Third Parties Can Trip Up Your Security
5/29/2018Poor access control, inadequate patch management, and non-existent DR practices are just some of the ways a third party can cause problems
Post a Comment
Growing Job Pressures Increase Risk of Burnout for Cybersecurity Professionals
5/23/2018A new Trustwave survey shows information security executives and practitioners are under increasing pressure from trying to keep up with threats and compliance mandates.
Post a Comment
Las Vegas Most Insecure Cyber City in US; St. Louis Least Vulnerable
5/22/2018Forty-three percent chance of users connecting to high or medium-risk networks in Las Vegas - compared to less than 1% risk in least vulnerable areas, Coronet says.
Post a Comment
Federal Jury Convicts Operator of Massive Counter-Antivirus Service
5/17/2018Scan4You helped thousands of criminals check if AV products could detect and block their malware tools.
Post a Comment
Frequency & Costs of DNS-Based Attacks Soar
5/16/2018The average cost of a DNS attack in the US has climbed 57% over the last year to $654,000 in 2018, a survey from EfficientIP shows.
Post a Comment
Kaspersky Lab to Move Some Core Operations to Switzerland
5/15/2018Most customer data storage and processing, software assembly, and threat detection updates will be based in Zurich.
Post a Comment
Shadow IoT Devices Pose a Growing Problem for Organizations
5/14/2018An Infoblox survey shows many companies have thousands of non-business Internet of Things devices connecting to their network daily.
Post a Comment
Proofpoint Sounds Warning on Vega Stealer Targeted Data Theft Campaign
5/11/2018Marketing, PR, and advertising firms are among those being targeted.
Post a Comment
Author of TreasureHunter PoS Malware Releases Its Source Code
5/10/2018Leak gives threat actors a way to build newer, nastier versions of the point-of-sale malware, Flashpoint says.
Post a Comment
SynAck Ransomware Gets Dangerous 'Doppleganging' Feature
5/7/2018New Process Doppelganging, obfuscation features makes the malware much harder to spot and stop.
Post a Comment
Report: China's Intelligence Apparatus Linked to Previously Unconnected Threat Groups
5/4/2018Multiple groups operating under the China state-sponsored Winnti umbrella have been targeting organizations in the US, Japan, and elsewhere, says ProtectWise.
Post a Comment
No Computing Device Too Small For Cryptojacking
5/3/2018Research by Trend Micro shows IoT and almost all connected devices are targets for illegal cryptocurrency mining.
Post a Comment
Password Reuse Abounds, New Survey Shows
5/1/2018Despite heightened awareness of the security implications many users still continue to reuse passwords and rarely if ever change them, a LogMeIn survey shows.
Post a Comment
Speed at Which New Drupal Flaw Was Exploited Highlights Patching Challenges
4/30/2018In the rush to patch, organizations can create fresh problems for themselves.
Post a Comment
US Healthcare Firms Among Dozens Hit in 'Orangeworm' Cyberattack Campaign
4/26/2018Attackers target healthcare organizations in apparent data theft mission, but could do far more damage, according to Symantec researchers.
Post a Comment
Low-Cost Crimeware Kit Gaining Popularity in Underground Markets
4/25/2018At $150 for a three-month subscription, Rubella Malware Builder presents a threat to enterprises, Flashpoint says.
Post a Comment
Threat Actors Turn to Blockchain Infrastructure to Host & Hide Malicious Activity
4/23/2018.bit domains are increasingly being used to hide payloads, stolen data, and command and control servers, FireEye says.
Post a Comment
Majority of Men Think Women Have Equal Opportunity to Advance in Cybersecurity Career
4/17/2018Not so fast, say women.
Post a Comment
Cisco, ISARA to Test Hybrid Classic, Quantum-Safe Digital Certificates
4/13/2018Goal is to make it easier for organizations to handle the migration to quantum computing when it becomes available.
Post a Comment
Attackers Exploit Cisco Switch Issue as Vendor Warns of Yet Another Critical Flaw
4/9/2018Cisco says companies fixing previously known protocol issue should also patch against critical remote-code execution issue.
Post a Comment
Sears & Delta Airlines Are Latest Victims of Third-Party Security Breach
4/5/2018An insecure ecosystem of third parties connected to an enterprise network poses a growing risk, security analysts say.
Post a Comment
Four Gas Pipeline Firms Hit in Attack on Their EDI Service Provider
4/5/2018Attack a warning on vulnerabilities in energy networks, security analysts say.
Post a Comment
Criminals Targeting Magento Sites with Brute-Force Password Attacks
4/3/2018Flashpoint says it is aware of at least 1,000 sites using Magento's e-commerce platform that have been recently compromised.
Post a Comment
Microsoft Rushes Out Fix for Major Hole Caused by Previous Meltdown Patch
3/30/2018Issue affects Windows 7 x64 and Windows Server 2008 R2 x64 systems.
Post a Comment
University Networks Become Fertile Ground for Cryptomining
3/29/2018Sixty percent of cryptomining detections in a Vectra study occurred on higher-education networks.
Post a Comment
Attackers Shift From Adobe Flaws to Microsoft Products
3/27/2018Seven of the Top 10 most commonly exploited vulnerabilities in 2017 were Microsoft-related - not Adobe Flash as in years past, Recorded Future found.
Post a Comment
Leader of Cybercrime APT Behind $1.2 Billion in Bank Heists Arrested
3/26/2018The Carbanak group has caused more financial losses to financial institutions than any other cybercrime group since it surfaced in 2013.
Post a Comment
AMD Will Release Fixes for New Processor Flaws in a Few Weeks
3/23/2018Security firm that disclosed flaws accuses chipmaker of downplaying flaws; says timeline is overly optimistic.
Post a Comment
Criminals Using Web Injects to Steal Cryptocurrency
3/22/2018Man-in-the-browser attacks targeting Blockchain.info and Coinbase websites, SecurityScorecard says.
Post a Comment
7 Ways to Protect Against Cryptomining Attacks
3/22/2018Implementing basic security hygiene can go a long way in ensuring your systems and website don't get hijacked.
Post a Comment
Gartner Expects 2018 IoT Security Spending to Reach $1.5 Billion
3/21/2018Regulations, breach concerns will push spending to over $3 billion by 2021, analyst firm says.
Post a Comment
New Method Proposed for Secure Government Access to Encrypted Data
3/19/2018'Crumple Zones' in crypto mechanisms can make it possible — but astronomically expensive — to access encrypted data, say researchers from Boston University and Portland State University.
Post a Comment
Are DDoS Attacks Increasing or Decreasing? Depends on Whom You Ask
3/15/2018Details on DDoS trends can vary, depending on the reporting source.
Post a Comment
New Hosted Service Lowers Barriers to Malware Distribution
3/14/2018BlackTDS is a traffic distribution service for directing users to malware and exploit kits based on specific parameters.
Post a Comment
Malware Leveraging PowerShell Grew 432% in 2017
3/12/2018Cryptocurrency mining and ransomware were other major threats.
Post a Comment
China's Vulnerability Database Altered to Hide Govt. Influence
3/9/2018Recorded Future says move designed to hide fact that CNNVD routinely delays publication of high-risk flaws so government can assess them for offensive use.
Post a Comment
North Korea Threat Group Targeting Turkish Financial Orgs
3/8/2018Hidden Cobra appears to be collecting information for a later strike, McAfee says.
Post a Comment
Intel SGX Can Be Used to Hide, Execute Malware
3/7/2018The microprocessor giant's Software Guard Extensions security feature can be abused to implement virtually undetectable malware, Graz University researchers say.
Post a Comment
Design Weakness in Microsoft CFG Allows Complete Bypass
3/6/2018Researchers from Italy's University of Padua will demo a new technique to evade Control Flow Guard, the widely deployed security mechanism, at Black Hat Asia.
Post a Comment
Insider Threat Seriously Undermining Healthcare Cybersecurity
3/5/2018Two separate reports suggest insiders — of the malicious and careless variety — pose more of a problem in healthcare than any other sector.
Post a Comment
Number of Sites Hosting Cryptocurrency Miners Surges 725% in 4 Months
3/1/2018The dramatic increase in cryptocurrency prices, especially for Monero, is behind the sudden explosive growth, says Cyren.
Post a Comment
New Android Malware Family Highlights Evolving Mobile Threat Capabilities
2/28/2018RedDrop can steal data, record audio, and rack up SMS charges for victims, says Wandera.
Post a Comment
Memcached Servers Being Exploited in Huge DDoS Attacks
2/27/2018Multiple vendors this week say they have seen a recent spike in UDP attacks coming in via port 11211.
Post a Comment
Threats from Mobile Ransomware & Banking Malware Are Growing
2/26/2018The number of unique mobile malware samples increased sharply in 2017 compared to a year ago, according to Trend Micro.
Post a Comment
'OMG': New Mirai Variant Converts IoT Devices into Proxy Servers
2/23/2018The new malware also can turn bots into DDoS attack machines, says Fortinet.
Post a Comment
Criminals Obtain Code-Signing Certificates Using Stolen Corporate IDs
2/22/2018The certificates are available on demand at prices ranging from $299 to $1,599, says Recorded Future.
Post a Comment
Global Cybercrime Costs Top $600 Billion
2/21/2018More than 50% of attacks result in damages of over $500K, two reports show.
Post a Comment
7 Cryptominers & Cryptomining Botnets You Can't Ignore
2/21/2018Cryptominers have emerged as a major threat to organizations worldwide. Here are seven you cannot afford to ignore.
Post a Comment
Cybercrime Gang Ramps up Ransomware Campaign
2/15/2018In the last few weeks, Gold Lowell group has collected over $350K after infecting victims with SamSam crypto malware, researchers at Secureworks found.
Post a Comment
Attackers Use Infected Plug-In to Install Cryptomining Tool on Over 4200 Websites
2/12/2018Victims include UK's ICO, and National Health Service and USCourts.gov.
Post a Comment
New POS Malware Steals Data via DNS Traffic
2/8/2018UDPoS is disguised to appear like a LogMeIn service pack, Forcepoint says.
Post a Comment
US, International Law Enforcement Shut Down Massive Cybercrime Marketplace
2/7/2018The Infraud Organization was responsible for over $500 million in losses to institutions and individuals worldwide, the US Department of Justice says.
Post a Comment
Uber's Response to 2016 Data Breach Was 'Legally Reprehensible,' Lawmaker Says
2/6/2018In Senate hearing, Uber CISO admits company messed up in not quickly disclosing breach that exposed data on 57 million people.
Post a Comment
Abusing X.509 Digital Certificates for Covert Data Exchange
2/5/2018Newly discovered hack would allow attackers to send data between two systems during TLS negotiation, researchers say.
Post a Comment
7 Ways to Maximize Your Security Dollars
2/5/2018Budget and resource constraints can make it hard for you to meet security requirements, but there are ways you can stretch your budget.
Post a Comment
Crypto-Mining Attacks Emerge as the New Big Threat to Enterprises
2/1/2018Attackers looking to hijack systems for illegally mining digital currencies have begun eyeing business systems, security vendors say.
Post a Comment
Phishing Campaign Underscores Threat from Low Budget, Low Skilled Attackers
1/30/2018For just over $1,000, a phishing operation successfully spied on members of the Tibetan community for 19 months, Toronto University's Citizen Lab found.
Post a Comment
Thieves Target ATMs In First US 'Jackpotting' Attacks
1/29/2018Attackers have been getting ATMs to illegally dispense cash by tampering with their internal electronics, US Secret Service warns.
Post a Comment
Dutch Intel Agency Reportedly Helped US Attribute DNC Hack to Russia
1/26/2018The General Intelligence and Security Service of the Netherlands broke into Cozy Bear's network in 2014 and spotted the group launching attacks, de Volkskrant says.
Post a Comment
This Year's Pwn2Own Hackfest Will Offer Up to $2 Million in Rewards
1/25/2018Microsoft is a partner at annual contest for the first time.
Post a Comment
Ransomware Actors Cut Loose on Health Care Organizations
1/24/2018An attack on Allscripts last week that knocked out EHR services to 1,500 clients is the third reported incident just this month.
Post a Comment
Dark Caracal Campaign Breaks New Ground with Focus on Mobile Devices
1/23/2018This is the first known global-scale campaign primarily focused on stealing data from Android devices, Lookout and EFF say.
Post a Comment
Satori Botnet Malware Now Can Infect Even More IoT Devices
1/22/2018Latest version targets systems running ARC processors.
Post a Comment
Kaspersky Lab Seeks Injunction Against US Government Ban
1/19/2018Revenues and reputation have taken a hit in the wake of the US Department of Homeland Security's decision to prohibit use of its products and services by the feds, the company says.
Post a Comment
Rogue Chrome, Firefox Extensions Hijack Browsers; Prevent Easy Removal
1/18/2018Malwarebytes describes malicious extensions as 'one of a kind'
Post a Comment
Threats from Russia, North Korea Loom as Geopolitics Spills into Cyber Realm
1/17/2018Threat actors from both nations ramped up their activities sharply in 2017, Flashpoint says in a new threat intelligence report.
Post a Comment
Kaspersky Lab Warns of Extremely Sophisticated Android Spyware Tool
1/16/2018Skygofree appears to have been developed for lawful intercept, offensive surveillance purposes.
Post a Comment
Survey Suggests Many Are Still Waiting for Spectre, Meltdown Windows Updates
1/11/2018Microsoft's insistence on a specific registry key setting for offering the updates on systems appears to be the issue, security vendor Barkly says.
Post a Comment
Cisco Adds Encrypted Traffic Analysis Function
1/10/2018New Encrypted Traffic Analytics is designed to help enterprises inspect encrypted traffic for malicious activity without having to decrypt it first.
Post a Comment
Turla Cyberespionage Gang Employs Adobe Flash Installer
1/9/2018In recent data theft campaigns, the APT group has been downloading malware from what appears to be legitimate Adobe URLs and IP addresses, ESET says.
Post a Comment
New Cryptocurrency Mining Malware Has Links to North Korea
1/8/2018A malware tool for stealthily installing software that mines the Monero virtual currency looks like the handiwork of North Korean threat actors, AlienVault says.
Post a Comment
Vendors Rush to Issue Security Updates for Meltdown, Spectre Flaws
1/4/2018Apple says all Mac and iOS systems are affected by new side-channel attack vulnerabilities.
Post a Comment
Open Source Components, Code Volume Drag Down Web App Security
1/3/2018The number of new Web application vulnerabilities published last year was 212% greater than the number disclosed in 2016, Imperva says in a new report this week.
Post a Comment
Hackers Who Disabled Police Cameras Prior to Trump Inauguration Left Trail of Clues
1/2/2018Romanian police last month arrested Mihai Isvanca, and Eveline Cismaru for allegedly breaking into 123 computers controlling surveillance cameras at DC's police department in 2017.
Post a Comment
Hit the Cyber Underground for the Hottest Travel Deals
12/22/2017You can get everything from inexpensive flights and hotels to fake passports in the cyber underground, says Trend Micro.
Post a Comment
Russia's Fancy Bear APT Group Gets More Dangerous
12/21/2017Encryption and code refreshes to group's main attack tool have made it stealthier and harder to stop, ESET says.
Post a Comment
Attack Attribution Tricky Say Some as US Blames North Korea for WannaCry
12/20/2017There's not enough evidence to conclusively tie the rogue regime to the ransomware attacks, some security experts say.
Post a Comment
Another Cyberattack Spotted Targeting Mideast Critical Infrastructure Organizations
12/19/2017Operation Copperfield appears focused on data theft and reconnaissance, Nyotron says.
Post a Comment
TRITON Attacker Disrupts ICS Operations, While Botching Attempt to Cause Physical Damage
12/14/2017TRITON malware is discovered after an attack on a safety monitoring system accidentally triggered the shutdown of an industrial process at an undisclosed organization.
Post a Comment
Former Rutgers Student, Two Others Plead Guilty to Operating Mirai Botnet
12/13/2017Trio faces up to five years in federal prison and fines of up to $250,000
Post a Comment
Security Compliance: The Less You Spend the More You Pay
12/12/2017The costs of complying with data protection requirements are steep, but the costs of non-compliance are even higher, a new study shows.
Post a Comment
Russian-Speaking 'MoneyTaker' Group Helps Itself to Millions from US Banks
12/11/2017Banks in Latin America appear to be next big target, Group-IB says.
Post a Comment
Conficker: The Worm That Won't Die
12/7/2017More than nine years after it infected millions of systems worldwide, the malware continues to be highly active, according to a Trend Micro report.
Post a Comment
NIST Releases New Cybersecurity Framework Draft
12/6/2017Updated version includes changes to some existing guidelines - and adds some new ones.
Post a Comment
Bitcoin Sites Become Hot Targets for DDoS Attacks
12/5/2017The Bitcoin industry is now one of the top 10 most-targeted industries for DDoS campaigns. Price manipulation could be one goal, Imperva says.
Post a Comment
NSA Employee Pleads Guilty to Illegally Retaining National Defense Secrets
12/4/2017Nghia Hoang Pho faces up to eight years in prison for removing highly classified NSA data from workplace and storing it at home.
Post a Comment
Developers Can Do More to Up Their Security Game: Report
11/28/2017Developers can play a vital role in accelerating the adoption of AppSec practices, security vendor says.
Post a Comment
New OWASP Top 10 List Includes Three New Web Vulns
11/21/2017But dropping cross-site request forgeries from list is a mistake, some analysts say.
Post a Comment
White Papers
Video
0 Comments
Current Issue
Flash Poll
The State of IT and Cybersecurity
IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-12557
PUBLISHED: 2018-06-19
PUBLISHED: 2018-06-19
PUBLISHED: 2018-06-19
PUBLISHED: 2018-06-19
PUBLISHED: 2018-06-19
From DHS/US-CERT's National Vulnerability Database CVE-2018-12557
PUBLISHED: 2018-06-19
An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable (e.g., with_items), the contents of the loop items would be printed in the console. This could ...
CVE-2018-12559PUBLISHED: 2018-06-19
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere (e.g., outside of the /home directory tree) by passing directory traversal sequ...
CVE-2018-12560PUBLISHED: 2018-06-19
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring.
CVE-2018-12561PUBLISHED: 2018-06-19
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file_mode= by manipulating (for example) the domain parameter of the samba URL.
CVE-2018-12562PUBLISHED: 2018-06-19
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards (such as in an injected string:/home/../tmp/* string).
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This