High Stress Levels Impacting CISOs Physically, Mentally
2/14/2019Some have even turned to alcohol and medication to cope with pressure.
Post a Comment
Author
Profile of Jai Vijayan
Freelance writer News & Commentary Posts: 666Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics including Big Data, Hadoop, Internet of Things, E-voting and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, IL.
Articles by Jai Vijayan
Some have even turned to alcohol and medication to cope with pressure.
Post a Comment
2018 Was Second-Most Active Year for Data Breaches
2/13/2019Hacking by external actors caused most breaches, but Web intrusions and exposures compromised more records, according to Risk Based Security.
Post a Comment
Devastating Cyberattack on Email Provider Destroys 18 Years of Data
2/12/2019All data belonging to US users—including backup copies—have been deleted in catastrophe, VMEmail says.
Post a Comment
Experian: US Suffers the Most Online Fraud
2/11/2019New data from the credit reporting firm shows the sheer scale of online activity in the US also has made businesses and consumers there prime targets.
Post a Comment
US Law Enforcement Busts Romanian Online Crime Operation
2/8/2019Twelve members of 20-person group extradited to US to face charges related to theft of millions via fake ads other scams.
Post a Comment
Ransomware Attack Via MSP Locks Customers Out of Systems
2/7/2019Vulnerable plugin for a remote management tool gave attackers a way to encrypt systems belonging to all customers of a US-based MSP.
Post a Comment
Some Airline Flight Online Check-in Links Expose Passenger Data
2/6/2019Several airlines send unencrypted links to passengers for flight check-in that could be intercepted by attackers to view passenger and other data, researchers found.
Post a Comment
7 Tips for Communicating with the Board
2/6/2019The key? Rather than getting bogged down in the technical details, focus on how a security program is addressing business risk.
Post a Comment
Cybercriminals Exploit Gmail Feature to Scale Up Attacks
2/5/2019Criminals are taking advantage of Gmail's 'dots don't matter' feature to set up multiple fraudulent accounts on websites, using variations of the same email address, Agari says.
Post a Comment
Massive DDoS Attack Generates 500 Million Packets per Second
1/30/2019January 10 torrent involved nearly four times as many packets as last year's huge attack on GitHub, says Imperva.
Post a Comment
Microsoft Exchange Vuln Enables Attackers to Gain Domain Admin Privileges
1/29/2019Anyone with access to an Exchange mailbox can take control of domain, security researcher says.
Post a Comment
US Law Enforcement Shuts Down Massive Marketplace for Compromised Servers
1/28/2019At its peak, xDedic listed over 70,000 owned servers that buyers could purchase for prices starting as low as $6 each.
Post a Comment
Database of 24 Million Mortgage, Loan Records Left Exposed Online
1/24/2019Breach latest example of how misconfigurations, human errors undermine security in a big way, experts say.
Post a Comment
'Anatova' Emerges as Potentially Major New Ransomware Threat
1/23/2019Modular design, ability to infect network shares make the malware dangerous, McAfee says.
Post a Comment
Stealthy New DDoS Attacks Target Internet Service Providers
1/22/2019Adversaries took advantage of the large attack surface of large communications networks to spread small volumes of junk traffic across hundreds of IP prefixes in Q3 2018, Nexusguard says.
Post a Comment
VC Investments in Cybersecurity Hit Record Highs in 2018
1/18/2019But rate of funding appears unsustainable, according to Strategic Cyber Ventures.
Post a Comment
773 Million Email Addresses, 21 Million Passwords For Sale on Hacker Forum
1/17/2019Data appears to be from multiple breaches over past few years, says researcher who discovered it.
Post a Comment
BEC Groups Ramp Up Payroll Diversion Attacks
1/16/2019Criminals are increasingly trying to defraud businesses by diverting payrolls of CEOs, other senior executives, Agari says.
Post a Comment
Cryptomining Continues to Be Top Malware Threat
1/14/2019Tools for illegally mining Coinhive, Monero, and other cryptocurrency dominate list of most prevalent malware in December 2018.
Post a Comment
DNS Hijacking Campaign Targets Organizations Globally
1/10/2019A group believed to be operating out of Iran has manipulated DNS records belonging to dozens of firms in an apparent cyber espionage campaign, FireEye says.
Post a Comment
Kaspersky Lab Helped US Nab NSA Data Thief: Report
1/9/2019But this new development unlikely to do much to clear government suspicions about security vendor's ties to Russian intelligence, analyst says.
Post a Comment
20-Year-Old Student Admits to Massive Data Leak in Germany
1/8/2019Hack was not politically motivated; no sign of third-party involvement, authorities say.
Post a Comment
Data on Hundreds of German Politicians Published Online in Massive Compromise
1/4/2019Authorities are investigating if breach resulted from a leak or a cyberattack.
Post a Comment
Ex-NSA Contractor Was a Suspect In Shadow Brokers Leak
1/2/2019New court document shows law enforcement suspected possible involvement of Harold Martin in Shadow Brokers' release of classified NSA hacking tools.
Post a Comment
APT10 Indictments Show Expansion of MSP Targeting, Cloud Hopper Campaign
12/21/2018US brings more indictments against the APT10 cyber espionage group operating in China for its Operation Cloud Hopper campaign against managed service providers, but what will those indictments accomplish?
Post a Comment
NASA Investigating Breach That Exposed PII on Employees, Ex-Workers
12/19/2018Incident is latest manifestation of continuing security challenges at agency, where over 3,000 security incidents have been reported in recent years.
Post a Comment
Memes on Twitter Used to Communicate With Malware
12/18/2018Steganography via tweet images gave attackers a way to pass on malicious instructions to Trojan, researchers say.
Post a Comment
Disk-Wiping 'Shamoon' Malware Resurfaces With File-Erasing Malware in Tow
12/17/2018As with previous attacks, organizations in the Middle East appear to be main targets, Symantec says.
Post a Comment
Despite Breaches, Many Organizations Struggle to Quantify Cyber-Risks to Business
12/13/2018Enterprises are struggling with familiar old security challenges as a result, new survey shows.
Post a Comment
U.S. Defense, Critical Infrastructure Companies Targeted in New Threat Campaign
12/12/2018McAfee finds malware associated with 'Operation Sharpshooter' on systems belonging to at least 87 organizations.
Post a Comment
Attackers Using New Exploit Kit to Hijack Home & Small Office Routers
12/11/2018Goal is to steal banking credentials by redirecting users to phishing sites.
Post a Comment
Satan Ransomware Variant Exploits 10 Server-Side Flaws
12/10/2018Windows, Linux systems vulnerable to self-propagating 'Lucky' malware, security researchers say.
Post a Comment
Criminals Use Locally Connected Devices to Attack, Loot Banks
12/7/2018Tens of millions of dollars stolen from at least eight banks in East Europe, Kasperksy Lab says.
Post a Comment
7 Common Breach Disclosure Mistakes
12/6/2018How you report a data breach can have a big impact on its fallout.
Post a Comment
Symantec Intros USB Scanning Tool for ICS Operators
12/5/2018ICSP Neural is designed to address USB-borne malware threats.
Post a Comment
Overall Volume of Thanksgiving Weekend Malware Attacks Lower This Year
11/29/2018But ransomware attacks go through the roof, new threat data from SonicWall shows.
Post a Comment
Dell Forces Password Reset for Online Customers Following Data Breach
11/29/2018Move prompts questions about scope of intrusion and strength of company's password hashing.
Post a Comment
Incorrect Assessments of Data Value Putting Organizations at Risk
11/28/2018Information security groups often underestimate or overestimate the true value of data assets, making it harder to prioritize controls.
Post a Comment
New Hacker Group Behind 'DNSpionage' Attacks in Middle East
11/27/2018Motives are not fully clear, though data exfiltration is one possibility, Cisco Talos says.
Post a Comment
Mirai Evolves From IoT Devices to Linux Servers
11/21/2018Netscout says it has observed at least one dozen Mirai variants attempting to exploit a recently disclosed flaw in Hadoop YARN on Intel servers.
Post a Comment
Russia Linked Group Resurfaces With Large-Scale Phishing Campaign
11/20/2018APT29/Cozy Bear is targeting individuals in military, government, and other sectors via email purporting to be from US State Department.
Post a Comment
Securities Markets at High Risk of Cyberattack
11/19/2018A report by BAE Systems and SWIFT shows that financial market areas such as equities trading, bonds, and derivatives face more threats than banking, forex, and trade finance.
Post a Comment
Congress Passes Bill to Create New Federal Cybersecurity Agency
11/15/2018Cybersecurity and Infrastructure Security Agency Act now headed to President Trump for signing into law.
Post a Comment
Small-Time Cybercriminals Landing Steady Low Blows
11/14/2018High-end crime groups are acquiring the sorts of sophisticated capabilities only nation-states once had, while low-tier criminals maintain a steady stream of malicious activity, from cryptomining to PoS malware.
Post a Comment
2018 on Track to Be One of the Worst Ever for Data Breaches
11/12/2018A total of 3,676 breaches involving over 3.6 billion records were reported in the first nine months of this year alone.
Post a Comment
Symantec Uncovers North Korean Group's ATM Attack Malware
11/8/2018Lazarus Group has been using FastCash Trojan on obsolete AIX servers to empty tens of millions of dollars from ATMs.
Post a Comment
Crytpocurrency Exchange Targeted Via Attack on Web Traffic Analysis Firm
11/7/2018"Island-hopping" attackers breached StatCounter so they could get to users of gate.io.
Post a Comment
20 Cybersecurity Firms to Watch
11/7/2018A look at some of the more interesting investments, acquisitions, and strategic moves in the security sector over the past year.
Post a Comment
Critical Encryption Bypass Flaws in Popular SSDs Compromise Data Security
11/6/2018Vulnerabilities in Samsung, Crucial storage devices enable data recovery without a password or decryption key, researchers reveal.
Post a Comment
Ex-Employees Allegedly Steal Micron Trade Secrets Valued At Over $400 Million
11/2/2018Three individuals who worked for DRAM maker's Taiwan subsidiary stole Micron IP to benefit company controlled by China's government, US says in indictment.
Post a Comment
Destructive Cyberattacks Spiked in Q3
10/30/2018Instead of simply fleeing when discovered, adversaries are actively engaging with incident response teams, a new Carbon Black study finds.
Post a Comment
Security Implications of IBM-Red Hat Merger Unclear
10/29/2018But enterprises and open source community likely have little to be concerned about, industry experts say.
Post a Comment
County Election Websites Can Be Easily Spoofed to Spread Misinformation
10/25/2018Majority of county sites in 20 key swing states have non-.gov domains and don't enforce use of SSL, McAfee researchers found.
Post a Comment
ICS Networks Continue to be Soft Targets For Cyberattacks
10/24/2018CyberX study shows that many industrial control system environments are riddled with vulnerabilities.
Post a Comment
Russian Research Institute Was Actively Involved In TRITON ICS Attack Activity
10/23/2018Data shows with a high degree of confidence that Moscow-based Central Scientific Research Institute of Chemistry and Mechanics helped develop and refine malware, FireEye says.
Post a Comment
Facebook Rumored to Be Hunting for Major Cybersecurity Acquisition
10/22/2018Goal appears both a bid to bolster its own security and its tattered reputation for privacy, according to reporting by The Information.
Post a Comment
Cyber Espionage Campaign Reuses Code from China's APT1
10/18/2018US, Canadian organizations in crosshairs of group with apparent links to a Chinese military hacking unit that wreaked havoc several years ago.
Post a Comment
3 Years After Attacks on Ukraine Power Grid, BlackEnergy Successor Poses Growing Threat
10/17/2018In what could be a precursor to future attacks, GreyEnergy is targeting critical infrastructure organizations in Central and Eastern Europe.
Post a Comment
FICO & US Chamber of Commerce Score Cyber-Risk Across 10 Sectors
10/16/2018Media, telecom, and technology firms are far more likely to experience a data breach in the near future than organizations in sectors including energy, construction, and transportation.
Post a Comment
Chinese Intelligence Officer Under Arrest for Trade Secret Theft
10/11/2018Yanjun Xu attempted to steal data on advanced aviation technology that GE Aviation, among others, had spent billions developing.
Post a Comment
New Threat Group Conducts Malwareless Cyber Espionage
10/10/2018Gallmaker group is relying exclusively on legitimate tools and living-off-the-land tactics to make detection very difficult.
Post a Comment
Lesser Skilled Cybercriminals Adopt Nation-State Hacking Methods
10/9/2018The trend underscores the need for organizations of all sizes to be prepared to detect and respond to threats faster, CrowdStrike says.
Post a Comment
US Indicts 7 Russian Intel Officers for Hacking Anti-Doping Organizations
10/4/2018Netherlands expels four of the suspects trying to break into an organization investigating a chemical used in the recent attack on a former Russian spy in Britain.
Post a Comment
Malware Outbreak Causes Disruptions, Closures at Canadian Restaurant Chain
10/3/2018But Recipe Unlimited denies it was the victim of a ransomware attack, as some have reported.
Post a Comment
100,000-Plus Home Routers Hijacked in Campaign to Steal Banking Credentials
10/3/2018The GhostDNS campaign, which has been mainly targeting consumers in Brazil, has exploded in scope since August.
Post a Comment
Financial Sector Data Breaches Soar Despite Heavy Security Spending
10/2/2018Banks and other financial firms have disclosed three times as many breaches so far this year than they did in 2016, Bitglass says.
Post a Comment
'Torii' Breaks New Ground For IoT Malware
9/28/2018Stealth, persistence mechanism and ability to infect a wide swath of devices make malware dangerous and very different from the usual Mirai knockoffs, Avast says.
Post a Comment
Russia's Sednit Deploys First Firmware-Level Rootkit in the Wild
9/27/2018The advanced persistent threat group's LoJax can install malware capable of surviving both OS reinstallation and hard disk replacement.
Post a Comment
Google to Let Users Disable Automatic Login to Chrome
9/27/2018The decision comes days after security researcher had blasted company for jeopardizing user privacy with browser update.
Post a Comment
Critical Linux Kernel Flaw Gives Root Access to Attackers
9/26/2018All versions of Red Hat Enterprise Linux, CentOS vulnerable to 'Mutagen Astronomy' flaw, according to Qualys.
Post a Comment
Mirai Authors Escape Jail Time – But Here Are 7 Other Criminal Hackers Who Didn't
9/26/2018Courts are getting tougher on the cybercrooks than some might realize.
Post a Comment
In Quiet Change, Google Now Automatically Logging Users Into Chrome
9/24/2018The change is a complete departure from Google's previous practice of keeping sign-in for Chrome separate from sign-ins to any Google service.
Post a Comment
Retail Sector Second-Worst Performer on Application Security
9/20/2018A "point-in-time" approach to PCI compliance could be one reason why so many retailers appear to be having a hard time.
Post a Comment
Internet-Connected CCTV Cameras Vulnerable to 'Peekaboo' Hack
9/18/2018Zero-day flaw in China-based NUUO's video recorder technology still unfixed three months after vendor was alerted.
Post a Comment
New Xbash Malware a Cocktail of Malicious Functions
9/17/2018The new malware tool targeting Windows and Linux systems combines cryptomining, ransomware, botnet, and self-propagation capabilities.
Post a Comment
2 Billion Bluetooth Devices Remain Exposed to Airborne Attack Vulnerabilities
9/13/2018One year after Armis disclosed 'BlueBorne,' a large number of Android, Linux, and iOS devices remain unpatched.
Post a Comment
Creators of Tools for Building Malicious Office Docs Ditch Old Exploits
9/12/2018In their place is a collection of new exploits for more recently disclosed — and therefore not likely widely patched — vulnerabilities.
Post a Comment
Apple (Finally) Removes MacOS App Caught Stealing User Browser Histories
9/7/2018The fact that the app likely has been exfiltrating data for years is "rather f#@&'d" up, says the security researcher who reported the issue to Apple one month ago.
Post a Comment
The Best Way To Secure US Elections? Paper Ballots
9/6/2018Voting machines that do not provide a paper trail or cannot be independently audited should immediately be removed, concludes a new report from the National Academies of Sciences, Engineering, and Medicine.
Post a Comment
Silence Group Quietly Emerges as New Threat to Banks
9/5/2018Though only two members strong, hackers pose a credible threat to banks in Russia and multiple countries.
Post a Comment
Attackers Employ Social Engineering to Distribute New Banking Trojan
9/4/2018CamuBot malware, which disguises itself as a required security module, is targeting business customers of major Brazilian banks.
Post a Comment
Botnets Serving Up More Multipurpose Malware
8/30/2018Attackers increasingly are distributing malware that can be used for a variety of different tasks, Kaspersky Lab says.
Post a Comment
North Korean Hacking Group Steals $13.5 Million From Indian Bank
8/27/2018Tactics that Lazarus Group used to siphon money from India's Cosmos Bank were highly sophisticated, Securonix says.
Post a Comment
Modular Downloaders Could Pose New Threat for Enterprises
8/24/2018Proofpoint says it has recently discovered two downloaders that let attackers modify malware after it has been installed on a system.
Post a Comment
Turla Threat Group Uses Email PDF Attachments to Control Stealthy Backdoor
8/23/2018The Russian-speaking group's latest tactic is the only known case of malware that's completely controllable via email, researchers at ESET say.
Post a Comment
Wickr Adds New Censorship Circumvention Feature to its Encrypted App
8/23/2018Secure Open Access addresses void created by Google, Amazon decision to disallow domain fronting, company says.
Post a Comment
Attackers Using 'Legitimate' Remote Admin Tool in Multiple Threat Campaigns
8/22/2018Researchers from Cisco Talos say Breaking Security's Remcos software allows attackers to fully control and monitor any Windows system from XP onward.
Post a Comment
Oracle: Apply Out-of-Band Patch for Database Flaw ASAP
8/14/2018Flaw in the Java VM component of Oracle's Database Server is easily exploitable, security experts warn.
Post a Comment
Vulnerability Disclosures in 2018 So Far Outpacing Previous Years'
8/13/2018Nearly 17% of 10,644 vulnerabilities disclosed so far this year have been critical, according to new report from Risk Based Security.
Post a Comment
Vulnerable Smart City Devices Can Be Exploited To Cause Panic, Chaos
8/10/2018False alerts about floods, radiation levels are just some of the ways attackers can abuse weakly protected IoT devices, researchers warn.
Post a Comment
Weakness in WhatsApp Enables Large-Scale Social Engineering
8/9/2018Problem lies in WhatsApp's validation of message parameters and cannot be currently mitigated, Check Point researchers say.
Post a Comment
Even 'Regular Cybercriminals' Are After ICS Networks
8/7/2018A Cybereason honeypot project shows that ordinary cybercriminals are also targeting weakly secured environments.
Post a Comment
Industrial Sector Targeted in Highly Personalized Spear-Phishing Campaign
8/2/2018At least 400 companies in Russia have been in the bullseye of new, sophisticated spear-phishing attacks, Kaspersky Lab says.
Post a Comment
Feds Indict Three Ukrainians For Cyberattacks on 100+ Companies
8/1/2018Dmytro Fedorov, Fedir Hladyr, and Andrii Kolpakov are senior members of the notorious FIN7 cybercrime group, aka the Carbanak Group.
Post a Comment
DHS Establishes Center For Defense of Critical Infrastructure
7/31/2018Center foundational to new government-led 'collective defense' strategy for sharing and responding to cyberthreats, DHS secretary says.
Post a Comment
Russian National Sentenced to 70 Months For $4 Million Debit Card Fraud
7/30/2018Mikhail Malykhin's actions drove one company out business.
Post a Comment
Kronos Banking Trojan Resurfaces
7/26/2018Re-emergence of malware consistent with overall surge in banking malware activity this year, Proofpoint says.
Post a Comment
Iranian Hacker Group Waging Widespread Espionage Campaign in Middle East
7/25/2018Unlike other threat actors that have a narrow set of targets, Leafminer has over 800 organizations in its sights, Symantec says.
Post a Comment
Trend Micro Launches Targeted Server-Side Bug Bounty Program
7/24/2018Targeted Incentive Program will pay anywhere from $25,000 to $200,000 to researchers who are first to demonstrate exploitable vulnerabilities.
Post a Comment
Singapore Health Services Data Breach Exposes Info on 1.5 Million People
7/20/2018Attackers, repeatedly and specifically, targeted Singapore Prime Minister Lee Hsien Loong's medication data.
Post a Comment
White Papers
Video
10 Comments
Current Issue
5 Emerging Cyber Threats to Watch for in 2019Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2019-8360
PUBLISHED: 2019-02-16
PUBLISHED: 2019-02-16
PUBLISHED: 2019-02-16
PUBLISHED: 2019-02-16
PUBLISHED: 2019-02-16
From DHS/US-CERT's National Vulnerability Database CVE-2019-8360
PUBLISHED: 2019-02-16
Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php cate parameter.
CVE-2019-8361PUBLISHED: 2019-02-16
PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection.
CVE-2019-8362PUBLISHED: 2019-02-16
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" (because input validation only checks that .jpg, .png, o...
CVE-2019-8363PUBLISHED: 2019-02-16
Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value.
CVE-2019-8358PUBLISHED: 2019-02-16
In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This