Profile of Jai Vijayan

Contributing Writer News & Commentary Posts: 723

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics including Big Data, Hadoop, Internet of Things, E-voting and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, IL.

BlueKeep RDP Vulnerability a Ticking Time Bomb

6/13/2019
One month after Microsoft disclosed the flaw, nearly 1 million systems remain unpatched, and Internet scans looking for vulnerable systems have begun increasing.
Post a Comment

SQL Injection Attacks Represent Two-Third of All Web App Attacks

6/13/2019
When Local File Inclusion attacks are counted, nearly nine in 10 attacks are related to input validation failures, Akamai report shows.
Post a Comment

Cross-Site Scripting Errors Continue to Be Most Common Web App Flaw

6/11/2019
In vulnerability disclosure programs, organizations are paying more in total for XSS issues than any other vulnerability type, HackerOne says.
Post a Comment

Huawei Represents Massive Supply Chain Risk: Report

6/10/2019
The Chinese technology giant's enormous product and service footprint gives it access to more data than almost any other single organization, Recorded Future says.
Post a Comment

Vietnam Rises as Cyberthreat

6/5/2019
The country's rapid economic growth and other factors are driving an increase in cybercrime and cyber espionage activity.
Post a Comment

Carbanak Attack: Two Hours to Total Compromise

6/4/2019
Investigation of the cybercrime group's attack on an East European bank shows how some attackers require very little time to broaden their access and establish persistence on a network.
Post a Comment

Zebrocy APT Group Expands Malware Arsenal with New Backdoor Family

6/3/2019
Group's constant experimentation and malware changes are complicating efforts for defenders, Kaspersky Lab says.
Post a Comment

7 Recent Wins Against Cybercrime

5/24/2019
The increasing number of successful law enforcement actions and prosecutions suggest that cybercriminals have plenty of reason to be looking over their shoulders.
Post a Comment

DDoS Attacks Up in Q1 After Months of Steady Decline

5/22/2019
Sudden surge suggests that new actors have stepped up to the plate to replace the old operators.
Post a Comment

New Trickbot Variant Uses URL Redirection to Spread

5/20/2019
Switch in tactic is the latest attempt by operators of the prolific banking Trojan to slip past detection mechanisms.
Post a Comment

Q1 2019 Smashes Record For Most Reported Vulnerabilities in a Quarter

5/17/2019
Once again, a high-proportion of the reported flaws have no current fix, according to Risk Based Security.
Post a Comment

US Charges Members of GozNym Cybercrime Gang

5/16/2019
The FBI and counterparts from other nations say group infected over 41,000 computers with malware that steals banking credentials.
Post a Comment

GDPR Drives Changes, but Privacy by Design Proves Elusive

5/15/2019
One year later, the EU mandate's biggest impact has been to focus more attention on data protection and privacy, security analysts say.
Post a Comment

Korean APT Adds Rare Bluetooth Device-Harvester Tool

5/13/2019
ScarCruft has evolved into a skilled and resourceful threat group, new research shows.
Post a Comment

Data Dump Purportedly Reveals Details on Previously Unknown Iranian Threat Group

5/9/2019
Rana targets airline companies and others in well-planned, well-researched attacks, Israel's ClearSky says.
Post a Comment

2018 Arrests Have Done Little to Stop Marauding Threat Group

5/8/2019
In fact, FIN7's activities only appear to have broadened, according to a new report.
Post a Comment

Orgs Are Quicker to Disclose Breaches Reported to Them Via External Sources

5/7/2019
Companies that find a breach on their own take substantially longer to report a breach, a new analysis shows.
Post a Comment

Attackers Add a New Spin to Old Scams

5/6/2019
Scammers are figuring out unique ways of abusing cloud services to make their attacks look more genuine, Netskope says.
Post a Comment

New Exploits For Old Configuration Issues Heighten Risk for SAP Customers

5/2/2019
Exploits give attackers a way to create havoc in business-critical SAP ERP, CRM, SCM, and other environments, Onapsis says.
Post a Comment

Digital Ad-Fraud Losses Decline

5/1/2019
Even so, more work remains to be done to address online ad fraud operations that cause billions of dollars in losses annually for advertisers.
Post a Comment

Financial Data for Multiple Companies Dumped Online in Failed Extortion Bid

4/30/2019
Potential victims reportedly include Oracle, Volkswagen, Airbus and Porsche.
Post a Comment

Docker Forces Password Reset for 190,000 Accounts After Breach

4/29/2019
Organizations impacted by breach, which gave attackers illegal access to a database containing sensitive account information, need to check their container images.
Post a Comment

Security Vulns in Microsoft Products Continue to Increase

4/25/2019
The good news: Removing admin privileges can mitigate most of them, a new study by BeyondTrust shows.
Post a Comment

TA505 Abusing Legit Remote Admin Tool in String of Attacks

4/24/2019
Russian-speaking threat group has been targeting retailers and financial institutions in the US and abroad via a spear-phishing campaign.
Post a Comment

Exploits for Adobe Vulnerabilities Spiked in 2018

4/23/2019
With Flash Player on way out, attackers are renewing their focus on Acrobat Reader, RiskSense found.
Post a Comment

Trojanized TeamViewer Used in Targeted Attacks Against Multiple Embassies

4/22/2019
Motive remains unclear though financial theft appears to be one possibility, Check Point Research says.
Post a Comment

6 Takeaways from Ransomware Attacks in Q1

4/18/2019
Customized, targeted ransomware attacks were all the rage.
Post a Comment

Nation-State Hacker Group Hijacking DNS to Redirect Email, Web Traffic

4/17/2019
'Sea Turtle' group has compromised at least 40 national security organizations in 13 countries so far, Cisco Talos says.
Post a Comment

7 Tips for an Effective Employee Security Awareness Program

4/17/2019
Breaches and compliance requirements have heightened the need for continuous and effective employee training, security experts say.
Post a Comment

Threat Group Exploits Chrome Bug to Serve Malicious Ads to iOS Users

4/16/2019
A new exploit developed by eGobbler is allowing it to distribute malvertisements–more than 500 million to date–at huge scale, Confiant says.
Post a Comment

Microsoft Downplays Scope of Email Attack

4/15/2019
An unknown attacker used a support agent's credentials to access email content belonging to some Outlook, Hotmail users.
Post a Comment

Majority of Hotel Websites Leak Guest Booking Info

4/10/2019
Third parties such as ad, search engine, and analytics firms often have access to guest name, address, phone numbers, credit cards and other data, Symantec says.
Post a Comment

Verizon Patches Trio of Vulnerabilities in Home Router

4/9/2019
One of the flaws gives attackers way to gain root access to devices, Tenable says.
Post a Comment

'Exodus' iOS Surveillance Software Masqueraded as Legit Apps

4/8/2019
Italian firm appears to have developed spyware for lawful intercept purposes, Lookout says.
Post a Comment

Threat Group Employs Amazon-Style Fulfillment Model to Distribute Malware

4/4/2019
The operators of the Necurs botnet are using a collection of US-based servers to send out banking Trojans, ransomware, and other malware on behalf of other cybercriminals.
Post a Comment

Focus on Business Priorities Exposing Companies to Avoidable Cyber-Risk

4/3/2019
Despite the growing sophistication of threats and increase compliance requirements, a high percentage of organizations are continuing to compromise their security.
Post a Comment

Nuanced Approach Needed to Deal With Huawei 5G Security Concerns

4/1/2019
Governments need to adopt strategic approach for dealing with concerns over telecom vendor's suspected ties to China's intelligence apparatus, NATO-affiliated body says.
Post a Comment

New Android Trojan Targets 100+ Banking Apps

3/28/2019
'Gustuff' also designed to steal from cryptocurrency wallets, payment services, e-commerce apps.
Post a Comment

6 Things To Know About the Ransomware That Hit Norsk Hydro

3/27/2019
In just one week, 'LockerGoga' has cost the Norwegian aluminum maker $40 million as it struggles to recover operations across Europe and North America.
Post a Comment

ASUS 'ShadowHammer' Attack Underscores Trusted Third-Party Risks

3/26/2019
Taiwanese computer maker says it has fixed issue that allowed attackers to distribute malware via company's automatic software update mechanism.
Post a Comment

Attackers Compromise ASUS Software Update Servers to Distribute Malware

3/25/2019
ShadowHammer campaign latest to highlight dangers of supply chain attacks.
Post a Comment

Criminals Use One Line of Code to Steal Card Data from E-Commerce Sites

3/14/2019
New JavaScript sniffer is similar to malware used in the Magecart campaign last year that affected over 800 sites.
Post a Comment

Enterprise Cloud Infrastructure a Big Target for Cryptomining Attacks

3/13/2019
Despite the declining values of cryptocurrencies, criminals continue to hammer away at container management platforms, cloud APIs, and control panels.
Post a Comment

Web Apps Are Becoming Less Secure

3/12/2019
Critical vulnerabilities in Web applications tripled in 2018, according to a new study.
Post a Comment

Cryptominers Remain Top Threat but Coinhive's Exit Could Change That

3/11/2019
Coinhive has remained on top of Check Point Software's global threat index for 15 straight months.
Post a Comment

Phishing Attacks Evolve as Detection & Response Capabilities Improve

3/7/2019
Social engineering scam continued to be preferred attack vector last year, but attackers were forced to adapt and change.
Post a Comment

New Threat Group Using Old Technique to Run Custom Malware

3/6/2019
Whitefly is exploiting DLL hijacking with considerable success against organizations since at least 2017, Symantec says.
Post a Comment

Word Bug Allows Attackers to Sneak Exploits Past Anti-Malware Defenses

3/5/2019
Problem lies in the manner in which Word handles integer overflow errors in OLE file format, Mimecast says.
Post a Comment

Organizations Taking Less Time to Detect Breaches

3/5/2019
But by the time they became aware, attackers have been on their networks for more than six months, new 2018 data shows.
Post a Comment

Bounty Hunters Find 100K+ Bugs Under HackerOne Program in 2018

3/4/2019
Organizations signed up with the vulnerability disclosure platform shelled out a record $19 million for bug discoveries in their systems.
Post a Comment

Turkish Group Using Phishing Emails to Hijack Popular Instagram Profiles

2/28/2019
In some cases, attackers have demanded ransom, nude photos/videos of victims in exchange for stolen account, Trend Micro says.
Post a Comment

More Than 22,000 Vulns Were Disclosed in 2018, 27% Without Fixes

2/27/2019
As in previous years, input validation vulnerabilities accounted for a substantial proportion of total, Risk Based Security report shows.
Post a Comment

Social Media Platforms Double as Major Malware Distribution Centers

2/26/2019
Because many organizations tend to overlook or underestimate the threat, social media sites, including Facebook, Twitter, and Instagram, are a huge blind spot in enterprise defenses.
Post a Comment

Researchers Propose New Approach to Address Online Password-Guessing Attacks

2/21/2019
Recommended best practices not effective against certain types of attacks, they say.
Post a Comment

Insurer Offers GDPR-Specific Coverage for SMBs

2/20/2019
Companies covered under the EU mandate can get policies for up to $10 million for fines, penalties, and other costs.
Post a Comment

North Korea's Lazarus Group Targets Russian Companies For First Time

2/19/2019
In an unusual development, the group known for its attacks against companies in countries viewed as geopolitical foes is now going after companies in a country considered an ally, Check Point Software says.
Post a Comment

High Stress Levels Impacting CISOs Physically, Mentally

2/14/2019
Some have even turned to alcohol and medication to cope with pressure.
Post a Comment

2018 Was Second-Most Active Year for Data Breaches

2/13/2019
Hacking by external actors caused most breaches, but Web intrusions and exposures compromised more records, according to Risk Based Security.
Post a Comment

Devastating Cyberattack on Email Provider Destroys 18 Years of Data

2/12/2019
All data belonging to US users—including backup copies—have been deleted in catastrophe, VFEmail says.
Post a Comment

Experian: US Suffers the Most Online Fraud

2/11/2019
New data from the credit reporting firm shows the sheer scale of online activity in the US also has made businesses and consumers there prime targets.
Post a Comment

US Law Enforcement Busts Romanian Online Crime Operation

2/8/2019
Twelve members of 20-person group extradited to US to face charges related to theft of millions via fake ads other scams.
Post a Comment

Ransomware Attack Via MSP Locks Customers Out of Systems

2/7/2019
Vulnerable plugin for a remote management tool gave attackers a way to encrypt systems belonging to all customers of a US-based MSP.
Post a Comment

Some Airline Flight Online Check-in Links Expose Passenger Data

2/6/2019
Several airlines send unencrypted links to passengers for flight check-in that could be intercepted by attackers to view passenger and other data, researchers found.
Post a Comment

7 Tips for Communicating with the Board

2/6/2019
The key? Rather than getting bogged down in the technical details, focus on how a security program is addressing business risk.
Post a Comment

Cybercriminals Exploit Gmail Feature to Scale Up Attacks

2/5/2019
Criminals are taking advantage of Gmail's 'dots don't matter' feature to set up multiple fraudulent accounts on websites, using variations of the same email address, Agari says.
Post a Comment

Massive DDoS Attack Generates 500 Million Packets per Second

1/30/2019
January 10 torrent involved nearly four times as many packets as last year's huge attack on GitHub, says Imperva.
Post a Comment

Microsoft Exchange Vuln Enables Attackers to Gain Domain Admin Privileges

1/29/2019
Anyone with access to an Exchange mailbox can take control of domain, security researcher says.
Post a Comment

US Law Enforcement Shuts Down Massive Marketplace for Compromised Servers

1/28/2019
At its peak, xDedic listed over 70,000 owned servers that buyers could purchase for prices starting as low as $6 each.
Post a Comment

Database of 24 Million Mortgage, Loan Records Left Exposed Online

1/24/2019
Breach latest example of how misconfigurations, human errors undermine security in a big way, experts say.
Post a Comment

'Anatova' Emerges as Potentially Major New Ransomware Threat

1/23/2019
Modular design, ability to infect network shares make the malware dangerous, McAfee says.
Post a Comment

Stealthy New DDoS Attacks Target Internet Service Providers

1/22/2019
Adversaries took advantage of the large attack surface of large communications networks to spread small volumes of junk traffic across hundreds of IP prefixes in Q3 2018, Nexusguard says.
Post a Comment

VC Investments in Cybersecurity Hit Record Highs in 2018

1/18/2019
But rate of funding appears unsustainable, according to Strategic Cyber Ventures.
Post a Comment

773 Million Email Addresses, 21 Million Passwords For Sale on Hacker Forum

1/17/2019
Data appears to be from multiple breaches over past few years, says researcher who discovered it.
Post a Comment

BEC Groups Ramp Up Payroll Diversion Attacks

1/16/2019
Criminals are increasingly trying to defraud businesses by diverting payrolls of CEOs, other senior executives, Agari says.
Post a Comment

Cryptomining Continues to Be Top Malware Threat

1/14/2019
Tools for illegally mining Coinhive, Monero, and other cryptocurrency dominate list of most prevalent malware in December 2018.
Post a Comment

DNS Hijacking Campaign Targets Organizations Globally

1/10/2019
A group believed to be operating out of Iran has manipulated DNS records belonging to dozens of firms in an apparent cyber espionage campaign, FireEye says.
Post a Comment

Kaspersky Lab Helped US Nab NSA Data Thief: Report

1/9/2019
But this new development unlikely to do much to clear government suspicions about security vendor's ties to Russian intelligence, analyst says.
Post a Comment

20-Year-Old Student Admits to Massive Data Leak in Germany

1/8/2019
Hack was not politically motivated; no sign of third-party involvement, authorities say.
Post a Comment

Data on Hundreds of German Politicians Published Online in Massive Compromise

1/4/2019
Authorities are investigating if breach resulted from a leak or a cyberattack.
Post a Comment

Ex-NSA Contractor Was a Suspect In Shadow Brokers Leak

1/2/2019
New court document shows law enforcement suspected possible involvement of Harold Martin in Shadow Brokers' release of classified NSA hacking tools.
Post a Comment

APT10 Indictments Show Expansion of MSP Targeting, Cloud Hopper Campaign

12/21/2018
US brings more indictments against the APT10 cyber espionage group operating in China for its Operation Cloud Hopper campaign against managed service providers, but what will those indictments accomplish?
Post a Comment

NASA Investigating Breach That Exposed PII on Employees, Ex-Workers

12/19/2018
Incident is latest manifestation of continuing security challenges at agency, where over 3,000 security incidents have been reported in recent years.
Post a Comment

Memes on Twitter Used to Communicate With Malware

12/18/2018
Steganography via tweet images gave attackers a way to pass on malicious instructions to Trojan, researchers say.
Post a Comment

Disk-Wiping 'Shamoon' Malware Resurfaces With File-Erasing Malware in Tow

12/17/2018
As with previous attacks, organizations in the Middle East appear to be main targets, Symantec says.
Post a Comment

Despite Breaches, Many Organizations Struggle to Quantify Cyber-Risks to Business

12/13/2018
Enterprises are struggling with familiar old security challenges as a result, new survey shows.
Post a Comment

U.S. Defense, Critical Infrastructure Companies Targeted in New Threat Campaign

12/12/2018
McAfee finds malware associated with 'Operation Sharpshooter' on systems belonging to at least 87 organizations.
Post a Comment

Attackers Using New Exploit Kit to Hijack Home & Small Office Routers

12/11/2018
Goal is to steal banking credentials by redirecting users to phishing sites.
Post a Comment

Satan Ransomware Variant Exploits 10 Server-Side Flaws

12/10/2018
Windows, Linux systems vulnerable to self-propagating 'Lucky' malware, security researchers say.
Post a Comment

Criminals Use Locally Connected Devices to Attack, Loot Banks

12/7/2018
Tens of millions of dollars stolen from at least eight banks in East Europe, Kasperksy Lab says.
Post a Comment

7 Common Breach Disclosure Mistakes

12/6/2018
How you report a data breach can have a big impact on its fallout.
Post a Comment

Symantec Intros USB Scanning Tool for ICS Operators

12/5/2018
ICSP Neural is designed to address USB-borne malware threats.
Post a Comment

Overall Volume of Thanksgiving Weekend Malware Attacks Lower This Year

11/29/2018
But ransomware attacks go through the roof, new threat data from SonicWall shows.
Post a Comment

Dell Forces Password Reset for Online Customers Following Data Breach

11/29/2018
Move prompts questions about scope of intrusion and strength of company's password hashing.
Post a Comment

Incorrect Assessments of Data Value Putting Organizations at Risk

11/28/2018
Information security groups often underestimate or overestimate the true value of data assets, making it harder to prioritize controls.
Post a Comment

New Hacker Group Behind 'DNSpionage' Attacks in Middle East

11/27/2018
Motives are not fully clear, though data exfiltration is one possibility, Cisco Talos says.
Post a Comment

Mirai Evolves From IoT Devices to Linux Servers

11/21/2018
Netscout says it has observed at least one dozen Mirai variants attempting to exploit a recently disclosed flaw in Hadoop YARN on Intel servers.
Post a Comment

Russia Linked Group Resurfaces With Large-Scale Phishing Campaign

11/20/2018
APT29/Cozy Bear is targeting individuals in military, government, and other sectors via email purporting to be from US State Department.
Post a Comment

Securities Markets at High Risk of Cyberattack

11/19/2018
A report by BAE Systems and SWIFT shows that financial market areas such as equities trading, bonds, and derivatives face more threats than banking, forex, and trade finance.
Post a Comment

Congress Passes Bill to Create New Federal Cybersecurity Agency

11/15/2018
Cybersecurity and Infrastructure Security Agency Act now headed to President Trump for signing into law.
Post a Comment

Small-Time Cybercriminals Landing Steady Low Blows

11/14/2018
High-end crime groups are acquiring the sorts of sophisticated capabilities only nation-states once had, while low-tier criminals maintain a steady stream of malicious activity, from cryptomining to PoS malware.
Post a Comment