Despite Breaches, Many Organizations Struggle to Quantify Cyber-Risks to Business
12/13/2018Enterprises are struggling with familiar old security challenges as a result, new survey shows.
Post a Comment
Author
Profile of Jai Vijayan
Freelance writer News & Commentary Posts: 638Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics including Big Data, Hadoop, Internet of Things, E-voting and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, IL.
Articles by Jai Vijayan
Enterprises are struggling with familiar old security challenges as a result, new survey shows.
Post a Comment
U.S. Defense, Critical Infrastructure Companies Targeted in New Threat Campaign
12/12/2018McAfee finds malware associated with 'Operation Sharpshooter' on systems belonging to at least 87 organizations.
Post a Comment
Attackers Using New Exploit Kit to Hijack Home & Small Office Routers
12/11/2018Goal is to steal banking credentials by redirecting users to phishing sites.
Post a Comment
Satan Ransomware Variant Exploits 10 Server-Side Flaws
12/10/2018Windows, Linux systems vulnerable to self-propagating 'Lucky' malware, security researchers say.
Post a Comment
Criminals Use Locally Connected Devices to Attack, Loot Banks
12/7/2018Tens of millions of dollars stolen from at least eight banks in East Europe, Kasperksy Lab says.
Post a Comment
7 Common Breach Disclosure Mistakes
12/6/2018How you report a data breach can have a big impact on its fallout.
Post a Comment
Symantec Intros USB Scanning Tool for ICS Operators
12/5/2018ICSP Neural is designed to address USB-borne malware threats.
Post a Comment
Overall Volume of Thanksgiving Weekend Malware Attacks Lower This Year
11/29/2018But ransomware attacks go through the roof, new threat data from SonicWall shows.
Post a Comment
Dell Forces Password Reset for Online Customers Following Data Breach
11/29/2018Move prompts questions about scope of intrusion and strength of company's password hashing.
Post a Comment
Incorrect Assessments of Data Value Putting Organizations at Risk
11/28/2018Information security groups often underestimate or overestimate the true value of data assets, making it harder to prioritize controls.
Post a Comment
New Hacker Group Behind 'DNSpionage' Attacks in Middle East
11/27/2018Motives are not fully clear, though data exfiltration is one possibility, Cisco Talos says.
Post a Comment
Mirai Evolves From IoT Devices to Linux Servers
11/21/2018Netscout says it has observed at least one dozen Mirai variants attempting to exploit a recently disclosed flaw in Hadoop YARN on Intel servers.
Post a Comment
Russia Linked Group Resurfaces With Large-Scale Phishing Campaign
11/20/2018APT29/Cozy Bear is targeting individuals in military, government, and other sectors via email purporting to be from US State Department.
Post a Comment
Securities Markets at High Risk of Cyberattack
11/19/2018A report by BAE Systems and SWIFT shows that financial market areas such as equities trading, bonds, and derivatives face more threats than banking, forex, and trade finance.
Post a Comment
Congress Passes Bill to Create New Federal Cybersecurity Agency
11/15/2018Cybersecurity and Infrastructure Security Agency Act now headed to President Trump for signing into law.
Post a Comment
Small-Time Cybercriminals Landing Steady Low Blows
11/14/2018High-end crime groups are acquiring the sorts of sophisticated capabilities only nation-states once had, while low-tier criminals maintain a steady stream of malicious activity, from cryptomining to PoS malware.
Post a Comment
2018 on Track to Be One of the Worst Ever for Data Breaches
11/12/2018A total of 3,676 breaches involving over 3.6 billion records were reported in the first nine months of this year alone.
Post a Comment
Symantec Uncovers North Korean Group's ATM Attack Malware
11/8/2018Lazarus Group has been using FastCash Trojan on obsolete AIX servers to empty tens of millions of dollars from ATMs.
Post a Comment
Crytpocurrency Exchange Targeted Via Attack on Web Traffic Analysis Firm
11/7/2018"Island-hopping" attackers breached StatCounter so they could get to users of gate.io.
Post a Comment
20 Cybersecurity Firms to Watch
11/7/2018A look at some of the more interesting investments, acquisitions, and strategic moves in the security sector over the past year.
Post a Comment
Critical Encryption Bypass Flaws in Popular SSDs Compromise Data Security
11/6/2018Vulnerabilities in Samsung, Crucial storage devices enable data recovery without a password or decryption key, researchers reveal.
Post a Comment
Ex-Employees Allegedly Steal Micron Trade Secrets Valued At Over $400 Million
11/2/2018Three individuals who worked for DRAM maker's Taiwan subsidiary stole Micron IP to benefit company controlled by China's government, US says in indictment.
Post a Comment
Destructive Cyberattacks Spiked in Q3
10/30/2018Instead of simply fleeing when discovered, adversaries are actively engaging with incident response teams, a new Carbon Black study finds.
Post a Comment
Security Implications of IBM-Red Hat Merger Unclear
10/29/2018But enterprises and open source community likely have little to be concerned about, industry experts say.
Post a Comment
County Election Websites Can Be Easily Spoofed to Spread Misinformation
10/25/2018Majority of county sites in 20 key swing states have non-.gov domains and don't enforce use of SSL, McAfee researchers found.
Post a Comment
ICS Networks Continue to be Soft Targets For Cyberattacks
10/24/2018CyberX study shows that many industrial control system environments are riddled with vulnerabilities.
Post a Comment
Russian Research Institute Was Actively Involved In TRITON ICS Attack Activity
10/23/2018Data shows with a high degree of confidence that Moscow-based Central Scientific Research Institute of Chemistry and Mechanics helped develop and refine malware, FireEye says.
Post a Comment
Facebook Rumored to Be Hunting for Major Cybersecurity Acquisition
10/22/2018Goal appears both a bid to bolster its own security and its tattered reputation for privacy, according to reporting by The Information.
Post a Comment
Cyber Espionage Campaign Reuses Code from China's APT1
10/18/2018US, Canadian organizations in crosshairs of group with apparent links to a Chinese military hacking unit that wreaked havoc several years ago.
Post a Comment
3 Years After Attacks on Ukraine Power Grid, BlackEnergy Successor Poses Growing Threat
10/17/2018In what could be a precursor to future attacks, GreyEnergy is targeting critical infrastructure organizations in Central and Eastern Europe.
Post a Comment
FICO & US Chamber of Commerce Score Cyber-Risk Across 10 Sectors
10/16/2018Media, telecom, and technology firms are far more likely to experience a data breach in the near future than organizations in sectors including energy, construction, and transportation.
Post a Comment
Chinese Intelligence Officer Under Arrest for Trade Secret Theft
10/11/2018Yanjun Xu attempted to steal data on advanced aviation technology that GE Aviation, among others, had spent billions developing.
Post a Comment
New Threat Group Conducts Malwareless Cyber Espionage
10/10/2018Gallmaker group is relying exclusively on legitimate tools and living-off-the-land tactics to make detection very difficult.
Post a Comment
Lesser Skilled Cybercriminals Adopt Nation-State Hacking Methods
10/9/2018The trend underscores the need for organizations of all sizes to be prepared to detect and respond to threats faster, CrowdStrike says.
Post a Comment
US Indicts 7 Russian Intel Officers for Hacking Anti-Doping Organizations
10/4/2018Netherlands expels four of the suspects trying to break into an organization investigating a chemical used in the recent attack on a former Russian spy in Britain.
Post a Comment
Malware Outbreak Causes Disruptions, Closures at Canadian Restaurant Chain
10/3/2018But Recipe Unlimited denies it was the victim of a ransomware attack, as some have reported.
Post a Comment
100,000-Plus Home Routers Hijacked in Campaign to Steal Banking Credentials
10/3/2018The GhostDNS campaign, which has been mainly targeting consumers in Brazil, has exploded in scope since August.
Post a Comment
Financial Sector Data Breaches Soar Despite Heavy Security Spending
10/2/2018Banks and other financial firms have disclosed three times as many breaches so far this year than they did in 2016, Bitglass says.
Post a Comment
'Torii' Breaks New Ground For IoT Malware
9/28/2018Stealth, persistence mechanism and ability to infect a wide swath of devices make malware dangerous and very different from the usual Mirai knockoffs, Avast says.
Post a Comment
Russia's Sednit Deploys First Firmware-Level Rootkit in the Wild
9/27/2018The advanced persistent threat group's LoJax can install malware capable of surviving both OS reinstallation and hard disk replacement.
Post a Comment
Google to Let Users Disable Automatic Login to Chrome
9/27/2018The decision comes days after security researcher had blasted company for jeopardizing user privacy with browser update.
Post a Comment
Critical Linux Kernel Flaw Gives Root Access to Attackers
9/26/2018All versions of Red Hat Enterprise Linux, CentOS vulnerable to 'Mutagen Astronomy' flaw, according to Qualys.
Post a Comment
Mirai Authors Escape Jail Time – But Here Are 7 Other Criminal Hackers Who Didn't
9/26/2018Courts are getting tougher on the cybercrooks than some might realize.
Post a Comment
In Quiet Change, Google Now Automatically Logging Users Into Chrome
9/24/2018The change is a complete departure from Google's previous practice of keeping sign-in for Chrome separate from sign-ins to any Google service.
Post a Comment
Retail Sector Second-Worst Performer on Application Security
9/20/2018A "point-in-time" approach to PCI compliance could be one reason why so many retailers appear to be having a hard time.
Post a Comment
Internet-Connected CCTV Cameras Vulnerable to 'Peekaboo' Hack
9/18/2018Zero-day flaw in China-based NUUO's video recorder technology still unfixed three months after vendor was alerted.
Post a Comment
New Xbash Malware a Cocktail of Malicious Functions
9/17/2018The new malware tool targeting Windows and Linux systems combines cryptomining, ransomware, botnet, and self-propagation capabilities.
Post a Comment
2 Billion Bluetooth Devices Remain Exposed to Airborne Attack Vulnerabilities
9/13/2018One year after Armis disclosed 'BlueBorne,' a large number of Android, Linux, and iOS devices remain unpatched.
Post a Comment
Creators of Tools for Building Malicious Office Docs Ditch Old Exploits
9/12/2018In their place is a collection of new exploits for more recently disclosed — and therefore not likely widely patched — vulnerabilities.
Post a Comment
Apple (Finally) Removes MacOS App Caught Stealing User Browser Histories
9/7/2018The fact that the app likely has been exfiltrating data for years is "rather f#@&'d" up, says the security researcher who reported the issue to Apple one month ago.
Post a Comment
The Best Way To Secure US Elections? Paper Ballots
9/6/2018Voting machines that do not provide a paper trail or cannot be independently audited should immediately be removed, concludes a new report from the National Academies of Sciences, Engineering, and Medicine.
Post a Comment
Silence Group Quietly Emerges as New Threat to Banks
9/5/2018Though only two members strong, hackers pose a credible threat to banks in Russia and multiple countries.
Post a Comment
Attackers Employ Social Engineering to Distribute New Banking Trojan
9/4/2018CamuBot malware, which disguises itself as a required security module, is targeting business customers of major Brazilian banks.
Post a Comment
Botnets Serving Up More Multipurpose Malware
8/30/2018Attackers increasingly are distributing malware that can be used for a variety of different tasks, Kaspersky Lab says.
Post a Comment
North Korean Hacking Group Steals $13.5 Million From Indian Bank
8/27/2018Tactics that Lazarus Group used to siphon money from India's Cosmos Bank were highly sophisticated, Securonix says.
Post a Comment
Modular Downloaders Could Pose New Threat for Enterprises
8/24/2018Proofpoint says it has recently discovered two downloaders that let attackers modify malware after it has been installed on a system.
Post a Comment
Turla Threat Group Uses Email PDF Attachments to Control Stealthy Backdoor
8/23/2018The Russian-speaking group's latest tactic is the only known case of malware that's completely controllable via email, researchers at ESET say.
Post a Comment
Wickr Adds New Censorship Circumvention Feature to its Encrypted App
8/23/2018Secure Open Access addresses void created by Google, Amazon decision to disallow domain fronting, company says.
Post a Comment
Attackers Using 'Legitimate' Remote Admin Tool in Multiple Threat Campaigns
8/22/2018Researchers from Cisco Talos say Breaking Security's Remcos software allows attackers to fully control and monitor any Windows system from XP onward.
Post a Comment
Oracle: Apply Out-of-Band Patch for Database Flaw ASAP
8/14/2018Flaw in the Java VM component of Oracle's Database Server is easily exploitable, security experts warn.
Post a Comment
Vulnerability Disclosures in 2018 So Far Outpacing Previous Years'
8/13/2018Nearly 17% of 10,644 vulnerabilities disclosed so far this year have been critical, according to new report from Risk Based Security.
Post a Comment
Vulnerable Smart City Devices Can Be Exploited To Cause Panic, Chaos
8/10/2018False alerts about floods, radiation levels are just some of the ways attackers can abuse weakly protected IoT devices, researchers warn.
Post a Comment
Weakness in WhatsApp Enables Large-Scale Social Engineering
8/9/2018Problem lies in WhatsApp's validation of message parameters and cannot be currently mitigated, Check Point researchers say.
Post a Comment
Even 'Regular Cybercriminals' Are After ICS Networks
8/7/2018A Cybereason honeypot project shows that ordinary cybercriminals are also targeting weakly secured environments.
Post a Comment
Industrial Sector Targeted in Highly Personalized Spear-Phishing Campaign
8/2/2018At least 400 companies in Russia have been in the bullseye of new, sophisticated spear-phishing attacks, Kaspersky Lab says.
Post a Comment
Feds Indict Three Ukrainians For Cyberattacks on 100+ Companies
8/1/2018Dmytro Fedorov, Fedir Hladyr, and Andrii Kolpakov are senior members of the notorious FIN7 cybercrime group, aka the Carbanak Group.
Post a Comment
DHS Establishes Center For Defense of Critical Infrastructure
7/31/2018Center foundational to new government-led 'collective defense' strategy for sharing and responding to cyberthreats, DHS secretary says.
Post a Comment
Russian National Sentenced to 70 Months For $4 Million Debit Card Fraud
7/30/2018Mikhail Malykhin's actions drove one company out business.
Post a Comment
Kronos Banking Trojan Resurfaces
7/26/2018Re-emergence of malware consistent with overall surge in banking malware activity this year, Proofpoint says.
Post a Comment
Iranian Hacker Group Waging Widespread Espionage Campaign in Middle East
7/25/2018Unlike other threat actors that have a narrow set of targets, Leafminer has over 800 organizations in its sights, Symantec says.
Post a Comment
Trend Micro Launches Targeted Server-Side Bug Bounty Program
7/24/2018Targeted Incentive Program will pay anywhere from $25,000 to $200,000 to researchers who are first to demonstrate exploitable vulnerabilities.
Post a Comment
Singapore Health Services Data Breach Exposes Info on 1.5 Million People
7/20/2018Attackers, repeatedly and specifically, targeted Singapore Prime Minister Lee Hsien Loong's medication data.
Post a Comment
Cyberattacks in Finland Surge During Trump-Putin Summit
7/19/2018Attackers targeted IoT devices like they did during Trump's June meeting with North Korea's Kim Jong-un, but this time China was the top-attacking nation.
Post a Comment
6 Ways to Tell an Insider Has Gone Rogue
7/19/2018Malicious activity by trusted users can be very hard to catch, so look for these red flags.
Post a Comment
Russian National Vulnerability Database Operation Raises Suspicions
7/16/2018Recorded Future says Russia's Federal Service for Technical and Export Control has ability to find, weaponize vulnerabilities under cover of doing technology inspections.
Post a Comment
GandCrab Ransomware Continues to Evolve But Can't Spread Via SMB Shares Yet
7/13/2018Recent fears that this year's most prolific ransomware threat has acquired new WannaCry-like propagation capabilities appear unfounded at the moment.
Post a Comment
WordPress Sites Targeted in World Cup-Themed Spam Scam
7/12/2018Spammers using a 'spray & pray' approach to post comments on WordPress powered blogs, forums, says Imperva.
Post a Comment
Hacker Exploits 2-Year Old Router Issue To Steal Sensitive US Military Data
7/11/2018A moderately skilled hacker managed to steal export-restricted data pertaining to the Reaper drone and Abrams tank from computers belonging to two US Army officials.
Post a Comment
Ticketmaster Breach Part of Massive Payment Card Hacking Campaign
7/10/2018Threat actor Magecart has infiltrated over 800 e-commerce sites with card skimming software installed on third-party software components, RiskIQ says.
Post a Comment
Data Breaches at Timehop, Macy's Highlight Need for Multi-Factor Authentication
7/9/2018Names, email addresses, and some phone numbers belonging to 21 million people exposed in Timehop intrusion; Macy's incident impacts 'small number' of customers.
Post a Comment
Weak Admin Password Enabled Gentoo GitHub Breach
7/5/2018Had the attacker been quieter, breach may not have been discovered immediately maintainers of popular Linux distribution said.
Post a Comment
California's New Privacy Law Gives GDPR-Compliant Orgs Little to Fear
7/3/2018Others should boost their security controls to get in sync with AB 375... or get ready to be sued hundreds of dollars for each personal record exposed in a breach.
Post a Comment
Destructive Nation-State Cyberattacks Will Rise
6/21/2018More than 90 percent of respondents in a Tripwire survey in Europe expect attacks by state-sponsored threat actors to increase in the next 12 months.
Post a Comment
China-Based Cyber Espionage Campaign Targets Satellite, Telecom, Defense Firms
6/20/2018Threat group Thrip is using three computers based in China to steal data from targeted companies in Southeast Asia and the US, Symantec says.
Post a Comment
Tesla Employee Steals, Sabotages Company Data
6/19/2018The electric carmaker is the victim of an "extensive and damaging" insider attack, says CEO Elon Musk.
Post a Comment
Exposed Container Orchestration Systems Putting Many Orgs at Risk
6/18/2018More than 22,600 open container orchestration and API management systems discovered on the Internet.
Post a Comment
Trump-Kim Meeting Was a Magnet For Russian Cyberattacks
6/15/2018Attacks directed at targets in Singapore went through the roof earlier this week.
Post a Comment
Intel Discloses Yet Another Side Channel Vulnerability
6/14/2018Moderate severity Lazy FP restore flaw affects Intel Core-based microprocessors.
Post a Comment
Containerized Apps: An 8-Point Security Checklist
6/14/2018Here are eight measures to take to ensure the security of your containerized application environment.
Post a Comment
US Slaps Sanctions on Five Russian Entities, Three Individuals for Cyberattacks
6/11/2018Executives from two of the cybersecurity firms on the list say action is unwarranted; another says it's even a Russian entity.
Post a Comment
FBI Slaps New Charges Against Researcher Who Stopped WannaCry
6/7/2018Federal authorities charged Marcus Hutchins with lying to the government and authoring a second piece of malware in addition to the Kronos banking Trojan.
Post a Comment
VPNFilter Poses Broader Threat Than First Thought; Endpoints At Risk Too
6/6/2018New research shows the router and NAS system malware affects more vendor devices as well, Cisco Talos says.
Post a Comment
Financial Services Organizations Face More Sophisticated Threats Than Others
6/5/2018With companies in the financial sector getting better at blocking ordinary threats, attackers have begun going after them with more sophisticated malware, Lastline says.
Post a Comment
US-North Korea Summit News Used as Lure In New Malware Campaign
6/4/2018Previously known threat actor Group 123 likely behind NavRAT malware, security vendor says.
Post a Comment
Open Bug Bounty Offers Free Program For Websites
6/1/2018Non-profit says it will triage and verify certain kinds of Web vulnerability submissions at no cost for those who sign up.
Post a Comment
Banking Botnet Operators Strike Profit-Sharing Partnership
5/31/2018Instead of ripping each other's malware out of victim systems, the groups behind Trickbot and IcedID are playing nice with each other, says Flashpoint.
Post a Comment
Dozens of Vulnerabilities Discovered in DoD's Enterprise Travel System
5/30/2018In less than one month, security researchers participating in the Pentagon's Hack the Defense Travel System program found 65 vulnerabilities.
Post a Comment
6 Ways Third Parties Can Trip Up Your Security
5/29/2018Poor access control, inadequate patch management, and non-existent DR practices are just some of the ways a third party can cause problems
Post a Comment
Growing Job Pressures Increase Risk of Burnout for Cybersecurity Professionals
5/23/2018A new Trustwave survey shows information security executives and practitioners are under increasing pressure from trying to keep up with threats and compliance mandates.
Post a Comment
Las Vegas Most Insecure Cyber City in US; St. Louis Least Vulnerable
5/22/2018Forty-three percent chance of users connecting to high or medium-risk networks in Las Vegas - compared to less than 1% risk in least vulnerable areas, Coronet says.
Post a Comment
White Papers
Video
4 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Look deep into my eyes. You are getting sleepy, very sleepy......
Latest Comment: Look deep into my eyes. You are getting sleepy, very sleepy......
Current Issue
10 Best Practices That Could Reshape Your IT Security DepartmentThis Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
How Enterprises Are Using IT Threat Intelligence
Large organizations are harnessing data about cyberattackers and their exploits to improve the safety of their critical data. Find out what they're doing.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-20161
PUBLISHED: 2018-12-15
PUBLISHED: 2018-12-15
PUBLISHED: 2018-12-15
PUBLISHED: 2018-12-14
PUBLISHED: 2018-12-14
From DHS/US-CERT's National Vulnerability Database CVE-2018-20161
PUBLISHED: 2018-12-15
A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the...
CVE-2018-20159PUBLISHED: 2018-12-15
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a "...
CVE-2018-20157PUBLISHED: 2018-12-15
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.
CVE-2018-20154PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.
CVE-2018-20155PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This