Chinese Intelligence Officer Under Arrest for Trade Secret Theft
10/11/2018Yanjun Xu attempted to steal data on advanced aviation technology that GE Aviation, among others, had spent billions developing.
Post a Comment
Author
Profile of Jai Vijayan
Freelance writer News & Commentary Posts: 604Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics including Big Data, Hadoop, Internet of Things, E-voting and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, IL.
Articles by Jai Vijayan
Yanjun Xu attempted to steal data on advanced aviation technology that GE Aviation, among others, had spent billions developing.
Post a Comment
New Threat Group Conducts Malwareless Cyber Espionage
10/10/2018Gallmaker group is relying exclusively on legitimate tools and living-off-the-land tactics to make detection very difficult.
Post a Comment
Lesser Skilled Cybercriminals Adopt Nation-State Hacking Methods
10/9/2018The trend underscores the need for organizations of all sizes to be prepared to detect and respond to threats faster, CrowdStrike says.
Post a Comment
US Indicts 7 Russian Intel Officers for Hacking Anti-Doping Organizations
10/4/2018Netherlands expels four of the suspects trying to break into an organization investigating a chemical used in the recent attack on a former Russian spy in Britain.
Post a Comment
Malware Outbreak Causes Disruptions, Closures at Canadian Restaurant Chain
10/3/2018But Recipe Unlimited denies it was the victim of a ransomware attack, as some have reported.
Post a Comment
100,000-Plus Home Routers Hijacked in Campaign to Steal Banking Credentials
10/3/2018The GhostDNS campaign, which has been mainly targeting consumers in Brazil, has exploded in scope since August.
Post a Comment
Financial Sector Data Breaches Soar Despite Heavy Security Spending
10/2/2018Banks and other financial firms have disclosed three times as many breaches so far this year than they did in 2016, Bitglass says.
Post a Comment
'Torii' Breaks New Ground For IoT Malware
9/28/2018Stealth, persistence mechanism and ability to infect a wide swath of devices make malware dangerous and very different from the usual Mirai knockoffs, Avast says.
Post a Comment
Russia's Sednit Deploys First Firmware-Level Rootkit in the Wild
9/27/2018The advanced persistent threat group's LoJax can install malware capable of surviving both OS reinstallation and hard disk replacement.
Post a Comment
Google to Let Users Disable Automatic Login to Chrome
9/27/2018The decision comes days after security researcher had blasted company for jeopardizing user privacy with browser update.
Post a Comment
Critical Linux Kernel Flaw Gives Root Access to Attackers
9/26/2018All versions of Red Hat Enterprise Linux, CentOS vulnerable to 'Mutagen Astronomy' flaw, according to Qualys.
Post a Comment
Mirai Authors Escape Jail Time – But Here Are 7 Other Criminal Hackers Who Didn't
9/26/2018Courts are getting tougher on the cybercrooks than some might realize.
Post a Comment
In Quiet Change, Google Now Automatically Logging Users Into Chrome
9/24/2018The change is a complete departure from Google's previous practice of keeping sign-in for Chrome separate from sign-ins to any Google service.
Post a Comment
Retail Sector Second-Worst Performer on Application Security
9/20/2018A "point-in-time" approach to PCI compliance could be one reason why so many retailers appear to be having a hard time.
Post a Comment
Internet-Connected CCTV Cameras Vulnerable to 'Peekaboo' Hack
9/18/2018Zero-day flaw in China-based NUUO's video recorder technology still unfixed three months after vendor was alerted.
Post a Comment
New Xbash Malware a Cocktail of Malicious Functions
9/17/2018The new malware tool targeting Windows and Linux systems combines cryptomining, ransomware, botnet, and self-propagation capabilities.
Post a Comment
2 Billion Bluetooth Devices Remain Exposed to Airborne Attack Vulnerabilities
9/13/2018One year after Armis disclosed 'BlueBorne,' a large number of Android, Linux, and iOS devices remain unpatched.
Post a Comment
Creators of Tools for Building Malicious Office Docs Ditch Old Exploits
9/12/2018In their place is a collection of new exploits for more recently disclosed — and therefore not likely widely patched — vulnerabilities.
Post a Comment
Apple (Finally) Removes MacOS App Caught Stealing User Browser Histories
9/7/2018The fact that the app likely has been exfiltrating data for years is "rather f#@&'d" up, says the security researcher who reported the issue to Apple one month ago.
Post a Comment
The Best Way To Secure US Elections? Paper Ballots
9/6/2018Voting machines that do not provide a paper trail or cannot be independently audited should immediately be removed, concludes a new report from the National Academies of Sciences, Engineering, and Medicine.
Post a Comment
Silence Group Quietly Emerges as New Threat to Banks
9/5/2018Though only two members strong, hackers pose a credible threat to banks in Russia and multiple countries.
Post a Comment
Attackers Employ Social Engineering to Distribute New Banking Trojan
9/4/2018CamuBot malware, which disguises itself as a required security module, is targeting business customers of major Brazilian banks.
Post a Comment
Botnets Serving Up More Multipurpose Malware
8/30/2018Attackers increasingly are distributing malware that can be used for a variety of different tasks, Kaspersky Lab says.
Post a Comment
North Korean Hacking Group Steals $13.5 Million From Indian Bank
8/27/2018Tactics that Lazarus Group used to siphon money from India's Cosmos Bank were highly sophisticated, Securonix says.
Post a Comment
Modular Downloaders Could Pose New Threat for Enterprises
8/24/2018Proofpoint says it has recently discovered two downloaders that let attackers modify malware after it has been installed on a system.
Post a Comment
Turla Threat Group Uses Email PDF Attachments to Control Stealthy Backdoor
8/23/2018The Russian-speaking group's latest tactic is the only known case of malware that's completely controllable via email, researchers at ESET say.
Post a Comment
Wickr Adds New Censorship Circumvention Feature to its Encrypted App
8/23/2018Secure Open Access addresses void created by Google, Amazon decision to disallow domain fronting, company says.
Post a Comment
Attackers Using 'Legitimate' Remote Admin Tool in Multiple Threat Campaigns
8/22/2018Researchers from Cisco Talos say Breaking Security's Remcos software allows attackers to fully control and monitor any Windows system from XP onward.
Post a Comment
Oracle: Apply Out-of-Band Patch for Database Flaw ASAP
8/14/2018Flaw in the Java VM component of Oracle's Database Server is easily exploitable, security experts warn.
Post a Comment
Vulnerability Disclosures in 2018 So Far Outpacing Previous Years'
8/13/2018Nearly 17% of 10,644 vulnerabilities disclosed so far this year have been critical, according to new report from Risk Based Security.
Post a Comment
Vulnerable Smart City Devices Can Be Exploited To Cause Panic, Chaos
8/10/2018False alerts about floods, radiation levels are just some of the ways attackers can abuse weakly protected IoT devices, researchers warn.
Post a Comment
Weakness in WhatsApp Enables Large-Scale Social Engineering
8/9/2018Problem lies in WhatsApp's validation of message parameters and cannot be currently mitigated, Check Point researchers say.
Post a Comment
Even 'Regular Cybercriminals' Are After ICS Networks
8/7/2018A Cybereason honeypot project shows that ordinary cybercriminals are also targeting weakly secured environments.
Post a Comment
Industrial Sector Targeted in Highly Personalized Spear-Phishing Campaign
8/2/2018At least 400 companies in Russia have been in the bullseye of new, sophisticated spear-phishing attacks, Kaspersky Lab says.
Post a Comment
Feds Indict Three Ukrainians For Cyberattacks on 100+ Companies
8/1/2018Dmytro Fedorov, Fedir Hladyr, and Andrii Kolpakov are senior members of the notorious FIN7 cybercrime group, aka the Carbanak Group.
Post a Comment
DHS Establishes Center For Defense of Critical Infrastructure
7/31/2018Center foundational to new government-led 'collective defense' strategy for sharing and responding to cyberthreats, DHS secretary says.
Post a Comment
Russian National Sentenced to 70 Months For $4 Million Debit Card Fraud
7/30/2018Mikhail Malykhin's actions drove one company out business.
Post a Comment
Kronos Banking Trojan Resurfaces
7/26/2018Re-emergence of malware consistent with overall surge in banking malware activity this year, Proofpoint says.
Post a Comment
Iranian Hacker Group Waging Widespread Espionage Campaign in Middle East
7/25/2018Unlike other threat actors that have a narrow set of targets, Leafminer has over 800 organizations in its sights, Symantec says.
Post a Comment
Trend Micro Launches Targeted Server-Side Bug Bounty Program
7/24/2018Targeted Incentive Program will pay anywhere from $25,000 to $200,000 to researchers who are first to demonstrate exploitable vulnerabilities.
Post a Comment
Singapore Health Services Data Breach Exposes Info on 1.5 Million People
7/20/2018Attackers, repeatedly and specifically, targeted Singapore Prime Minister Lee Hsien Loong's medication data.
Post a Comment
Cyberattacks in Finland Surge During Trump-Putin Summit
7/19/2018Attackers targeted IoT devices like they did during Trump's June meeting with North Korea's Kim Jong-un, but this time China was the top-attacking nation.
Post a Comment
6 Ways to Tell an Insider Has Gone Rogue
7/19/2018Malicious activity by trusted users can be very hard to catch, so look for these red flags.
Post a Comment
Russian National Vulnerability Database Operation Raises Suspicions
7/16/2018Recorded Future says Russia's Federal Service for Technical and Export Control has ability to find, weaponize vulnerabilities under cover of doing technology inspections.
Post a Comment
GandCrab Ransomware Continues to Evolve But Can't Spread Via SMB Shares Yet
7/13/2018Recent fears that this year's most prolific ransomware threat has acquired new WannaCry-like propagation capabilities appear unfounded at the moment.
Post a Comment
WordPress Sites Targeted in World Cup-Themed Spam Scam
7/12/2018Spammers using a 'spray & pray' approach to post comments on WordPress powered blogs, forums, says Imperva.
Post a Comment
Hacker Exploits 2-Year Old Router Issue To Steal Sensitive US Military Data
7/11/2018A moderately skilled hacker managed to steal export-restricted data pertaining to the Reaper drone and Abrams tank from computers belonging to two US Army officials.
Post a Comment
Ticketmaster Breach Part of Massive Payment Card Hacking Campaign
7/10/2018Threat actor Magecart has infiltrated over 800 e-commerce sites with card skimming software installed on third-party software components, RiskIQ says.
Post a Comment
Data Breaches at Timehop, Macy's Highlight Need for Multi-Factor Authentication
7/9/2018Names, email addresses, and some phone numbers belonging to 21 million people exposed in Timehop intrusion; Macy's incident impacts 'small number' of customers.
Post a Comment
Weak Admin Password Enabled Gentoo GitHub Breach
7/5/2018Had the attacker been quieter, breach may not have been discovered immediately maintainers of popular Linux distribution said.
Post a Comment
California's New Privacy Law Gives GDPR-Compliant Orgs Little to Fear
7/3/2018Others should boost their security controls to get in sync with AB 375... or get ready to be sued hundreds of dollars for each personal record exposed in a breach.
Post a Comment
Destructive Nation-State Cyberattacks Will Rise
6/21/2018More than 90 percent of respondents in a Tripwire survey in Europe expect attacks by state-sponsored threat actors to increase in the next 12 months.
Post a Comment
China-Based Cyber Espionage Campaign Targets Satellite, Telecom, Defense Firms
6/20/2018Threat group Thrip is using three computers based in China to steal data from targeted companies in Southeast Asia and the US, Symantec says.
Post a Comment
Tesla Employee Steals, Sabotages Company Data
6/19/2018The electric carmaker is the victim of an "extensive and damaging" insider attack, says CEO Elon Musk.
Post a Comment
Exposed Container Orchestration Systems Putting Many Orgs at Risk
6/18/2018More than 22,600 open container orchestration and API management systems discovered on the Internet.
Post a Comment
Trump-Kim Meeting Was a Magnet For Russian Cyberattacks
6/15/2018Attacks directed at targets in Singapore went through the roof earlier this week.
Post a Comment
Intel Discloses Yet Another Side Channel Vulnerability
6/14/2018Moderate severity Lazy FP restore flaw affects Intel Core-based microprocessors.
Post a Comment
Containerized Apps: An 8-Point Security Checklist
6/14/2018Here are eight measures to take to ensure the security of your containerized application environment.
Post a Comment
US Slaps Sanctions on Five Russian Entities, Three Individuals for Cyberattacks
6/11/2018Executives from two of the cybersecurity firms on the list say action is unwarranted; another says it's even a Russian entity.
Post a Comment
FBI Slaps New Charges Against Researcher Who Stopped WannaCry
6/7/2018Federal authorities charged Marcus Hutchins with lying to the government and authoring a second piece of malware in addition to the Kronos banking Trojan.
Post a Comment
VPNFilter Poses Broader Threat Than First Thought; Endpoints At Risk Too
6/6/2018New research shows the router and NAS system malware affects more vendor devices as well, Cisco Talos says.
Post a Comment
Financial Services Organizations Face More Sophisticated Threats Than Others
6/5/2018With companies in the financial sector getting better at blocking ordinary threats, attackers have begun going after them with more sophisticated malware, Lastline says.
Post a Comment
US-North Korea Summit News Used as Lure In New Malware Campaign
6/4/2018Previously known threat actor Group 123 likely behind NavRAT malware, security vendor says.
Post a Comment
Open Bug Bounty Offers Free Program For Websites
6/1/2018Non-profit says it will triage and verify certain kinds of Web vulnerability submissions at no cost for those who sign up.
Post a Comment
Banking Botnet Operators Strike Profit-Sharing Partnership
5/31/2018Instead of ripping each other's malware out of victim systems, the groups behind Trickbot and IcedID are playing nice with each other, says Flashpoint.
Post a Comment
Dozens of Vulnerabilities Discovered in DoD's Enterprise Travel System
5/30/2018In less than one month, security researchers participating in the Pentagon's Hack the Defense Travel System program found 65 vulnerabilities.
Post a Comment
6 Ways Third Parties Can Trip Up Your Security
5/29/2018Poor access control, inadequate patch management, and non-existent DR practices are just some of the ways a third party can cause problems
Post a Comment
Growing Job Pressures Increase Risk of Burnout for Cybersecurity Professionals
5/23/2018A new Trustwave survey shows information security executives and practitioners are under increasing pressure from trying to keep up with threats and compliance mandates.
Post a Comment
Las Vegas Most Insecure Cyber City in US; St. Louis Least Vulnerable
5/22/2018Forty-three percent chance of users connecting to high or medium-risk networks in Las Vegas - compared to less than 1% risk in least vulnerable areas, Coronet says.
Post a Comment
Federal Jury Convicts Operator of Massive Counter-Antivirus Service
5/17/2018Scan4You helped thousands of criminals check if AV products could detect and block their malware tools.
Post a Comment
Frequency & Costs of DNS-Based Attacks Soar
5/16/2018The average cost of a DNS attack in the US has climbed 57% over the last year to $654,000 in 2018, a survey from EfficientIP shows.
Post a Comment
Kaspersky Lab to Move Some Core Operations to Switzerland
5/15/2018Most customer data storage and processing, software assembly, and threat detection updates will be based in Zurich.
Post a Comment
Shadow IoT Devices Pose a Growing Problem for Organizations
5/14/2018An Infoblox survey shows many companies have thousands of non-business Internet of Things devices connecting to their network daily.
Post a Comment
Proofpoint Sounds Warning on Vega Stealer Targeted Data Theft Campaign
5/11/2018Marketing, PR, and advertising firms are among those being targeted.
Post a Comment
Author of TreasureHunter PoS Malware Releases Its Source Code
5/10/2018Leak gives threat actors a way to build newer, nastier versions of the point-of-sale malware, Flashpoint says.
Post a Comment
SynAck Ransomware Gets Dangerous 'Doppleganging' Feature
5/7/2018New Process Doppelganging, obfuscation features makes the malware much harder to spot and stop.
Post a Comment
Report: China's Intelligence Apparatus Linked to Previously Unconnected Threat Groups
5/4/2018Multiple groups operating under the China state-sponsored Winnti umbrella have been targeting organizations in the US, Japan, and elsewhere, says ProtectWise.
Post a Comment
No Computing Device Too Small For Cryptojacking
5/3/2018Research by Trend Micro shows IoT and almost all connected devices are targets for illegal cryptocurrency mining.
Post a Comment
Password Reuse Abounds, New Survey Shows
5/1/2018Despite heightened awareness of the security implications many users still continue to reuse passwords and rarely if ever change them, a LogMeIn survey shows.
Post a Comment
Speed at Which New Drupal Flaw Was Exploited Highlights Patching Challenges
4/30/2018In the rush to patch, organizations can create fresh problems for themselves.
Post a Comment
US Healthcare Firms Among Dozens Hit in 'Orangeworm' Cyberattack Campaign
4/26/2018Attackers target healthcare organizations in apparent data theft mission, but could do far more damage, according to Symantec researchers.
Post a Comment
Low-Cost Crimeware Kit Gaining Popularity in Underground Markets
4/25/2018At $150 for a three-month subscription, Rubella Malware Builder presents a threat to enterprises, Flashpoint says.
Post a Comment
Threat Actors Turn to Blockchain Infrastructure to Host & Hide Malicious Activity
4/23/2018.bit domains are increasingly being used to hide payloads, stolen data, and command and control servers, FireEye says.
Post a Comment
Majority of Men Think Women Have Equal Opportunity to Advance in Cybersecurity Career
4/17/2018Not so fast, say women.
Post a Comment
Cisco, ISARA to Test Hybrid Classic, Quantum-Safe Digital Certificates
4/13/2018Goal is to make it easier for organizations to handle the migration to quantum computing when it becomes available.
Post a Comment
Attackers Exploit Cisco Switch Issue as Vendor Warns of Yet Another Critical Flaw
4/9/2018Cisco says companies fixing previously known protocol issue should also patch against critical remote-code execution issue.
Post a Comment
Sears & Delta Airlines Are Latest Victims of Third-Party Security Breach
4/5/2018An insecure ecosystem of third parties connected to an enterprise network poses a growing risk, security analysts say.
Post a Comment
Four Gas Pipeline Firms Hit in Attack on Their EDI Service Provider
4/5/2018Attack a warning on vulnerabilities in energy networks, security analysts say.
Post a Comment
Criminals Targeting Magento Sites with Brute-Force Password Attacks
4/3/2018Flashpoint says it is aware of at least 1,000 sites using Magento's e-commerce platform that have been recently compromised.
Post a Comment
Microsoft Rushes Out Fix for Major Hole Caused by Previous Meltdown Patch
3/30/2018Issue affects Windows 7 x64 and Windows Server 2008 R2 x64 systems.
Post a Comment
University Networks Become Fertile Ground for Cryptomining
3/29/2018Sixty percent of cryptomining detections in a Vectra study occurred on higher-education networks.
Post a Comment
Attackers Shift From Adobe Flaws to Microsoft Products
3/27/2018Seven of the Top 10 most commonly exploited vulnerabilities in 2017 were Microsoft-related - not Adobe Flash as in years past, Recorded Future found.
Post a Comment
Leader of Cybercrime APT Behind $1.2 Billion in Bank Heists Arrested
3/26/2018The Carbanak group has caused more financial losses to financial institutions than any other cybercrime group since it surfaced in 2013.
Post a Comment
AMD Will Release Fixes for New Processor Flaws in a Few Weeks
3/23/2018Security firm that disclosed flaws accuses chipmaker of downplaying flaws; says timeline is overly optimistic.
Post a Comment
Criminals Using Web Injects to Steal Cryptocurrency
3/22/2018Man-in-the-browser attacks targeting Blockchain.info and Coinbase websites, SecurityScorecard says.
Post a Comment
7 Ways to Protect Against Cryptomining Attacks
3/22/2018Implementing basic security hygiene can go a long way in ensuring your systems and website don't get hijacked.
Post a Comment
Gartner Expects 2018 IoT Security Spending to Reach $1.5 Billion
3/21/2018Regulations, breach concerns will push spending to over $3 billion by 2021, analyst firm says.
Post a Comment
New Method Proposed for Secure Government Access to Encrypted Data
3/19/2018'Crumple Zones' in crypto mechanisms can make it possible — but astronomically expensive — to access encrypted data, say researchers from Boston University and Portland State University.
Post a Comment
Are DDoS Attacks Increasing or Decreasing? Depends on Whom You Ask
3/15/2018Details on DDoS trends can vary, depending on the reporting source.
Post a Comment
New Hosted Service Lowers Barriers to Malware Distribution
3/14/2018BlackTDS is a traffic distribution service for directing users to malware and exploit kits based on specific parameters.
Post a Comment
White Papers
Video
0 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-18374
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-15
From DHS/US-CERT's National Vulnerability Database CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.
CVE-2018-18375PUBLISHED: 2018-10-16
goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter.
CVE-2018-18376PUBLISHED: 2018-10-16
goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter.
CVE-2018-18377PUBLISHED: 2018-10-16
goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials.
CVE-2018-17534PUBLISHED: 2018-10-15
Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This