Profile of Jai Vijayan

Contributing Writer News & Commentary Posts: 759

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics including Big Data, Hadoop, Internet of Things, E-voting and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, IL.

Silence APT Group Broadens Attacks on Banks, Gets More Dangerous

8/21/2019
Over the past year, the financial damage linked to the Russian-speaking threat group has spiked fivefold, Group-IP says.
Post a Comment

Apple Misstep Leaves iPhones Open to Jailbreak

8/20/2019
Newest version of iOS contains a critical bug that the company had previously already patched.
Post a Comment

Instagram Added to Facebook Data-Abuse Bounty Program

8/19/2019
Social media giant also launches invitation-only bug bounty program for 'Checkout on Instagram'.
Post a Comment

More Than 20 Data Breaches Reported Per Day in First Half of 2019

8/15/2019
But incidents involving SSNs, addresses, birth dates were smaller than in previous years.
Post a Comment

Trend Micro Patches Privilege Escalation Bug in its Password Manager

8/14/2019
Organizations should update to latest build as soon as possible, security vendor says.
Post a Comment

Orgs Doing More App Security Testing but Fixing Fewer Vulns

8/13/2019
On average, US organizations took nearly five months to fix critical vulnerabilities according to WhiteHat Security's annual vulnerability report.
Post a Comment

2019 Pwnie Award Winners (And Those Who Wish They Weren't)

8/13/2019
This year's round-up includes awards into two new categories: most under-hyped research and epic achievement.
Post a Comment

Researchers Show How SQLite Can Be Modified to Attack Apps

8/12/2019
New technique involves query hijacking to trigger a wide range of memory safety issues within the widely used database engine, Check Point says.
Post a Comment

Equifax CISO: 'Trust Starts and Ends with You'

8/8/2019
Organizational culture is key to good enterprise security posture, Jamil Farshchi told Black Hat attendees.
Post a Comment

WhatsApp Messages Can Be Intercepted, Manipulated

8/8/2019
Check Point security researchers demonstrate how a dangerous security weakness in the messaging application can be abused to spread fake news and carry out online scams.
Post a Comment

Ransomware Used in Multimillion-Dollar Attacks Gets More Automated

8/5/2019
The authors of MegaCortex appear to have traded security for convenience and speed, say researchers at Accenture iDefense.
Post a Comment

PCI Security Council, Retail ISAC Warn Retailers on Magecart Attacks

8/1/2019
Online card-skimming activities grew sharply this summer fueled by the availability of attack kits and other factors, Malwarebytes says.
Post a Comment

Flaws in SanDisk SSD Dashboard Present Malware & Data Loss Risks

7/31/2019
Organizations using the utility should immediately install the latest version of the software, security vendor Trustwave says.
Post a Comment

Sextortion Email Scams Rise Sharply

7/30/2019
Cybercriminals are increasingly trying to trick people into paying ransoms by threatening to expose compromising activities to friends and family.
Post a Comment

Russian Threat Group May Have Devised a 'Man-on-the-Side' Attack

7/25/2019
Data from an intrusion last year suggests Iron Liberty group may have a new trick up its sleeve, Secureworks says.
Post a Comment

Android Malware 'Triada' Most Active on Telco Networks

7/25/2019
Google in May disclosed that several Android devices had been shipped pre-installed with the RAT.
Post a Comment

With Data Breach Costs, Time is Money

7/24/2019
The sooner a company can detect and respond to an incident, the less likely they are to pay for it, a new IBM-Ponemon study finds.
Post a Comment

Penetration Test Data Shows Risk to Domain Admin Credentials

7/23/2019
But gaining a foothold on the LAN via vulnerabilities on Internet-facing assets is becoming harder, Rapid7 found in its real-world pen tests.
Post a Comment

BitPaymer Ransomware Operators Wage Custom, Targeted Attacks

7/18/2019
A new framework is allowing the threat group to compile variants of the malware for each victim, Morphisec says.
Post a Comment

8 Legit Tools and Utilities That Cybercriminals Commonly Misuse

7/18/2019
Threat actors are increasingly 'living off the land,' using publicly available management and administration tools to conceal malicious activity.
Post a Comment

800K Systems Still Vulnerable to BlueKeep

7/17/2019
Organizations with systems exploitable via the RDP flaw pose an increasing risk to themselves and other organizations, BitSight says.
Post a Comment

Lenovo NAS Firmware Flaw Exposes Stored Data

7/16/2019
More than 5,100 vulnerable devices containing multiple terabytes of data are open to exploitation, researchers found.
Post a Comment

APT Groups Make Quadruple What They Spend on Attack Tools

7/11/2019
Some advanced persistent threat actors can spend north of $1 million on attacks, but the return on that investment can be huge.
Post a Comment

New Ransomware Targets QNAP's Network-Attached Storage Devices

7/10/2019
More than 19,000 systems in the US are potentially at risk from eCh0raix.
Post a Comment

Zoom Client for Mac Exposing Users to Serious Risks

7/9/2019
Videoconferencing software maker downplays risks and says mitigations are on the way.
Post a Comment

New 'WannaHydra' Malware a Triple Threat to Android

7/3/2019
The latest variant of WannaLocker is a banking Trojan, spyware tool, and ransomware.
Post a Comment

TA505 Group Launches New Targeted Attacks

7/3/2019
Russian-speaking group has sent thousands of emails containing new malware to individuals working at financial institutions in the US, United Arab Emirates, and Singapore.
Post a Comment

Thousands of Facebook Users Hit in Malware Distribution Campaign

7/1/2019
'Operation Tripoli' is another reminder why users cannot trust every link they see on social media sites.
Post a Comment

New Exploit for Microsoft Excel Power Query

6/27/2019
Proof-of-concept, which allows remote code execution, is latest to exploit Dynamic Data Exchange (DDE) and is another reminder why organizations must ensure Office settings are secure.
Post a Comment

7 Ways to Mitigate Supply Chain Attacks

6/27/2019
Breaches caused by external vendors and service providers have become a major and escalating problem for organizations.
Post a Comment

Email Threats Continue to Grow as Attackers Evolve, Innovate

6/25/2019
Threat actors increasingly using malicious URLs, HTTPS domains, file-sharing sites in email attacks, FireEye says.
Post a Comment

DDoS-for-Hire Services Doubled in Q1

6/24/2019
Impact of FBI's takedown of 15 'booter' domains last December appears to have been temporary.
Post a Comment

Customers of 3 MSPs Hit in Ransomware Attacks

6/20/2019
Early information suggests threat actors gained access to remote monitoring and management tools from Webroot and Kaseya to distribute malware.
Post a Comment

Inside the FBI's Fight Against Cybercrime

6/20/2019
Heavily outnumbered and outpaced by their targets, small FBI cybersquads have been quietly notching up major wins against online criminals operating out of home and abroad.
Post a Comment

Insecure Home IoT Devices a Clear and Present Danger to Corporate Security

6/19/2019
Avast-sponsored study shows wide prevalence of IoT devices, many with weak credentials and other security vulnerabilities.
Post a Comment

DHS Tests Remote Exploit for BlueKeep RDP Vulnerability

6/17/2019
Agency urges organizations with vulnerable systems to apply mitigations immediately.
Post a Comment

BlueKeep RDP Vulnerability a Ticking Time Bomb

6/13/2019
One month after Microsoft disclosed the flaw, nearly 1 million systems remain unpatched, and Internet scans looking for vulnerable systems have begun increasing.
Post a Comment

SQL Injection Attacks Represent Two-Third of All Web App Attacks

6/13/2019
When Local File Inclusion attacks are counted, nearly nine in 10 attacks are related to input validation failures, Akamai report shows.
Post a Comment

Cross-Site Scripting Errors Continue to Be Most Common Web App Flaw

6/11/2019
In vulnerability disclosure programs, organizations are paying more in total for XSS issues than any other vulnerability type, HackerOne says.
Post a Comment

Huawei Represents Massive Supply Chain Risk: Report

6/10/2019
The Chinese technology giant's enormous product and service footprint gives it access to more data than almost any other single organization, Recorded Future says.
Post a Comment

Vietnam Rises as Cyberthreat

6/5/2019
The country's rapid economic growth and other factors are driving an increase in cybercrime and cyber espionage activity.
Post a Comment

Carbanak Attack: Two Hours to Total Compromise

6/4/2019
Investigation of the cybercrime group's attack on an East European bank shows how some attackers require very little time to broaden their access and establish persistence on a network.
Post a Comment

Zebrocy APT Group Expands Malware Arsenal with New Backdoor Family

6/3/2019
Group's constant experimentation and malware changes are complicating efforts for defenders, Kaspersky Lab says.
Post a Comment

7 Recent Wins Against Cybercrime

5/24/2019
The increasing number of successful law enforcement actions and prosecutions suggest that cybercriminals have plenty of reason to be looking over their shoulders.
Post a Comment

DDoS Attacks Up in Q1 After Months of Steady Decline

5/22/2019
Sudden surge suggests that new actors have stepped up to the plate to replace the old operators.
Post a Comment

New Trickbot Variant Uses URL Redirection to Spread

5/20/2019
Switch in tactic is the latest attempt by operators of the prolific banking Trojan to slip past detection mechanisms.
Post a Comment

Q1 2019 Smashes Record For Most Reported Vulnerabilities in a Quarter

5/17/2019
Once again, a high-proportion of the reported flaws have no current fix, according to Risk Based Security.
Post a Comment

US Charges Members of GozNym Cybercrime Gang

5/16/2019
The FBI and counterparts from other nations say group infected over 41,000 computers with malware that steals banking credentials.
Post a Comment

GDPR Drives Changes, but Privacy by Design Proves Elusive

5/15/2019
One year later, the EU mandate's biggest impact has been to focus more attention on data protection and privacy, security analysts say.
Post a Comment

Korean APT Adds Rare Bluetooth Device-Harvester Tool

5/13/2019
ScarCruft has evolved into a skilled and resourceful threat group, new research shows.
Post a Comment

Data Dump Purportedly Reveals Details on Previously Unknown Iranian Threat Group

5/9/2019
Rana targets airline companies and others in well-planned, well-researched attacks, Israel's ClearSky says.
Post a Comment

2018 Arrests Have Done Little to Stop Marauding Threat Group

5/8/2019
In fact, FIN7's activities only appear to have broadened, according to a new report.
Post a Comment

Orgs Are Quicker to Disclose Breaches Reported to Them Via External Sources

5/7/2019
Companies that find a breach on their own take substantially longer to report a breach, a new analysis shows.
Post a Comment

Attackers Add a New Spin to Old Scams

5/6/2019
Scammers are figuring out unique ways of abusing cloud services to make their attacks look more genuine, Netskope says.
Post a Comment

New Exploits For Old Configuration Issues Heighten Risk for SAP Customers

5/2/2019
Exploits give attackers a way to create havoc in business-critical SAP ERP, CRM, SCM, and other environments, Onapsis says.
Post a Comment

Digital Ad-Fraud Losses Decline

5/1/2019
Even so, more work remains to be done to address online ad fraud operations that cause billions of dollars in losses annually for advertisers.
Post a Comment

Financial Data for Multiple Companies Dumped Online in Failed Extortion Bid

4/30/2019
Potential victims reportedly include Oracle, Volkswagen, Airbus and Porsche.
Post a Comment

Docker Forces Password Reset for 190,000 Accounts After Breach

4/29/2019
Organizations impacted by breach, which gave attackers illegal access to a database containing sensitive account information, need to check their container images.
Post a Comment

Security Vulns in Microsoft Products Continue to Increase

4/25/2019
The good news: Removing admin privileges can mitigate most of them, a new study by BeyondTrust shows.
Post a Comment

TA505 Abusing Legit Remote Admin Tool in String of Attacks

4/24/2019
Russian-speaking threat group has been targeting retailers and financial institutions in the US and abroad via a spear-phishing campaign.
Post a Comment

Exploits for Adobe Vulnerabilities Spiked in 2018

4/23/2019
With Flash Player on way out, attackers are renewing their focus on Acrobat Reader, RiskSense found.
Post a Comment

Trojanized TeamViewer Used in Targeted Attacks Against Multiple Embassies

4/22/2019
Motive remains unclear though financial theft appears to be one possibility, Check Point Research says.
Post a Comment

6 Takeaways from Ransomware Attacks in Q1

4/18/2019
Customized, targeted ransomware attacks were all the rage.
Post a Comment

Nation-State Hacker Group Hijacking DNS to Redirect Email, Web Traffic

4/17/2019
'Sea Turtle' group has compromised at least 40 national security organizations in 13 countries so far, Cisco Talos says.
Post a Comment

7 Tips for an Effective Employee Security Awareness Program

4/17/2019
Breaches and compliance requirements have heightened the need for continuous and effective employee training, security experts say.
Post a Comment

Threat Group Exploits Chrome Bug to Serve Malicious Ads to iOS Users

4/16/2019
A new exploit developed by eGobbler is allowing it to distribute malvertisements–more than 500 million to date–at huge scale, Confiant says.
Post a Comment

Microsoft Downplays Scope of Email Attack

4/15/2019
An unknown attacker used a support agent's credentials to access email content belonging to some Outlook, Hotmail users.
Post a Comment

Majority of Hotel Websites Leak Guest Booking Info

4/10/2019
Third parties such as ad, search engine, and analytics firms often have access to guest name, address, phone numbers, credit cards and other data, Symantec says.
Post a Comment

Verizon Patches Trio of Vulnerabilities in Home Router

4/9/2019
One of the flaws gives attackers way to gain root access to devices, Tenable says.
Post a Comment

'Exodus' iOS Surveillance Software Masqueraded as Legit Apps

4/8/2019
Italian firm appears to have developed spyware for lawful intercept purposes, Lookout says.
Post a Comment

Threat Group Employs Amazon-Style Fulfillment Model to Distribute Malware

4/4/2019
The operators of the Necurs botnet are using a collection of US-based servers to send out banking Trojans, ransomware, and other malware on behalf of other cybercriminals.
Post a Comment

Focus on Business Priorities Exposing Companies to Avoidable Cyber-Risk

4/3/2019
Despite the growing sophistication of threats and increase compliance requirements, a high percentage of organizations are continuing to compromise their security.
Post a Comment

Nuanced Approach Needed to Deal With Huawei 5G Security Concerns

4/1/2019
Governments need to adopt strategic approach for dealing with concerns over telecom vendor's suspected ties to China's intelligence apparatus, NATO-affiliated body says.
Post a Comment

New Android Trojan Targets 100+ Banking Apps

3/28/2019
'Gustuff' also designed to steal from cryptocurrency wallets, payment services, e-commerce apps.
Post a Comment

6 Things To Know About the Ransomware That Hit Norsk Hydro

3/27/2019
In just one week, 'LockerGoga' has cost the Norwegian aluminum maker $40 million as it struggles to recover operations across Europe and North America.
Post a Comment

ASUS 'ShadowHammer' Attack Underscores Trusted Third-Party Risks

3/26/2019
Taiwanese computer maker says it has fixed issue that allowed attackers to distribute malware via company's automatic software update mechanism.
Post a Comment

Attackers Compromise ASUS Software Update Servers to Distribute Malware

3/25/2019
ShadowHammer campaign latest to highlight dangers of supply chain attacks.
Post a Comment

Criminals Use One Line of Code to Steal Card Data from E-Commerce Sites

3/14/2019
New JavaScript sniffer is similar to malware used in the Magecart campaign last year that affected over 800 sites.
Post a Comment

Enterprise Cloud Infrastructure a Big Target for Cryptomining Attacks

3/13/2019
Despite the declining values of cryptocurrencies, criminals continue to hammer away at container management platforms, cloud APIs, and control panels.
Post a Comment

Web Apps Are Becoming Less Secure

3/12/2019
Critical vulnerabilities in Web applications tripled in 2018, according to a new study.
Post a Comment

Cryptominers Remain Top Threat but Coinhive's Exit Could Change That

3/11/2019
Coinhive has remained on top of Check Point Software's global threat index for 15 straight months.
Post a Comment

Phishing Attacks Evolve as Detection & Response Capabilities Improve

3/7/2019
Social engineering scam continued to be preferred attack vector last year, but attackers were forced to adapt and change.
Post a Comment

New Threat Group Using Old Technique to Run Custom Malware

3/6/2019
Whitefly is exploiting DLL hijacking with considerable success against organizations since at least 2017, Symantec says.
Post a Comment

Word Bug Allows Attackers to Sneak Exploits Past Anti-Malware Defenses

3/5/2019
Problem lies in the manner in which Word handles integer overflow errors in OLE file format, Mimecast says.
Post a Comment

Organizations Taking Less Time to Detect Breaches

3/5/2019
But by the time they became aware, attackers have been on their networks for more than six months, new 2018 data shows.
Post a Comment

Bounty Hunters Find 100K+ Bugs Under HackerOne Program in 2018

3/4/2019
Organizations signed up with the vulnerability disclosure platform shelled out a record $19 million for bug discoveries in their systems.
Post a Comment

Turkish Group Using Phishing Emails to Hijack Popular Instagram Profiles

2/28/2019
In some cases, attackers have demanded ransom, nude photos/videos of victims in exchange for stolen account, Trend Micro says.
Post a Comment

More Than 22,000 Vulns Were Disclosed in 2018, 27% Without Fixes

2/27/2019
As in previous years, input validation vulnerabilities accounted for a substantial proportion of total, Risk Based Security report shows.
Post a Comment

Social Media Platforms Double as Major Malware Distribution Centers

2/26/2019
Because many organizations tend to overlook or underestimate the threat, social media sites, including Facebook, Twitter, and Instagram, are a huge blind spot in enterprise defenses.
Post a Comment

Researchers Propose New Approach to Address Online Password-Guessing Attacks

2/21/2019
Recommended best practices not effective against certain types of attacks, they say.
Post a Comment

Insurer Offers GDPR-Specific Coverage for SMBs

2/20/2019
Companies covered under the EU mandate can get policies for up to $10 million for fines, penalties, and other costs.
Post a Comment

North Korea's Lazarus Group Targets Russian Companies For First Time

2/19/2019
In an unusual development, the group known for its attacks against companies in countries viewed as geopolitical foes is now going after companies in a country considered an ally, Check Point Software says.
Post a Comment

High Stress Levels Impacting CISOs Physically, Mentally

2/14/2019
Some have even turned to alcohol and medication to cope with pressure.
Post a Comment

2018 Was Second-Most Active Year for Data Breaches

2/13/2019
Hacking by external actors caused most breaches, but Web intrusions and exposures compromised more records, according to Risk Based Security.
Post a Comment

Devastating Cyberattack on Email Provider Destroys 18 Years of Data

2/12/2019
All data belonging to US users—including backup copies—have been deleted in catastrophe, VFEmail says.
Post a Comment

Experian: US Suffers the Most Online Fraud

2/11/2019
New data from the credit reporting firm shows the sheer scale of online activity in the US also has made businesses and consumers there prime targets.
Post a Comment

US Law Enforcement Busts Romanian Online Crime Operation

2/8/2019
Twelve members of 20-person group extradited to US to face charges related to theft of millions via fake ads other scams.
Post a Comment

Ransomware Attack Via MSP Locks Customers Out of Systems

2/7/2019
Vulnerable plugin for a remote management tool gave attackers a way to encrypt systems belonging to all customers of a US-based MSP.
Post a Comment

Some Airline Flight Online Check-in Links Expose Passenger Data

2/6/2019
Several airlines send unencrypted links to passengers for flight check-in that could be intercepted by attackers to view passenger and other data, researchers found.
Post a Comment

7 Tips for Communicating with the Board

2/6/2019
The key? Rather than getting bogged down in the technical details, focus on how a security program is addressing business risk.
Post a Comment