Profile of Jai Vijayan

Contributing Writer News & Commentary Posts: 877

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics including Big Data, Hadoop, Internet of Things, E-voting and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, IL.

Chinese APT Groups Targeted Enterprise Linux Systems in Decade-Long Data Theft Campaign

4/7/2020
Organizations across multiple industries compromised in a systematic effort to steal IP and other sensitive business data, BlackBerry says.
Post a Comment

More Attackers Have Begun Using Zero-Day Exploits

4/6/2020
Vendors of offensive cyber tools have made it easy for any threat group with the right funds to leverage unpatched bugs, FireEye says.
Post a Comment

Phishers Try 'Text Direction Deception' Technique to Bypass Email Filters

4/2/2020
With COVID-19 concerns running high, attackers are trying new tactics to get to users.
Post a Comment

Attackers Leverage Excel File Encryption to Deliver Malware

4/1/2020
Technique involves saving malicious Excel file as "read-only" and tricking users into opening it, Mimecast says.
Post a Comment

Researchers Uncover Unsophisticated - But Creative - Watering-Hole Attack

3/31/2020
Holy Water campaign is targeting users of a specific religious and ethnic group in Asia, Kaspersky says.
Post a Comment

Researchers Spot Sharp Increase in Zoom-Themed Domain Registrations

3/30/2020
Attackers are attempting to take advantage of the surge in teleworking prompted by COVID-19, Check Point says.
Post a Comment

Cyber Version of 'Justice League' Launches to Fight COVID-19 Related Hacks

3/26/2020
Goal is to help organizations — especially healthcare entities — protect against cybercriminals trying to take advantage of the pandemic.
Post a Comment

China-Based Threat Group Launches Widespread Malicious Campaign

3/26/2020
The motives behind the attacks remain unclear, but likely triggers include the ongoing trade war between the US and China and the unfolding COVID-19 pandemic.
Post a Comment

Automated Tools Make Cyberattacks Easier to Pull Off

3/24/2020
Gone are the days when threat actors had to actually spend time and effort planning and developing an attack on their own, Recorded Future says.
Post a Comment

Attack Surface, Vulnerabilities Increase as Orgs Respond to COVID-19 Crisis

3/20/2020
In typical fashion, attackers are gearing up to take advantage of the surge in teleworking prompted by the pandemic.
Post a Comment

Skimmer May Have Put NutriBullet Customers' Card Data at Risk for Nearly a Month

3/18/2020
Blender maker is the latest victim of Magecart.
Post a Comment

Many Ransomware Attacks Can be Stopped Before They Begin

3/17/2020
The tendency by many attackers to wait for the right time to strike gives defenders an opening, FireEye says.
Post a Comment

Russia-Based Turla APT Group's Infrastructure, Activity Traceable

3/12/2020
Threat actor's practice of using known malware and tactics gives an opening for defenders, says Recorded Future.
Post a Comment

Microsoft Discloses New Remote Execution Flaw in SMBv3

3/11/2020
A patch for the flaw is not yet available, but there are no known exploits -- so far.
Post a Comment

Researchers Develop New Side-Channel Attacks on Intel CPUs

3/10/2020
Load Value Injection (LVI) takes advantage of speculative execution processes just like Meltdown and Spectre, say security researchers from Bitdefender and several universities.
Post a Comment

New Ransomware Variant Developed Entirely as Shellcode

3/6/2020
PwndLocker is harder to detect than other crypto-malware, Crypsis Group says.
Post a Comment

Attackers Distributing Malware Under Guise of Security Certificate Updates

3/5/2020
Approach is a twist to the old method of using fake software, browser updates, Kaspersky says.
Post a Comment

Let's Encrypt Revokes Over 3 Million of Its Digital Certs

3/4/2020
Domain validation glitch prompts an abrupt decision.
Post a Comment

Why Threat Intelligence Gathering Can Be a Legal Minefield

3/2/2020
In new guidance, the Department of Justice says security researchers and organizations run real risks when gathering threat intelligence or dealing with criminals in underground online marketplaces.
Post a Comment

6 Truths About Disinformation Campaigns

2/28/2020
Disinformation goes far beyond just influencing election outcomes. Here's what security pros need to know.
Post a Comment

Report: Shadow IoT Emerging as New Enterprise Security Problem

2/25/2020
Much of the traffic egressing enterprise networks are from poorly protected Internet-connected consumer devices, a Zscaler study finds.
Post a Comment

Popular Mobile Document-Management Apps Put Data at Risk

2/20/2020
Most iOS and Android apps that Cometdocs has published on Google and Apple app stores transmit entire documents - unencrypted.
Post a Comment

Researchers Fool Smart Car Camera with a 2-Inch Piece of Electrical Tape

2/19/2020
McAfee researchers say they were able to get a Tesla to autonomously accelerate by tricking its camera platform into misreading a speed-limit sign.
Post a Comment

The Trouble with Free and Open Source Software

2/18/2020
Insecure developer accounts, legacy software, and nonstandard naming schemes are major problems, Linux Foundation and Harvard study concludes.
Post a Comment

Phishing Campaign Targets Mobile Banking Users

2/14/2020
Consumers in dozens of countries were targeted, Lookout says.
Post a Comment

Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems

2/13/2020
The new threat model hones in on ML security at the design state.
Post a Comment

Third-Party Breaches — and the Number of Records Exposed — Increased Sharply in 2019

2/12/2020
Each breach exposed an average of 13 million records, Risk Based Security found.
Post a Comment

Researchers Reveal How Smart Lightbulbs Can Be Hacked to Attack

2/6/2020
New exploit builds on previous research involving Philips Hue Smart Bulbs.
Post a Comment

Majority of Network, App-Layer DDoS Attacks in 2019 Were Small

2/5/2020
Attacks turned to cheaper, shorter attacks to try and disrupt targets, Imperva analysis shows.
Post a Comment

8 of the 10 Most Exploited Bugs Last Year Involved Microsoft Products

2/4/2020
Six of them were the same as from the previous year, according to new Recorded Future analysis.
Post a Comment

Attackers Actively Targeting Flaw in Door-Access Controllers

2/3/2020
There's been a sharp increase in scans for vulnerable Nortek Linear Emerge E3 systems, SonicWall says.
Post a Comment

Android Malware for Mobile Ad Fraud Spiked Sharply in 2019

1/30/2020
Some 93% of all mobile transactions across 20 countries were blocked as fraudulent, Upstream says.
Post a Comment

Number of Botnet Command & Control Servers Soared in 2019

1/29/2020
Servers worldwide that were used to control malware-infected systems jumped more than 71% compared to 2018, Spamhaus says.
Post a Comment

Emerging Long-Range WAN Networks Vulnerable to Hacking, Compromise

1/28/2020
The root keys used to protect communication on LoRaWAN infrastructure can be easily obtained, IOActive says.
Post a Comment

Average Ransomware Payments More Than Doubled in Q4 2019

1/27/2020
Ransomware attackers collected an average of around $84,000 from victim organizations, up from $41,000 in Q3 of 2018, Coveware says.
Post a Comment

The Annoying MacOS Threat That Won't Go Away

1/23/2020
In two years, the adware-dropping Shlayer Trojan has spread to infect one in 10 MacOS systems, Kaspersky says.
Post a Comment

To Avoid Disruption, Ransomware Victims Continue to Pay Up

1/23/2020
For all the cautions against doing so, one-third of organizations in a Proofpoint survey said they paid their attackers after getting infected with ransomware.
Post a Comment

China-Based Cyber Espionage Group Reportedly Behind Breach at Mitsubishi Electric

1/21/2020
Personal data on over 8,100 individuals and confidential business information likely exposed in June 2019 incident.
Post a Comment

New Attack Campaigns Suggest Emotet Threat Is Far From Over

1/16/2020
Malware described by the DHS as among the worst ever continues to evolve and grow, researchers from Cisco Talos, Cofense, and Check Point Software say.
Post a Comment

2017 Data Breach Will Cost Equifax at Least $1.38 Billion

1/15/2020
Company agrees to set aside a minimum of $380.5 million as breach compensation and spend another $1 billion on transforming its information security over the next five years. The 147 million US consumers affected by the breach have one week from today to file a claim.
Post a Comment

Cloud Adoption & Technology Change Create Gaps in Enterprise Security

1/14/2020
Many companies are struggling to get a handle on risk exposure because of visibility issues, Radware survey shows.
Post a Comment

Exploits Released for As-Yet Unpatched Critical Citrix Flaw

1/13/2020
Organizations need to apply mitigations for vulnerability in Citrix Application Delivery Controller and Citrix Gateway ASAP, security researchers say.
Post a Comment

TrickBot Group Adds New PowerShell-Based Backdoor to Arsenal

1/9/2020
PowerTrick is sort of a custom-version of PowerShell Empire and can be used to download additional malware, SentinelOne says.
Post a Comment

DHS Warns of Potential Iranian Cyberattacks

1/7/2020
Recent US military action in Baghdad could prompt retaliatory attacks against US organizations, it says.
Post a Comment

Widely Known Flaw in Pulse Secure VPN Being Used in Ransomware Attacks

1/6/2020
New Year's Eve attack on currency exchange service Travelex may have involved use of the flaw.
Post a Comment

Ransomware Situation Goes From Bad to Worse

12/26/2019
New malware distribution techniques and functionality updates are sure to put more pressure on enterprise organizations in 2020.
Post a Comment

China-Based Cyber Espionage Group Targeting Orgs in 10 Countries

12/19/2019
Dozens of organizations across multiple sectors have become victims of APT20 in the past two years.
Post a Comment

Facebook Fixes WhatsApp Group Chat Security Issue

12/17/2019
Flaw allowed attackers to repeatedly crash group chat and force users to uninstall and reinstall app, Check Point says.
Post a Comment

Weak Crypto Practice Undermining IoT Device Security

12/16/2019
Keyfactor says it was able to break nearly 250,000 distinct RSA keys - many associated with routers, wireless access points, and other Internet-connected devices.
Post a Comment

Visa Warns of Targeted PoS Attacks on Gas Station Merchants

12/13/2019
At least two North American chains have been hit in sophisticated new campaigns for stealing payment card data.
Post a Comment

Lessons Learned from 7 Big Breaches in 2019

12/13/2019
Capital One, Macy's, FEMA, and others: key takeaways from the year's most notable breaches.
Post a Comment

Cyberattacks on Retailers Could Increase 20% this Holiday Season

12/12/2019
Commodity malware and ransomware continue to be the biggest threats, says VMWare Carbon Black.
Post a Comment

Trickbot Operators Now Selling Attack Tools to APT Actors

12/11/2019
North Korea's Lazarus Group - of Sony breach and WannaCry fame - is among the first customers.
Post a Comment

How Attackers Used Look-Alike Domains to Steal $1 Million From a Chinese VC

12/6/2019
Money meant to fund an Israeli startup wound up directly deposited to the scammers.
Post a Comment

US Sets $5 Million Bounty For Russian Hacker Behind Zeus Banking Thefts

12/5/2019
Maksim Yakubets and his crew stole tens of millions using Zeus and Dridex, with victims including Bank of America, Key Bank, GenLabs, and United Dairy, DoJ says.
Post a Comment

Shades of Shamoon: New Disk-Wiping Malware Targets Middle East Orgs

12/4/2019
'ZeroCleare' shares some of the same features as its more notorious predecessor, IBM Security says.
Post a Comment

Kali Linux Gets New Desktop Environment & Undercover Theme

12/2/2019
Updates to pen-testing platform are designed to improve performance and user interface, says Offensive Security, maintainer of the open source project.
Post a Comment

SQL Injection Errors No Longer the Top Software Security Issue

11/27/2019
In newly updated Common Weakness Enumeration (CWE), SQL injection now ranks sixth.
Post a Comment

'Dexphot': A Sophisticated, Everyday Threat

11/26/2019
Though the cryptominer has received little attention, it exemplifies the complexity of modern malware, Microsoft says.
Post a Comment

Most Organizations Have Incomplete Vulnerability Information

11/25/2019
Companies that rely solely on CVE/NVD are missing 33% of disclosed flaws, Risk Based Security says.
Post a Comment

Leaks of NSA, CIA Tools Have Leveled Nation-State Cybercriminal Capabilities

11/21/2019
The wide availability of tools leaked by the Shadow Brokers and WikiLeaks in 2016 and 2017 have given emerging cyber powers a way to catch up, DarkOwl says.
Post a Comment

As Retailers Prepare for the Holiday Season, So Do Cybercriminals

11/20/2019
Online shoppers need to be wary about domain spoofing, fraudulent giveaways, and other scams, ZeroFOX study shows.
Post a Comment

Ransomware Surge & Living-Off-the-Land Tactics Remain Big Threats

11/19/2019
Group-IB's and Rapid7's separate analysis of attack activity in recent months shows threat actors are making life harder for enterprise organizations in a variety of ways.
Post a Comment

GitHub Initiative Seeks to Secure Open Source Code

11/18/2019
New Security Lab will give researchers, developers, code maintainers, and organizations a way to coordinate efforts on addressing vulnerabilities.
Post a Comment

Symantec, McAfee Patch Privilege Escalation Bugs

11/14/2019
All versions of endpoint protection software from both vendors were susceptible to near identical issue, SafeBreach says.
Post a Comment

Self-Cleaning Payment Card-Skimmer Infects E-Commerce Sites

11/13/2019
'Pipka' JavaScript skimmer has infected at least 16 e-commerce websites so far, according to Visa's Payment Fraud Disruption Group.
Post a Comment

While CISOs Fret, Business Leaders Tout Security Robustness

11/12/2019
A new Nominet survey shows a familiar disconnect between business and security teams on the matter of cyber preparedness.
Post a Comment

New DDoS Attacks Leverage TCP Amplification

11/12/2019
Attackers over the past month have been using a rarely seen approach to disrupt services at large organizations in several countries.
Post a Comment

Bugcrowd Pays Out Over $500K in Bounties in One Week

11/8/2019
In all, bug hunters from around the world submitted over 6,500 vulnerabilities in October alone.
Post a Comment

Twitter & Trend Micro Fall Victim to Malicious Insiders

11/7/2019
The companies are the latest on a long and growing list of organizations that have fallen victim to users with legitimate access to enterprise systems and data.
Post a Comment

Kaspersky Analysis Shines Light on DarkUniverse APT Group

11/7/2019
Threat actor was active between 2009 and 2017, targeting military, government, and private organizations.
Post a Comment

Microsoft Security Setting Ironically Increases Risks for Office for Mac Users

11/4/2019
Excel's handling of an old macro format gives unauthenticated remote attackers a way to take control of vulnerable systems, Carnegie Mellon's CERT/CC says.
Post a Comment

Chinese Cyber Espionage Group Steals SMS Messages via Telco Networks

10/31/2019
APT41's new campaign is latest to highlight trend by Chinese threat groups to attack upstream service providers as a way to reach its intended targets, FireEye says.
Post a Comment

Facebook Says Israeli Firm Was Involved in Recent WhatsApp Intrusion

10/30/2019
Evidence suggests NSO Group used WhatsApps servers to distribute mobile spyware to targeted devices.
Post a Comment

8 Trends in Vulnerability and Patch Management

10/30/2019
Unpatched flaws continue to be a major security issue for many organizations.
Post a Comment

Apple Boots 17 Trojan-Laden Apps From Mobile Store

10/24/2019
Malware was designed to carry out click-fraud, Wandera says.
Post a Comment

Oracle Releases Free Tool for Monitoring Internet Routing Security

10/23/2019
IXP Filter Check gives Internet Exchange Points a way to verify whether they are properly filtering out incorrect and malicious routes.
Post a Comment

About 50% of Apps Are Accruing Unaddressed Vulnerabilities

10/22/2019
In rush to fix newly discovered security issues, developers are neglecting to address older ones, Veracode study finds.
Post a Comment

Russian Hackers Using Iranian APT's Infrastructure in Widespread Attacks

10/21/2019
New advisory from the UK's NCSC and the NSA throws fresh light on activity first revealed by Symantec in June.
Post a Comment

Debug Feature in Web Dev Tool Exposed Trump Campaign Site, Others to Attack

10/17/2019
The problem is not with the tool itself but with how some developers and administrators are using it, Comparitech says.
Post a Comment

Typosquatting Websites Proliferate in Run-up to US Elections

10/16/2019
People who mistype the URL for their political candidate or party's website could end up on an opposing party or candidate's website, Digital Shadow's research shows.
Post a Comment

Targeted Ransomware Attacks Show No Signs of Abating

10/15/2019
Criminals are becoming more sophisticated and targeted in going after enterprise organizations, a new Q2/Q3 report finds.
Post a Comment

Cyber Theft, Humint Helped China Cut Corners on Passenger Jet

10/14/2019
Beijing likely saved a lot of time and billions of dollars by copying components for its C919 plane from others, a new report from CrowdStrike says.
Post a Comment

AppSec 'Spaghetti on the Wall' Tool Strategy Undermining Security

10/10/2019
At many organizations, the attitude to securing software appears to be throwing a lot of technology at the problem, a new study finds.
Post a Comment

Virginia a Hot Spot For Cybersecurity Jobs

10/9/2019
State has highest number of people in information security roles and the most current job openings, Comparitech study finds.
Post a Comment

Most US Presidential Campaign Websites Offer Little Privacy Protection

10/8/2019
New audit finds that privacy policies on 70% of the sites have no limits on data sharing.
Post a Comment

Iranian Cyberattack on US Presidential Campaign Could Be a Sign of Things to Come

10/8/2019
Political parties and election systems will be heavily targeted in the months leading up to the 2020 general elections, some security experts say.
Post a Comment

Facebook Patches Critical WhatsApp Security Flaw

10/3/2019
Bug gives attackers a way to use GIF images to steal data from Android devices running the message app.
Post a Comment

Millions More Embedded Devices Contain Vulnerable IPnet Software

10/2/2019
FDA, DHS issue fresh warnings on easily exploitable URGENT/11 flaws in medical, SCADA systems, industrial controllers, and other devices.
Post a Comment

New Malware Campaign Targets US Petroleum Companies

10/1/2019
Attackers are using an obfuscated version of Adwind Remote Access Trojan for stealing data, Netskope says.
Post a Comment

Baltimore Reportedly Had No Data Backup Process for Many Systems

9/30/2019
City lost key data in a ransomware attack earlier this year that's already cost more than $18.2 million in recovery and related expenses.
Post a Comment

Mass Exploitation of vBulletin Flaw Raises Alarm

9/26/2019
The remote code execution bug was a 0-day when it was publicly disclosed Monday, but has now been patched.
Post a Comment

GandCrab Developers Behind Destructive REvil Ransomware

9/25/2019
Code similarities show a definite technical link between the malware strains, Secureworks says.
Post a Comment

5 Updates from PCI SSC That You Need to Know

9/25/2019
As payment technologies evolve, so do the requirements for securing cardholder data.
Post a Comment

Startup Cowbell Cyber Launches 'Continuous Underwriting' Platform

9/24/2019
New inside-out approach will give SMBs a way to buy insurance coverage based on a realistic and ongoing assessment of their risk, company says.
Post a Comment

Cloudflare Introduces 'Bot Fight Mode' Option for Site Operators

9/24/2019
Goal is to help websites detect and block bad bot traffic, vendor says.
Post a Comment

Lion Air the Latest to Get Tripped Up by Misconfigured AWS S3

9/19/2019
The breach, which reportedly exposed data on millions of passengers, is one of many that have resulted from organizations leaving data publicly accessible in cloud storage buckets.
Post a Comment

WannaCry Detections At An All-Time High

9/18/2019
More than 12,000 variants of the infamous malware are targeting systems that are still open to the EternalBlue exploit - but the potential danger is low, Sophos warns.
Post a Comment

US Turning Up the Heat on North Korea's Cyber Threat Operations

9/16/2019
Sanctions on North Korean nation-state hacking groups came amid reports of fresh malicious campaigns directed at US entities from the isolated nation.
Post a Comment

Indictments Do Little to Stop Iranian Group from New Attacks on Universities

9/12/2019
Cobalt Dickens targeted more than 60 universities in the US and elsewhere this summer, according to a new report.
Post a Comment