6 Takeaways from Ransomware Attacks in Q1
4/18/2019Customized, targeted ransomware attacks were all the rage.
Post a Comment
Author
Profile of Jai Vijayan
Freelance writer News & Commentary Posts: 696Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics including Big Data, Hadoop, Internet of Things, E-voting and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, IL.
Articles by Jai Vijayan
Customized, targeted ransomware attacks were all the rage.
Post a Comment
Nation-State Hacker Group Hijacking DNS to Redirect Email, Web Traffic
4/17/2019'Sea Turtle' group has compromised at least 40 national security organizations in 13 countries so far, Cisco Talos says.
Post a Comment
7 Tips for an Effective Employee Security Awareness Program
4/17/2019Breaches and compliance requirements have heightened the need for continuous and effective employee training, security experts say.
Post a Comment
Threat Group Exploits Chrome Bug to Serve Malicious Ads to iOS Users
4/16/2019A new exploit developed by eGobbler is allowing it to distribute malvertisements–more than 500 million to date–at huge scale, Confiant says.
Post a Comment
Microsoft Downplays Scope of Email Attack
4/15/2019An unknown attacker used a support agent's credentials to access email content belonging to some Outlook, Hotmail users.
Post a Comment
Majority of Hotel Websites Leak Guest Booking Info
4/10/2019Third parties such as ad, search engine, and analytics firms often have access to guest name, address, phone numbers, credit cards and other data, Symantec says.
Post a Comment
Verizon Patches Trio of Vulnerabilities in Home Router
4/9/2019One of the flaws gives attackers way to gain root access to devices, Tenable says.
Post a Comment
'Exodus' iOS Surveillance Software Masqueraded as Legit Apps
4/8/2019Italian firm appears to have developed spyware for lawful intercept purposes, Lookout says.
Post a Comment
Threat Group Employs Amazon-Style Fulfillment Model to Distribute Malware
4/4/2019The operators of the Necurs botnet are using a collection of US-based servers to send out banking Trojans, ransomware, and other malware on behalf of other cybercriminals.
Post a Comment
Focus on Business Priorities Exposing Companies to Avoidable Cyber-Risk
4/3/2019Despite the growing sophistication of threats and increase compliance requirements, a high percentage of organizations are continuing to compromise their security.
Post a Comment
Nuanced Approach Needed to Deal With Huawei 5G Security Concerns
4/1/2019Governments need to adopt strategic approach for dealing with concerns over telecom vendor's suspected ties to China's intelligence apparatus, NATO-affiliated body says.
Post a Comment
New Android Trojan Targets 100+ Banking Apps
3/28/2019'Gustuff' also designed to steal from cryptocurrency wallets, payment services, e-commerce apps.
Post a Comment
6 Things To Know About the Ransomware That Hit Norsk Hydro
3/27/2019In just one week, 'LockerGoga' has cost the Norwegian aluminum maker $40 million as it struggles to recover operations across Europe and North America.
Post a Comment
ASUS 'ShadowHammer' Attack Underscores Trusted Third-Party Risks
3/26/2019Taiwanese computer maker says it has fixed issue that allowed attackers to distribute malware via company's automatic software update mechanism.
Post a Comment
Attackers Compromise ASUS Software Update Servers to Distribute Malware
3/25/2019ShadowHammer campaign latest to highlight dangers of supply chain attacks.
Post a Comment
Criminals Use One Line of Code to Steal Card Data from E-Commerce Sites
3/14/2019New JavaScript sniffer is similar to malware used in the Magecart campaign last year that affected over 800 sites.
Post a Comment
Enterprise Cloud Infrastructure a Big Target for Cryptomining Attacks
3/13/2019Despite the declining values of cryptocurrencies, criminals continue to hammer away at container management platforms, cloud APIs, and control panels.
Post a Comment
Web Apps Are Becoming Less Secure
3/12/2019Critical vulnerabilities in Web applications tripled in 2018, according to a new study.
Post a Comment
Cryptominers Remain Top Threat but Coinhive's Exit Could Change That
3/11/2019Coinhive has remained on top of Check Point Software's global threat index for 15 straight months.
Post a Comment
Phishing Attacks Evolve as Detection & Response Capabilities Improve
3/7/2019Social engineering scam continued to be preferred attack vector last year, but attackers were forced to adapt and change.
Post a Comment
New Threat Group Using Old Technique to Run Custom Malware
3/6/2019Whitefly is exploiting DLL hijacking with considerable success against organizations since at least 2017, Symantec says.
Post a Comment
Word Bug Allows Attackers to Sneak Exploits Past Anti-Malware Defenses
3/5/2019Problem lies in the manner in which Word handles integer overflow errors in OLE file format, Mimecast says.
Post a Comment
Organizations Taking Less Time to Detect Breaches
3/5/2019But by the time they became aware, attackers have been on their networks for more than six months, new 2018 data shows.
Post a Comment
Bounty Hunters Find 100K+ Bugs Under HackerOne Program in 2018
3/4/2019Organizations signed up with the vulnerability disclosure platform shelled out a record $19 million for bug discoveries in their systems.
Post a Comment
Turkish Group Using Phishing Emails to Hijack Popular Instagram Profiles
2/28/2019In some cases, attackers have demanded ransom, nude photos/videos of victims in exchange for stolen account, Trend Micro says.
Post a Comment
More Than 22,000 Vulns Were Disclosed in 2018, 27% Without Fixes
2/27/2019As in previous years, input validation vulnerabilities accounted for a substantial proportion of total, Risk Based Security report shows.
Post a Comment
Social Media Platforms Double as Major Malware Distribution Centers
2/26/2019Because many organizations tend to overlook or underestimate the threat, social media sites, including Facebook, Twitter, and Instagram, are a huge blind spot in enterprise defenses.
Post a Comment
Researchers Propose New Approach to Address Online Password-Guessing Attacks
2/21/2019Recommended best practices not effective against certain types of attacks, they say.
Post a Comment
Insurer Offers GDPR-Specific Coverage for SMBs
2/20/2019Companies covered under the EU mandate can get policies for up to $10 million for fines, penalties, and other costs.
Post a Comment
North Korea's Lazarus Group Targets Russian Companies For First Time
2/19/2019In an unusual development, the group known for its attacks against companies in countries viewed as geopolitical foes is now going after companies in a country considered an ally, Check Point Software says.
Post a Comment
High Stress Levels Impacting CISOs Physically, Mentally
2/14/2019Some have even turned to alcohol and medication to cope with pressure.
Post a Comment
2018 Was Second-Most Active Year for Data Breaches
2/13/2019Hacking by external actors caused most breaches, but Web intrusions and exposures compromised more records, according to Risk Based Security.
Post a Comment
Devastating Cyberattack on Email Provider Destroys 18 Years of Data
2/12/2019All data belonging to US users—including backup copies—have been deleted in catastrophe, VMEmail says.
Post a Comment
Experian: US Suffers the Most Online Fraud
2/11/2019New data from the credit reporting firm shows the sheer scale of online activity in the US also has made businesses and consumers there prime targets.
Post a Comment
US Law Enforcement Busts Romanian Online Crime Operation
2/8/2019Twelve members of 20-person group extradited to US to face charges related to theft of millions via fake ads other scams.
Post a Comment
Ransomware Attack Via MSP Locks Customers Out of Systems
2/7/2019Vulnerable plugin for a remote management tool gave attackers a way to encrypt systems belonging to all customers of a US-based MSP.
Post a Comment
Some Airline Flight Online Check-in Links Expose Passenger Data
2/6/2019Several airlines send unencrypted links to passengers for flight check-in that could be intercepted by attackers to view passenger and other data, researchers found.
Post a Comment
7 Tips for Communicating with the Board
2/6/2019The key? Rather than getting bogged down in the technical details, focus on how a security program is addressing business risk.
Post a Comment
Cybercriminals Exploit Gmail Feature to Scale Up Attacks
2/5/2019Criminals are taking advantage of Gmail's 'dots don't matter' feature to set up multiple fraudulent accounts on websites, using variations of the same email address, Agari says.
Post a Comment
Massive DDoS Attack Generates 500 Million Packets per Second
1/30/2019January 10 torrent involved nearly four times as many packets as last year's huge attack on GitHub, says Imperva.
Post a Comment
Microsoft Exchange Vuln Enables Attackers to Gain Domain Admin Privileges
1/29/2019Anyone with access to an Exchange mailbox can take control of domain, security researcher says.
Post a Comment
US Law Enforcement Shuts Down Massive Marketplace for Compromised Servers
1/28/2019At its peak, xDedic listed over 70,000 owned servers that buyers could purchase for prices starting as low as $6 each.
Post a Comment
Database of 24 Million Mortgage, Loan Records Left Exposed Online
1/24/2019Breach latest example of how misconfigurations, human errors undermine security in a big way, experts say.
Post a Comment
'Anatova' Emerges as Potentially Major New Ransomware Threat
1/23/2019Modular design, ability to infect network shares make the malware dangerous, McAfee says.
Post a Comment
Stealthy New DDoS Attacks Target Internet Service Providers
1/22/2019Adversaries took advantage of the large attack surface of large communications networks to spread small volumes of junk traffic across hundreds of IP prefixes in Q3 2018, Nexusguard says.
Post a Comment
VC Investments in Cybersecurity Hit Record Highs in 2018
1/18/2019But rate of funding appears unsustainable, according to Strategic Cyber Ventures.
Post a Comment
773 Million Email Addresses, 21 Million Passwords For Sale on Hacker Forum
1/17/2019Data appears to be from multiple breaches over past few years, says researcher who discovered it.
Post a Comment
BEC Groups Ramp Up Payroll Diversion Attacks
1/16/2019Criminals are increasingly trying to defraud businesses by diverting payrolls of CEOs, other senior executives, Agari says.
Post a Comment
Cryptomining Continues to Be Top Malware Threat
1/14/2019Tools for illegally mining Coinhive, Monero, and other cryptocurrency dominate list of most prevalent malware in December 2018.
Post a Comment
DNS Hijacking Campaign Targets Organizations Globally
1/10/2019A group believed to be operating out of Iran has manipulated DNS records belonging to dozens of firms in an apparent cyber espionage campaign, FireEye says.
Post a Comment
Kaspersky Lab Helped US Nab NSA Data Thief: Report
1/9/2019But this new development unlikely to do much to clear government suspicions about security vendor's ties to Russian intelligence, analyst says.
Post a Comment
20-Year-Old Student Admits to Massive Data Leak in Germany
1/8/2019Hack was not politically motivated; no sign of third-party involvement, authorities say.
Post a Comment
Data on Hundreds of German Politicians Published Online in Massive Compromise
1/4/2019Authorities are investigating if breach resulted from a leak or a cyberattack.
Post a Comment
Ex-NSA Contractor Was a Suspect In Shadow Brokers Leak
1/2/2019New court document shows law enforcement suspected possible involvement of Harold Martin in Shadow Brokers' release of classified NSA hacking tools.
Post a Comment
APT10 Indictments Show Expansion of MSP Targeting, Cloud Hopper Campaign
12/21/2018US brings more indictments against the APT10 cyber espionage group operating in China for its Operation Cloud Hopper campaign against managed service providers, but what will those indictments accomplish?
Post a Comment
NASA Investigating Breach That Exposed PII on Employees, Ex-Workers
12/19/2018Incident is latest manifestation of continuing security challenges at agency, where over 3,000 security incidents have been reported in recent years.
Post a Comment
Memes on Twitter Used to Communicate With Malware
12/18/2018Steganography via tweet images gave attackers a way to pass on malicious instructions to Trojan, researchers say.
Post a Comment
Disk-Wiping 'Shamoon' Malware Resurfaces With File-Erasing Malware in Tow
12/17/2018As with previous attacks, organizations in the Middle East appear to be main targets, Symantec says.
Post a Comment
Despite Breaches, Many Organizations Struggle to Quantify Cyber-Risks to Business
12/13/2018Enterprises are struggling with familiar old security challenges as a result, new survey shows.
Post a Comment
U.S. Defense, Critical Infrastructure Companies Targeted in New Threat Campaign
12/12/2018McAfee finds malware associated with 'Operation Sharpshooter' on systems belonging to at least 87 organizations.
Post a Comment
Attackers Using New Exploit Kit to Hijack Home & Small Office Routers
12/11/2018Goal is to steal banking credentials by redirecting users to phishing sites.
Post a Comment
Satan Ransomware Variant Exploits 10 Server-Side Flaws
12/10/2018Windows, Linux systems vulnerable to self-propagating 'Lucky' malware, security researchers say.
Post a Comment
Criminals Use Locally Connected Devices to Attack, Loot Banks
12/7/2018Tens of millions of dollars stolen from at least eight banks in East Europe, Kasperksy Lab says.
Post a Comment
7 Common Breach Disclosure Mistakes
12/6/2018How you report a data breach can have a big impact on its fallout.
Post a Comment
Symantec Intros USB Scanning Tool for ICS Operators
12/5/2018ICSP Neural is designed to address USB-borne malware threats.
Post a Comment
Overall Volume of Thanksgiving Weekend Malware Attacks Lower This Year
11/29/2018But ransomware attacks go through the roof, new threat data from SonicWall shows.
Post a Comment
Dell Forces Password Reset for Online Customers Following Data Breach
11/29/2018Move prompts questions about scope of intrusion and strength of company's password hashing.
Post a Comment
Incorrect Assessments of Data Value Putting Organizations at Risk
11/28/2018Information security groups often underestimate or overestimate the true value of data assets, making it harder to prioritize controls.
Post a Comment
New Hacker Group Behind 'DNSpionage' Attacks in Middle East
11/27/2018Motives are not fully clear, though data exfiltration is one possibility, Cisco Talos says.
Post a Comment
Mirai Evolves From IoT Devices to Linux Servers
11/21/2018Netscout says it has observed at least one dozen Mirai variants attempting to exploit a recently disclosed flaw in Hadoop YARN on Intel servers.
Post a Comment
Russia Linked Group Resurfaces With Large-Scale Phishing Campaign
11/20/2018APT29/Cozy Bear is targeting individuals in military, government, and other sectors via email purporting to be from US State Department.
Post a Comment
Securities Markets at High Risk of Cyberattack
11/19/2018A report by BAE Systems and SWIFT shows that financial market areas such as equities trading, bonds, and derivatives face more threats than banking, forex, and trade finance.
Post a Comment
Congress Passes Bill to Create New Federal Cybersecurity Agency
11/15/2018Cybersecurity and Infrastructure Security Agency Act now headed to President Trump for signing into law.
Post a Comment
Small-Time Cybercriminals Landing Steady Low Blows
11/14/2018High-end crime groups are acquiring the sorts of sophisticated capabilities only nation-states once had, while low-tier criminals maintain a steady stream of malicious activity, from cryptomining to PoS malware.
Post a Comment
2018 on Track to Be One of the Worst Ever for Data Breaches
11/12/2018A total of 3,676 breaches involving over 3.6 billion records were reported in the first nine months of this year alone.
Post a Comment
Symantec Uncovers North Korean Group's ATM Attack Malware
11/8/2018Lazarus Group has been using FastCash Trojan on obsolete AIX servers to empty tens of millions of dollars from ATMs.
Post a Comment
Crytpocurrency Exchange Targeted Via Attack on Web Traffic Analysis Firm
11/7/2018"Island-hopping" attackers breached StatCounter so they could get to users of gate.io.
Post a Comment
20 Cybersecurity Firms to Watch
11/7/2018A look at some of the more interesting investments, acquisitions, and strategic moves in the security sector over the past year.
Post a Comment
Critical Encryption Bypass Flaws in Popular SSDs Compromise Data Security
11/6/2018Vulnerabilities in Samsung, Crucial storage devices enable data recovery without a password or decryption key, researchers reveal.
Post a Comment
Ex-Employees Allegedly Steal Micron Trade Secrets Valued At Over $400 Million
11/2/2018Three individuals who worked for DRAM maker's Taiwan subsidiary stole Micron IP to benefit company controlled by China's government, US says in indictment.
Post a Comment
Destructive Cyberattacks Spiked in Q3
10/30/2018Instead of simply fleeing when discovered, adversaries are actively engaging with incident response teams, a new Carbon Black study finds.
Post a Comment
Security Implications of IBM-Red Hat Merger Unclear
10/29/2018But enterprises and open source community likely have little to be concerned about, industry experts say.
Post a Comment
County Election Websites Can Be Easily Spoofed to Spread Misinformation
10/25/2018Majority of county sites in 20 key swing states have non-.gov domains and don't enforce use of SSL, McAfee researchers found.
Post a Comment
ICS Networks Continue to be Soft Targets For Cyberattacks
10/24/2018CyberX study shows that many industrial control system environments are riddled with vulnerabilities.
Post a Comment
Russian Research Institute Was Actively Involved In TRITON ICS Attack Activity
10/23/2018Data shows with a high degree of confidence that Moscow-based Central Scientific Research Institute of Chemistry and Mechanics helped develop and refine malware, FireEye says.
Post a Comment
Facebook Rumored to Be Hunting for Major Cybersecurity Acquisition
10/22/2018Goal appears both a bid to bolster its own security and its tattered reputation for privacy, according to reporting by The Information.
Post a Comment
Cyber Espionage Campaign Reuses Code from China's APT1
10/18/2018US, Canadian organizations in crosshairs of group with apparent links to a Chinese military hacking unit that wreaked havoc several years ago.
Post a Comment
3 Years After Attacks on Ukraine Power Grid, BlackEnergy Successor Poses Growing Threat
10/17/2018In what could be a precursor to future attacks, GreyEnergy is targeting critical infrastructure organizations in Central and Eastern Europe.
Post a Comment
FICO & US Chamber of Commerce Score Cyber-Risk Across 10 Sectors
10/16/2018Media, telecom, and technology firms are far more likely to experience a data breach in the near future than organizations in sectors including energy, construction, and transportation.
Post a Comment
Chinese Intelligence Officer Under Arrest for Trade Secret Theft
10/11/2018Yanjun Xu attempted to steal data on advanced aviation technology that GE Aviation, among others, had spent billions developing.
Post a Comment
New Threat Group Conducts Malwareless Cyber Espionage
10/10/2018Gallmaker group is relying exclusively on legitimate tools and living-off-the-land tactics to make detection very difficult.
Post a Comment
Lesser Skilled Cybercriminals Adopt Nation-State Hacking Methods
10/9/2018The trend underscores the need for organizations of all sizes to be prepared to detect and respond to threats faster, CrowdStrike says.
Post a Comment
US Indicts 7 Russian Intel Officers for Hacking Anti-Doping Organizations
10/4/2018Netherlands expels four of the suspects trying to break into an organization investigating a chemical used in the recent attack on a former Russian spy in Britain.
Post a Comment
Malware Outbreak Causes Disruptions, Closures at Canadian Restaurant Chain
10/3/2018But Recipe Unlimited denies it was the victim of a ransomware attack, as some have reported.
Post a Comment
100,000-Plus Home Routers Hijacked in Campaign to Steal Banking Credentials
10/3/2018The GhostDNS campaign, which has been mainly targeting consumers in Brazil, has exploded in scope since August.
Post a Comment
Financial Sector Data Breaches Soar Despite Heavy Security Spending
10/2/2018Banks and other financial firms have disclosed three times as many breaches so far this year than they did in 2016, Bitglass says.
Post a Comment
'Torii' Breaks New Ground For IoT Malware
9/28/2018Stealth, persistence mechanism and ability to infect a wide swath of devices make malware dangerous and very different from the usual Mirai knockoffs, Avast says.
Post a Comment
Russia's Sednit Deploys First Firmware-Level Rootkit in the Wild
9/27/2018The advanced persistent threat group's LoJax can install malware capable of surviving both OS reinstallation and hard disk replacement.
Post a Comment
Google to Let Users Disable Automatic Login to Chrome
9/27/2018The decision comes days after security researcher had blasted company for jeopardizing user privacy with browser update.
Post a Comment
Critical Linux Kernel Flaw Gives Root Access to Attackers
9/26/2018All versions of Red Hat Enterprise Linux, CentOS vulnerable to 'Mutagen Astronomy' flaw, according to Qualys.
Post a Comment
White Papers
Video
1 Comments
Current Issue
5 Emerging Cyber Threats to Watch for in 2019Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Developing Secure Applications
IT security and application development are disparate processes that are increasingly coming together. Here's a look at how that's happening.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2019-11378
PUBLISHED: 2019-04-20
PUBLISHED: 2019-04-20
PUBLISHED: 2019-04-20
PUBLISHED: 2019-04-20
PUBLISHED: 2019-04-20
From DHS/US-CERT's National Vulnerability Database CVE-2019-11378
PUBLISHED: 2019-04-20
An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code.
CVE-2019-11372PUBLISHED: 2019-04-20
An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
CVE-2019-11373PUBLISHED: 2019-04-20
An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
CVE-2019-11374PUBLISHED: 2019-04-20
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.
CVE-2019-11375PUBLISHED: 2019-04-20
Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This