Breach at Deloitte Exposes Emails, Client Data
9/25/2017Intrusion may have resulted from company's failure to properly secure a key administrator account.
Post a Comment
Author
Profile of Jai Vijayan
Freelance writer News & Commentary Posts: 415Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics including Big Data, Hadoop, Internet of Things, E-voting and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, IL.
Articles by Jai Vijayan
Intrusion may have resulted from company's failure to properly secure a key administrator account.
Post a Comment
PassGAN: Password Cracking Using Machine Learning
9/25/2017Researchers demo how deep neural networks can be trained to generate passwords better than the best password-cracking tools.
Post a Comment
SEC Says Intruders May Have Accessed Insider Data for Illegal Trading
9/21/20172016 breach of the Securities and Exchange Commission's EDGAR database dents its reputation as a federal cybersecurity enforcer.
Post a Comment
Iranian Cyberspy Group Targets Aerospace, Energy Firms
9/20/2017APT33 focused on gathering information to bolster Iran's aviation industry and military decision-making capability, FireEye says.
Post a Comment
10 Hot Cybersecurity Funding Rounds in Q3
9/20/2017The first two quarters of 2017 have been the most active ever in five years from a cybersecurity investment standpoint. Here's how the third quarter has shaped up.
Post a Comment
Equifax Exec Departures Raise Questions About Responsibility for Breach
9/18/2017Disclosed details suggest a failure by the technology team but senior executives and the board are not above responsibility as well, experts say.
Post a Comment
FTC Opens Probe into Equifax Data Breach
9/14/2017Apache Struts flaw was known to be critical and should have been addressed, security researchers say.
Post a Comment
'Bashware' Undermines Windows 10 Security Via Linux Subsystem
9/13/2017New WSL feature in Windows 10 gives attackers a way to run malware without being detected by any current endpoint security tools, Check Point says.
Post a Comment
Billions Of Bluetooth Devices Vulnerable To Code Execution, MITM Attacks
9/12/2017IoT security vendor Armis this week disclosed a total of 8 zero-day bugs in Bluetooth implementations in Android, Windows, Linux, and IOS.
Post a Comment
Equifax Gets Slammed, Removes Forced Arbitration Clause from Credit Monitoring Offer
9/11/2017Company's initial requirement that breach victims sign away their legal rights to get complimentary offer was one of several mistakes.
Post a Comment
7 Takeaways From The Equifax Data Breach
9/11/2017The exposure of PII belonging to 143 million US consumers raises questions about the continued use of SSNs as identifiers, breach liability and app sec spending.
Post a Comment
Equifax Data Breach Prompts Calls For Tougher Security Requirements On Data Aggregators
9/8/2017Credit report bureau discloses breach that exposed data on 143 million US consumers.
Post a Comment
Inaudible Voice Commands Can Control Siri, Alexa Other Digital Assistants
9/7/2017Voice-capture system properties enable attackers to silently control them, say researchers at China's Zhejiang University.
Post a Comment
'Dragonfly' APT Now Able to Disrupt US Power Grid Operations, Symantec Warns
9/6/2017Recent attacks on energy sector targets suggest Dragonfly group has access to computers that control operational systems.
Post a Comment
Data Breach Costs Vary Significantly by Organization
9/5/2017Don't use publicly reported breach costs at other organizations as an estimate for what you might end up paying for a breach, Forrester says.
Post a Comment
Russian-Speaking Turla Group Uses New Tools to Target Embassies, Consulates
8/30/2017Turla cyber espionage gang has been around for a long time and appears to be back in action after a temporary lull.
Post a Comment
7 Things to Know About Today's DDoS Attacks
8/30/2017DDoS attacks are no longer something that just big companies in a few industries need to worry about. They have become a threat to every business.
Post a Comment
Massive Android DDoS Botnet Derailed
8/28/2017WireX was being used to launch DDoS attacks against targets in multiple industries; Google removes 300 botnet-related apps from Play Store.
Post a Comment
Chinese National with Possible Links to OPM Breach Arrested
8/25/2017Charging documents reveal sophistication — and a surprising degree of sloppiness.
Post a Comment
China, US Top List Of Countries With Most Malicious IPs
8/24/2017Brazil has 20% more risky IPs than Russia, Recorded Future's analysis shows.
Post a Comment
ROPEMAKER Attack Turns Benign Emails Hostile Post-Delivery
8/22/2017The intersection of email and Web technologies has given attackers a way to mess with your email after it has been delivered to your inbox, Mimecast says.
Post a Comment
Cybersecurity Firm root9B's Assets Up for Sale
8/21/2017Move to foreclose comes after company defaulted on repayment terms for over $10.7 millions in loans it owes creditors.
Post a Comment
Russian-Speaking APT Engaged in G20 Themed Attack
8/18/2017A newly discovered dropper for the KopiLuwak backdoor suggests that the Turla group is back at it again, Proofpoint says.
Post a Comment
'Pulse Wave' DDoS Attacks Emerge As New Threat
8/17/2017DDoS botnets are launching short but successive bursts of attack traffic to pin down multiple targets, Imperva says.
Post a Comment
9 of the Biggest Bug Bounty Programs
8/11/2017These programs stand out for the size of their rewards and how much they have paid in total to security researchers in bounties over the last several years.
Post a Comment
Carbon Black Refutes Claims of Flaw in its EDR Product
8/9/2017Endpoint security firm responds to DirectDefense's report, noting that the information was shared voluntarily via a feature in the product that comes disabled by default.
Post a Comment
Konni Malware Campaign Targets North Korean Organizations
8/8/2017For at least three years, an unknown threat actor has used the RAT to steal data and profile organizations in North Korea.
Post a Comment
WannaCry Hero Garners Security Industry Support Following Arrest
8/7/2017US law enforcement arrested British security researcher Marcus Hutchins for allegedly developing and selling the Kronos banking Trojan.
Post a Comment
Steganography Use on the Rise Among Cyber Espionage, Cybercrime Groups
8/4/2017At least three cyber espionage campaigns and several malware samples in recent months have employed ancient technique, Kaspersky Lab says.
Post a Comment
Symantec Sells Digital Certificate Business to DigiCert
8/3/2017$950 million deal comes in the wake of Google sanctions on Symantec certs earlier this year.
Post a Comment
Proposed IoT Security Bill Well-Intentioned But Likely Hard To Enforce
8/2/2017Internet of Things Cybersecurity Improvement Act of 2017 proposes minimum set of security controls for IoT products sold to government.
Post a Comment
Ransomware Attack on Merck Caused Widespread Disruption to Operations
7/31/2017Pharmaceutical giant's global manufacturing, research and sales operations have still not be full restored since the June attacks.
Post a Comment
Wannacry Inspires Worm-like Module in Trickbot
7/28/2017The malware is being primarily distributed via email spam in the form of spoofed invoices from an international financial services com, says Flashpoint.
Post a Comment
Adobe's Move to Kill Flash Is Good for Security
7/26/2017In recent years, Flash became one of the buggiest widely used apps out there.
Post a Comment
Iranian Cyber Espionage Group CopyKittens Successful, But Not Skilled
7/25/2017Despite being only moderately skilled, CopyKittens has exfiltrated large volumes of data since at least 2013.
Post a Comment
Voter Registration Data from 9 States Available for Sale on Dark Web
7/24/2017Nearly 10 million voter records sold for just $4 over last few days, according to LookingGlass Cyber Solutions.
Post a Comment
Russian National Receives 5 Years In Jail For Role In 'Citadel' Attacks
7/20/2017Mark Vartanyan is the second individual to be sent to prison in connection with Citadel.
Post a Comment
8 Things Every Security Pro Should Know About GDPR
6/30/2017Organizations that handle personal data on EU citizens will soon need to comply with new privacy rules. Are you ready?
Post a Comment
Kaspersky Lab Faces More U.S. Scrutiny Over Potential Russian Govt. Influence
6/29/2017Lawmaker proposes ban on DoD use of Moscow-based security vendor's products.
Post a Comment
Petya Or Not? Global Ransomware Outbreak Hits Europe's Industrial Sector, Thousands More
6/27/2017With echoes of WannaCry, infections spread fast. Some security researchers describe malware as variant of Petya; others say it's a brand new sample.
Post a Comment
'GhostHook' Foils Windows 10 64-bit's Kernel Protection
6/22/2017Microsoft says an attacker needs kernel-level access before they can use the 'GhostHook' technique to install a rootkit.
Post a Comment
WannaCry Forces Honda to Take Production Plant Offline
6/21/2017Work on over 1,000 vehicles affected at automaker's Sayama plant in Japan while systems were restored.
Post a Comment
Organizations Are Detecting Intrusions More Quickly
6/20/2017But almost every other metric in Trustwave's 2017 global cybersecurity report card is headed in the wrong direction.
Post a Comment
FIN10 Threat Actors Hack and Extort Canadian Mining, Casino Industries
6/16/2017Previously unknown threat actor has extracted hundreds of thousands of dollars from Canadian companies in a vicious cyberattack campaign that dates back to 2013, FireEye says.
Post a Comment
NSA Reportedly Confident North Korea Was Behind WannaCry
6/15/2017But some say no evidence exists to unequivocally pin blame for attacks on Pyongyang.
Post a Comment
US Warns of North Korea's Not-So-Secret 'Hidden Cobra' DDoS Botnet
6/14/2017Reclusive government behind DDoS infrastructure is targeting organizations around the world US-CERT says.
Post a Comment
First Malware Designed Solely for Electric Grids Caused 2016 Ukraine Outage
6/12/2017Attackers used CrashOverride/Industroyer to cause a partial power outage in Kiev, Ukraine, but it can be used anywhere, say researchers at Dragos and ESET.
Post a Comment
Move Over, Mirai: Persirai Now the Top IP Camera Botnet
6/8/2017Mirai's success has spawned a flurry of similar IoT malware.
Post a Comment
RIG Exploit Kit Takedown Sheds Light on Domain Shadowing
6/7/2017Threat actors hid tens of thousands of shadow domains behind legitimate domains to carry out malicious activity.
Post a Comment
Outdated Software Commonplace on Enterprise Endpoints
6/6/2017Enterprises that stick with older versions of operating systems and other software are missing out on security features in newer versions, Duo Security says.
Post a Comment
OneLogin Breach Reignites Concerns over Password Managers
6/1/2017Entrusting all your passwords to a single organization creates a single point of failure, experts say in the wake of a new data breach at OneLogin.
Post a Comment
A Nation State-Looking Cyberattack that Wasn't
5/31/2017Symantec researchers uncover a cybercrime campaign with all the hallmarks of a state-sponsored campaign that didn't even make much money for the attackers.
Post a Comment
Cybercriminals Regularly Battle it Out on the Dark Web
5/30/2017People operating criminal services on Tor and other darknets attack each other frequently, a study by Trend Micro shows.
Post a Comment
New Samba Bug Dangerous But No WannaCry
5/25/2017The administrators of the open-source Samba software have fixed a newly discovered vulnerability that lets attackers upload malicious files to vulnerable systems and servers.
Post a Comment
Split Tunnel SMTP Exploit Bypasses Email Security Gateways
5/25/2017Attackers can inject malicious payloads directly to email server via email encryption appliances, Securolytics says.
Post a Comment
Data Breach, Vulnerability Data on Track to Set New Records in 2017
5/23/2017There are so far 1,254 publicly reported data breaches and 4,837 published vulnerabilities in the first quarter of this year.
Post a Comment
APT3 Threat Group a Contractor for Chinese Intelligence Agency
5/18/2017Recorded Future says its research shows clear link between cyber threat group and China's Ministry of State Security.
Post a Comment
NSA Tools Behind WannaCry Being Used In Even Bigger Attack Campaign
5/18/2017Attackers have been using NSAs EternalBlue and Double Pulsar to distribute AdylKuzz cryptocurrency malware to hundreds of thousands of systems, Proofpoint says.
Post a Comment
ShadowBrokers To Launch Monthly Subscription Service for Exploits
5/16/2017Think of it like a wine of the month club for attack tools and new exploits threat group says.
Post a Comment
APT28, Turla Nation-State Groups Deployed Multiple 0Days in Recent Attacks
5/11/2017Attack campaigns by APT28, Turla, and an unidentified group showcase easy availability of zero-days.
Post a Comment
The Long Tail of the Intel AMT Flaw
5/10/2017Organizations impacted by easily exploitable privilege escalation vulnerability may need time to apply firmware patches, analysts say.
Post a Comment
And Now a Ransomware Tool That Charges Based On Where You Live
5/6/2017Malware is designed to charge more for victims in countries with a higher cost of living, Recorded Future says.
Post a Comment
Blackmoon Banking Trojan Goes Modular
5/5/2017Threat actors have begun using a new and unique framework to deliver malware to web users in South Korea, Fidelis says.
Post a Comment
Netflix Incident a Sign of Increase in Cyber Extortion Campaigns
5/3/2017Attackers using threats of data exposure and DDoS disruptions to try and extort ransoms from organizations.
Post a Comment
DDoS Attacks Surge, Organizations Struggle to Respond
5/2/2017Organizations often discover a DDoS attack only after being alerted to the fact by a third-party or customer, Neustar survey shows.
Post a Comment
Verizon DBIR Shows Attack Patterns Vary Widely By Industry
4/27/2017It’s not always the newest or the most sophisticated threat you need to worry about, Verizon’s breach and security incident data for 2016 shows.
Post a Comment
Exploits Targeting Corporate Users Surged Nearly 30% In 2016
4/21/2017At same time, number of attacks targeting software vulnerabilities in systems used by consumers declined over 20%, Kaspersky Lab says in new report.
Post a Comment
APT Attack Activity Occurs at 'Low, Consistent Hum,' Rapid7 Finds
4/20/2017Organizations in industries aligned to nation-state interests are main targets of nation-state attack threats, new quarterly threat report shows.
Post a Comment
CISOs, Board Members Have Widely Divergent Views on Cybersecurity
4/18/2017Boards often want a lot more business-relevant reporting than CISOs provide, Focal Point Data Risk study shows.
Post a Comment
Ransomware, Mac Malware Dominate Q1 Threat Landscape
4/14/2017Cerber, somewhat unexpectedly, emerged as the biggest ransomware threat, Malwarebytes found.
Post a Comment
95% of Organizations Have Employees Seeking to Bypass Security Controls
4/13/2017Use of TOR, private VPNs on the rise in enterprises, Dtex report shows.
Post a Comment
New Breed of DDoS Attack On the Rise
4/13/2017Akamai Networks since October has detected and mitigated at least 50 DDoS attacks using Connectionless LDAP.
Post a Comment
China-Based Threat Actor APT10 Ramps Up Cyber Espionage Activity
4/6/2017Customers of managed security service providers, website of US trade lobby group targeted in separate campaigns
Post a Comment
Pegasus For Android Spyware Just As Lethal As iOS Version
4/6/2017Researchers from Lookout, Google describe it as highly sophisticated tool for targeted surveillance purposes.
Post a Comment
FCC Privacy Rule Repeal Will Have Widespread Security Implications
4/4/2017Concerns over the action are sending VPN sales soaring, some vendors say.
Post a Comment
'Sundown' Rises as New Threat in Depleted Exploit Kit Landscape
3/31/2017New exploits and obfuscation tactics have made once second-tier EK a potent threat, researchers from Cisco Talos say.
Post a Comment
Insider Threat Fear Greater Than Ever, Survey Shows
3/29/2017More than half of security pros say insider threat incidents have become more frequent in the past 12 months.
Post a Comment
Cerber Ransomware Now Evades Machine Learning
3/29/2017New variant has been broken into separate harmless-looking components to fool ML-based detection systems, Trend Micro says.
Post a Comment
Apple: Mac, iPhone Bugs That CIA Allegedly Exploited Were Fixed Years Ago
3/24/2017New WikiLeaks data dump describes "Sonic Screwdriver," other CIA exploits for Mac desktops and iPhones
Post a Comment
Sandia Testing New Intrusion Detection Tool That Mimics Human Brain
3/24/2017Neuromorphic Data Microscope can spot malicious patterns in network traffic 100 times faster than current tool, lab claims.
Post a Comment
Windows 'DoubleAgent' Attack Turns AV Tools into Malware
3/22/2017Zero-day attack exploits a legitimate process in Windows, according to Cybellum; AV vendors downplay threat.
Post a Comment
New Metasploit Extension Available for Testing IoT Device Security
3/21/2017RFTransceiver extension for the Metasploit Hardware Bridge API will let organizations detect and scan wireless devices operating outside 802.11 spec.
Post a Comment
Bug Bounty Programs are Growing Up Fast and Paying More
3/20/2017As more organizations crowdsource the vulnerability-hunting of their software, the process itself has become more formal, as well as more lucrative for researchers.
Post a Comment
New MagikPOS Malware Targets Point-of-Sale Systems In US & Canada
3/17/2017Malware uses a remote access Trojan to sniff out potential victims first, Trend Micro says.
Post a Comment
What Businesses Can Learn From the CIA Data Breach
3/16/2017Just because threats like malicious insiders, zero-days, and IoT vulnerabilities are well-understood doesn’t mean organizations have a handle on them.
Post a Comment
Stockpiling 0-Day Bugs Not So Dangerous After All, RAND Study Shows
3/10/2017A RAND Corp. study of more than 200 zero-days shows that benefits of disclosure can often be more modest than perceived.
Post a Comment
Attacks Under Way Against Easily Exploitable Apache Struts Flaw
3/9/2017Enterprises urged to upgrade now to more secure versions of Web application framework.
Post a Comment
Researchers Find Multiple Critical Flaws In Confide Secure Messaging App
3/8/2017All flaws have been fixed, says maker of app purportedly used for secret communications by political operatives in DC.
Post a Comment
'Entire Hacking Capacity Of CIA' Dumped On Wikileaks, Site Claims
3/7/2017Leaked data tranche of 8,700 documents purportedly includes tools that turn smart TVs into covert surveillance devices.
Post a Comment
Attackers Employ Sneaky New Method to Control Trojans
3/3/2017A new malware sample shows threat actors have begun using DNS TXT record and queries for C2 communications, Cisco Talos says,
Post a Comment
Cloudflare Breach Had Potential To Be Much Worse
3/2/2017An initial analysis shows no personal data was leaked and most customers not impacted, Cloudflare's CEO says.
Post a Comment
New Version Of Dridex Banking Trojan Uses ‘AtomBombing’ To Infect Systems
3/1/2017It’s the first malware to use a newly disclosed code-injection method to break into to Windows systems
Post a Comment
Massive Necurs Spam Botnet Now Equipped to Launch DDoS Attacks
2/28/2017With more than one million active bots at any time, a Necurs-enabled DDoS attack could dwarf such an attack by the Mirai botnet.
Post a Comment
Cloudflare Leaked Web Customer Data For Months
2/24/2017Potential scope of issue evokes comparisons to Heartbleed.
Post a Comment
Survey: Most Attackers Need Less Than 12 Hours To Break In
2/23/2017A Nuix study of DEFCON pen testers shows that the usual security controls are of little use against a determined intruder
Post a Comment
Exploit Kit-Based Attacks Decline Dramatically
2/23/2017But it's too soon to call this downward trend a permanent shift, experts say.
Post a Comment
At Least 70 Organizations Targeted In Sophisticated Cyber Surveillance Operation
2/17/2017Most of the targets are in Ukraine, though a few have been spotted in Russia and elsewhere, CyberX says
Post a Comment
Ransomware Growth Fueled By Russian-Speaking Cybercriminals
2/16/2017Individuals and groups from Russian-speaking countries responsible for a lot of ransomware activity, Kaspersky Lab says.
Post a Comment
Russian-Speaking Rasputin Breaches Dozens Of Organizations
2/15/2017Attacker behind Election Assistance Commission hack now using SQL injection as his weapon of choice against universities and government agencies.
Post a Comment
CrowdStrike Fails In Bid To Stop NSS Labs From Publishing Test Results At RSA
2/14/2017NSS results are based on incomplete and materially incorrect data, CrowdStrike CEO George Kurtz says.
Post a Comment
White Papers
Video
0 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next WaveJust when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The Dark Reading Security Spending Survey
Enterprises are spending an unprecedented amount of money on IT security — where does it all go? In this survey, Dark Reading polled senior IT management on security budgets and spending plans, and their priorities for the coming year. Download the report and find out what they had to say.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...
CVE-2016-10369NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
CVE-2016-8202unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...
CVE-2016-8209A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.
CVE-2017-0890Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2017 UBM, All rights reserved
Tweet This