Profile of Jai Vijayan

Contributing Writer

News & Commentary Posts: 1105

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics including Big Data, Hadoop, Internet of Things, E-voting and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, IL.

Articles by Jai Vijayan

View Content By Month

79% of Third-Party Libraries in Apps Are Never Updated

6/23/2021
A lack of contextual information and concerns over application disruption among contributing factors.
Post a Comment

Despite Heightened Cyber-Risks, Few Security Leaders Report to CEO

6/22/2021
A new report suggests that top management at most companies still don't get security.
Post a Comment

Did Companies Fail to Disclose Being Affected by SolarWinds Breach?

6/21/2021
The SEC has sent out letters to some investment firms and publicly listed companies seeking information, Reuters says.
Post a Comment

Attackers Find New Way to Exploit Google Docs for Phishing

6/18/2021
Tactic continues recent trend by attackers to use trusted cloud services to send and host malicious content.
Post a Comment

Data Breaches Surge in Food & Beverage, Other Industries

6/17/2021
Six previously "under-attacked" vertical industries saw a surge in data breaches last year due to COVID-19 related disruptions and other factors, new data shows.
Post a Comment

Ukraine Police Disrupt Cl0p Ransomware Operation

6/16/2021
Growing list of similar actions in recent months may finally be scaring some operators into quitting, but threat is far from over, security experts say.
Post a Comment

Thousands of VMware vCenter Servers Remain Open to Attack Over the Internet

6/15/2021
Three weeks after company disclosed two critical vulnerabilities in the workload management utility, many organizations have not patched the technology yet, security vendor says.
Post a Comment

VPN Attacks Surged in First Quarter

6/14/2021
But volume of malware, botnet, and other exploit activity declined because of the Emotet botnet takedown.
Post a Comment

Many Mobile Apps Intentionally Using Insecure Connections for Sending Data

6/11/2021
A new analysis of iOS and Android apps released to Apple's and Google's app stores over the past five years found many to be deliberately breaking HTTPS protections.
Post a Comment

New Ransomware Group Claiming Connection to REvil Gang Surfaces

6/10/2021
"Prometheus" is the latest example of how the ransomware-as-a-service model is letting new gangs scale up operations quickly.
Post a Comment

11 Cybersecurity Vendors to Watch in 2021

6/10/2021
The cybersecurity landscape continues to spawn new companies and attract new investments. Here is just a sampling of what the industry has to offer.
Post a Comment

First Known Malware Surfaces Targeting Windows Containers

6/7/2021
Siloscape is designed to create a backdoor in Kubernetes clusters to run malicious containers.
Post a Comment

Proposed Sale Casts Cloud Over Future of FireEye's Products

6/3/2021
Symphony Technology Group, which is buying FireEye, already owns multiple security companies "with redundancies in numerous areas."
Post a Comment

Phishing Emails Remain in User Inboxes Over 3 Days Before They're Removed

6/2/2021
Most malicious emails get blocked, but the ones that get through linger around dangerously long, a new study shows.
Post a Comment

New Barebones Ransomware Strain Surfaces

6/1/2021
The authors of Epsilon Red have offloaded many tasks that are usually integrated into the ransomware -- such as Volume Shadow Copy deletion -- to PowerShell scripts.
Post a Comment

Chinese APT Groups Continue to Pound Away on Pulse Secure VPNs

5/28/2021
Security vendor says it has observed threat groups using a set of 16 tools specifically designed to attack Pulse Secure devices since April 2020.
Post a Comment

Enterprises Applying OS Patches Faster as Endpoint Risks Grow

5/26/2021
New study shows sharp increase in number of endpoint devices with sensitive data on them.
Post a Comment

New Iranian Threat Actor Using Ransomware, Wipers in Destructive Attacks

5/26/2021
The Agrius group's focus appears to be Israel and the Middle East.
Post a Comment

Lack of Skills, Maturity Hamper Threat Hunting at Many Organizations

5/20/2021
When implemented correctly, threat hunting can help organizations stay head of threats, researcher says at RSA Conference.
Post a Comment

SolarWinds CEO: Attack Began Much Earlier Than Previously Thought

5/19/2021
Investigation shows threat actors began probing SolarWinds' network in January 2019, according to Sudhakar Ramakrishna.
Post a Comment

Rapid7 Is the Latest Victim of a Software Supply Chain Breach

5/17/2021
Security vendor says attackers accessed some of its source code using a previously compromised Bash Uploader script from Codecov.
Post a Comment

Software, Incident Response Among Big Focus Areas in Biden's Cybersecurity Executive Order

5/13/2021
Overall objectives are good, but EO may be too prescriptive in parts, industry experts say.
Post a Comment

Despite Heightened Breach Fears, Incident Response Capabilities Lag

5/12/2021
Many organizations remain unprepared to detect, respond, and contain a breach, a new survey shows.
Post a Comment

The Long Road to Rebuilding Trust After 'Golden SAML'-Like Attacks

5/12/2021
Eradicating 'privileged intruders' from the network in the aftermath of an attack poses major challenges, experts say.
Post a Comment

New Techniques Emerge for Abusing Windows Services to Gain System Control

5/6/2021
Organizations should apply principles of least privilege to mitigate threats, security researcher says.
Post a Comment

Newer Generic Top-Level Domains a Security 'Nuisance'

5/4/2021
Ten years of passive DNS data shows classic TLDs such as .com and .net dominate newer TLDs in popularity and use.
Post a Comment

Hundreds of Millions of Dell Computers Potentially Vulnerable to Attack

5/4/2021
Hardware maker has issued an update to fix multiple critical privilege escalation vulnerabilities that have gone undetected since 2009.
Post a Comment

New Threat Group Carrying Out Aggressive Ransomware Campaign

4/30/2021
UNC2447 observed targeting now-patched vulnerability in SonicWall VPN.
Post a Comment

XDR Pushing Endpoint Detection and Response Technologies to Extinction

4/29/2021
Ironically, EDR's success has spawn demand for technology that extends beyond it.
Post a Comment

Attacks Targeting ADFS Token Signing Certificates Could Become Next Big Threat

4/28/2021
New research shows how threat actors can steal and decrypt signing certificates so SAML tokens can be forged.
Post a Comment

US Urges Organizations to Implement MFA, Other Controls to Defend Against Russian Attacks

4/26/2021
Actors working for Moscow's Foreign Intelligence Service are actively targeting organizations in government and other sectors, FBI and DHS say.
Post a Comment

Supernova Malware Actors Masqueraded as Remote Workers to Access Breached Network

4/22/2021
China-based Spiral group is believed to be behind year-long attack, which exploited a flaw in SolarWinds Orion technology to drop a Web shell.
Post a Comment

10 Free Security Tools at Black Hat Asia 2021

4/22/2021
Researchers are set to demonstrate a plethora of tools for conducting pen tests, vulnerability assessments, data forensics, and a wide range of other use cases.
Post a Comment

Nearly Half of All Malware Is Concealed in TLS-Encrypted Communications

4/22/2021
Forty-six percent of all malware uses the cryptographic protocol to evade detection, communicate with attacker-controlled servers, and to exfiltrate data, new study shows.
Post a Comment

Attackers Heavily Targeting VPN Vulnerabilities

4/21/2021
Threat actors like attacking the technology because they provide a convenient entry point to enterprise networks.
Post a Comment

White House Scales Back Response to SolarWinds & Exchange Server Attacks

4/19/2021
Lessons learned from the Unified Coordination Groups will be used to inform future response efforts, a government official says.
Post a Comment

US Formally Attributes SolarWinds Attack to Russian Intelligence Agency

4/15/2021
Treasury Department slaps sanctions on IT security firms that it says supported Russia's Foreign Intelligence Service carry out the attacks.
Post a Comment

Malicious PowerShell Use, Attacks on Office 365 Accounts Surged in Q4

4/15/2021
There was also a sharp increase in overall malware volumes in the fourth quarter of 2020, COVID-19 related attack activity, and mobile malware, new data shows.
Post a Comment

DNS Vulnerabilities Expose Millions of Internet-Connected Devices to Attack

4/13/2021
Researchers uncover a fresh set of nine vulnerabilities in four TCP/IP stacks that are widely used in everything from powerful servers and firewalls to consumer IoT products.
Post a Comment

New Malware Downloader Spotted in Targeted Campaigns

4/12/2021
Saint Bot is being used to drop stealers on compromised systems but could be used to deliver any malware.
Post a Comment

Zoom Joins Microsoft Teams on List of Enterprise Tools Hacked at Pwn2Own

4/8/2021
White-hat hacking event shows yet again why there's no such thing as foolproof security against modern attacks.
Post a Comment

Attackers Actively Seeking, Exploiting Vulnerable SAP Applications

4/7/2021
Analysis of threat activity in mission-critical environments prompts CISA advisory urging SAP customers to apply necessary security patches and updates.
Post a Comment

Top 5 Attack Techniques May Be Easier to Detect Than You Think

3/31/2021
New analysis shows attackers for the most part are continuing to rely on the same techniques and tactics they have been using for years.
Post a Comment

Weakness in EDR Tools Lets Attackers Push Malware Past Them

3/31/2021
A technique called hooking used by most endpoint detection and response products to monitor running processes can be abused, new research shows.
Post a Comment

Publicly Available Data Enables Enterprise Cyberattacks

3/30/2021
Adversaries scour social media platforms and use other tactics to gather information that facilitates targeted enterprise attacks, research shows.
Post a Comment

SolarWinds Experimenting With New Software Build System in Wake of Breach

3/26/2021
CISO of SolarWinds now has complete autonomy to stop product releases if security concerns exist, CEO says.
Post a Comment

6 Tips for Limiting Damage From Third-Party Attacks

3/25/2021
The ability to protect your organization from third-party attacks will become increasingly critical as attackers try to maximize the effectiveness of their malicious campaigns.
Post a Comment

Ransomware Incidents Continue to Dominate Threat Landscape

3/24/2021
Cisco Talos' IR engagements found attackers relied heavily on malware like Zloader and BazarLoader to distribute ransomware in the past three months.
Post a Comment

Organizations Making Little Headway in Addressing Human Risk

3/23/2021
Most enterprise security awareness efforts remain half-hearted, a new SANS survey shows.
Post a Comment

Researchers Discover Two Dozen Malicious Chrome Extensions

3/22/2021
Extensions are being used to serve up unwanted adds, steal data, and divert users to malicious sites, Cato Networks says.
Post a Comment

New Malware Hidden in Apple IDE Targets macOS Developers

3/19/2021
XcodeSpy is latest example of growing attacks on software supply chain.
Post a Comment

Mimecast Says SolarWinds Attackers Accessed Its Source Code Repositories

3/17/2021
But the amount of code downloaded is too little to be of any use, the email security vendor says in its latest update.
Post a Comment

Chinese APT Targets Telcos in 5G-Related Cyber-Espionage Campaign

3/16/2021
Telemetry suggests that threat actor behind Operation Diànxùn is Mustang Panda, McAfee says.
Post a Comment

F5 Networks Urges Customers to Update to New Versions of Its App Delivery Tech

3/11/2021
F5 BIG-IP and BIG-IQ have multiple critical vulnerabilities that enable attackers to completely compromise systems.
Post a Comment

Malware Operator Employs New Trick to Upload Its Dropper into Google Play

3/10/2021
Check Point researchers recently discovered the Clast82 dropper hidden in nine legitimate Android utility apps.
Post a Comment

McAfee to Sell Enterprise Business to Equity Firm STG for $4B

3/8/2021
The planned move is unlikely to do much for enterprise customers or for security vendor's consumer business, analysts say.
Post a Comment

Microsoft, FireEye Uncover More Malware Used in the SolarWinds Campaign

3/4/2021
Newly discovered tools were designed for late-stage use after the attackers had already established a relatively firm presence on a breached network, vendors say.
Post a Comment

Qualys Is the Latest Victim of Accellion Data Breach

3/4/2021
Security vendor confirms attackers exploited a previously disclosed vulnerability in the enterprise firewall technology to breach its network.
Post a Comment

How Enterprises are Developing Secure Applications

3/3/2021
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Post a Comment

'ObliqueRAT' Now Hides Behind Images on Compromised Websites

3/2/2021
'Transparent Tribe' has switched its tactics for distributing the remote access Trojan, researchers found.
Post a Comment

Attacker Expands Use of Malicious SEO Techniques to Distribute Malware

3/2/2021
The operators of REvil and Gootkit have begun using a tried and tested technique to distribute additional malware, Sophos says.
Post a Comment

North Korea's Lazarus Group Expands to Stealing Defense Secrets

2/25/2021
Several gigabytes of sensitive data stolen from one restricted network, with organizations in more than 12 countries impacted, Kaspersky says.
Post a Comment

New APT Group Targets Airline Industry & Immigration

2/24/2021
LazyScript bears similarities to some Middle Eastern groups but appears to be a distinct operation of its own, Malwarebytes says.
Post a Comment

Botnet Uses Blockchain to Obfuscate Backup Command & Control Information

2/24/2021
The tactic makes it much harder for defenders to take down botnets via sinkholing and other standard techniques, Akamai says.
Post a Comment

Accellion Data Breach Resulted in Extortion Attempts Against Multiple Victims

2/22/2021
FireEye Mandiant says it discovered data stolen via flaw in Accellion FTA had landed on a Dark Web site associated with a known Russia-based threat group.
Post a Comment

Apple Offers Closer Look at Its Platform Security Technologies, Features

2/18/2021
In a nearly 200-page document, company offers a detailed overview of Secure Enclave and multiple other security controls in Apple silicon-based Macs and other platforms.
Post a Comment

US Unseals Indictments Against North Korean Cyberattackers for Thefts Totaling $1.3B

2/17/2021
FBI, CISA, and Treasury Department also release details about North Korean malware used in cryptocurrency thefts since 2018.
Post a Comment

Compromised Credentials Show That Abuse Happens in Multiple Phases

2/16/2021
The third stage, when threat actors rush to use stolen usernames and password pairs in credential-stuffing attacks, is the most damaging for organizations, F5 says.
Post a Comment

100+ Financial Services Firms Targeted in Ransom DDoS Attacks in 2020

2/15/2021
Consumer banks, exchanges, payment firms, and card issuing companies around the globe were among those hit.
Post a Comment

Growing Collaboration Among Criminal Groups Heightens Ransomware Threat for Healthcare Sector

2/11/2021
Expect increase in ransomware and 'triple extortion' attacks, Cyber Threat Intelligence League says.
Post a Comment

7 Things We Know So Far About the SolarWinds Attacks

2/11/2021
Two months after the news first broke, many questions remain about the sophisticated cyber-espionage campaign.
Post a Comment

High-Severity Vulnerabilities Discovered in Multiple Embedded TCP/IP Stacks

2/10/2021
Flaw leaves millions of IT, OT, and IoT devices vulnerable to attack.
Post a Comment

Iranian Cyber Groups Spying on Dissidents & Others of Interest to Government

2/9/2021
A new investigation of two known threat groups show cyber actors are spying on mobile devices and PCs belonging to targeted users around the world.
Post a Comment

Google's Payout to Bug Hunters Hits New High

2/4/2021
Over 660 researchers from 62 countries collected rewards for reporting bugs in Chrome, Android, and other Google technologies.
Post a Comment

Concerns Over API Security Grow as Attacks Increase

2/3/2021
Some 66% of organizations say they have slowed deploying an app into production because of API security concerns.
Post a Comment

Average Ransom Payments Declined Last Quarter

2/2/2021
More victims appear to be realizing that paying a ransom doesn't guarantee stolen data will be purged.
Post a Comment

Increase in Physical Security Incidents Adds to IT Security Pressures

2/1/2021
A new study shows that many organizations have changed their physical security strategies to address new concerns since the COVID-19 outbreak.
Post a Comment

2020 Marked a Renaissance in DDoS Attacks

1/29/2021
Amid the global pandemic, cybercriminals ramped up use of one of the oldest attack techniques around.
Post a Comment

Critical Vulnerability Patched in 'sudo' Utility for Unix-Like OSes

1/27/2021
Flaw exists in versions of sudo going back nearly 10 years; USCYBERCOM recommends organizations patch immediately.
Post a Comment

Ransomware Disrupts Operations at Packaging Giant WestRock

1/26/2021
Incident is another reminder of how vulnerable OT environments are to attack, security experts say.
Post a Comment

Critical Vulns Discovered in Vendor Implementations of Key OT Protocol

1/25/2021
Flaws allow denial-of-service attacks and other malicious activity, Claroty says.
Post a Comment

Intel Confirms Unauthorized Access of Earnings-Related Data

1/22/2021
News likely contributed to slide of over 9% in chipmaker's stock at one point Friday.
Post a Comment

DreamBus, FreakOut Botnets Pose New Threat to Linux Systems

1/21/2021
Researchers from Zscaler and Check Point describe botnets as designed for DDoS attacks, cryptocurrency mining, and other malicious purposes.
Post a Comment

Microsoft Releases New Info on SolarWinds Attack Chain

1/20/2021
Threat actors went to elaborate lengths to maintain operational security around second-stage payload activation, company says.
Post a Comment

Healthcare Organizations Bear the Brunt of Cyberattacks Amid Pandemic

1/6/2021
In the past two months alone, attacks against the sector soared 45% — more than double the rate of other sectors, Check Point says.
Post a Comment

DDoS Attacks Spiked, Became More Complex in 2020

12/30/2020
Global pandemic and the easy availability of for-hire services and inexpensive tool sets gave adversaries more opportunities to attack.
Post a Comment

SolarWinds Campaign Focuses Attention on 'Golden SAML' Attack Vector

12/22/2020
Adversaries that successfully execute attack can achieve persistent anytime, anywhere access to a victim network, security researchers say.
Post a Comment

Microsoft Confirms Its Network Was Breached With Tainted SolarWinds Updates

12/18/2020
Attack on thousands of other companies as "moment of reckoning" for governments and industry, company president says.
Post a Comment

5 Key Takeaways From the SolarWinds Breach

12/18/2020
New details continue to emerge each day, and there may be many more lessons to learn from what could be among the largest cyberattacks ever.
Post a Comment

FireEye Identifies Killswitch for SolarWinds Malware as Victims Scramble to Respond

12/16/2020
White House National Security Council establishes unified group to coordinate response across federal agencies to the threat.
Post a Comment

Concerns Run High as More Details of SolarWinds Hack Emerge

12/15/2020
Enterprises running company's Orion network management software should assume compromise and respond accordingly, security experts say.
Post a Comment

18,000 Organizations Possibly Compromised in Massive Supply-Chain Cyberattack

12/14/2020
Nation-state attackers used poisoned SolarWinds network management software updates to distribute malware; US government orders federal civilian agencies to immediately power down the technology.
Post a Comment

Knowing What the Enemy Knows Is Key to Proper Defense

12/10/2020
Think like an attacker if you want to understand your attack surface, says security researcher at Black Hat Europe.
Post a Comment

Researcher Developed New Kernel-Level Exploits for Old Vulns in Windows

12/9/2020
Problem has to do with a print driver component found in all versions of Windows going back to Windows 7, security researcher from Singular Security Lab says at Black Hat Europe 2020.
Post a Comment

Global Cybercrime Losses Cross $1 Trillion Mark

12/9/2020
A shift from attackers targeting individual systems to entire organizations is pushing up cost of cyberattacks sharply, McAfee says.
Post a Comment

NSA Warns of Exploits Targeting Recently Disclosed VMware Vulnerability

12/7/2020
Agency urges organizations to deploy patch as soon as possible since exploit activity is hard to detect.
Post a Comment

Assessing Cybersecurity Risk in Today's Enterprises

12/4/2020
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Post a Comment

Potential Nation-State Actor Targets COVID-19 Vaccine Supply Chain

12/3/2020
Companies involved in technologies for keeping vaccines cold enough for safe storage and transportation are being targeted in a sophisticated spear-phishing campaign, IBM says.
Post a Comment

Google Security Researcher Develops 'Zero-Click' Exploit for iOS Flaw

12/3/2020
A new patched memory corruption vulnerability in Apple's AWDL protocol can be used to take over iOS devices that are in close proximity to an attacker.
Post a Comment

Unmanaged Devices Heighten Risks for School Networks

12/1/2020
Gaming consoles, Wi-Fi Pineapples, and building management systems are among many devices Armis says it discovered on K–12 school networks.
Post a Comment

Author

Profile of Jai Vijayan