Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to Forbes.com, TheStreet and Mainstreet.

Italian Security Firm Allegedly Pushed Malware: Report

Doug Olenick • June 15, 2020

An Italian cybersecurity company allegedly was a front for a criminal gang selling access to a dropper Trojan known as CloudEyE, according to analysts at the security firm Check Point Research.

Kubeflow Targeted in XMRig Monero Cryptomining Campaign

Doug Olenick • June 12, 2020

Microsoft's Azure Security Center has detected a new hacking campaign that for the first time specifically targets the Kubeflow platform on Kubernetes and uses XMRig cryptominer to mine for monero across multiple clusters.

Lawmakers Demand Details on 2015 Juniper Data Incident

Doug Olenick • June 11, 2020

A bipartisan group of lawmakers sent a letter to Juniper Networks seeking a more detailed explanation into a 2015 incident when an NSA-created algorithm - that may have included a backdoor - appeared in a company product that would have allowed VPN traffic to be decrypted.

National Guard Prepping for November Election Security Role

Doug Olenick • June 11, 2020

The National Security Agency and U.S. Cyber Command are ramping up to offer security protection during the presidential election in November. The program, called Cyber 9-Line, will be utilizing National Guard troops trained in cybersecurity.

UpNp Vulnerability Could Affect Billions of IoT Devices

Doug Olenick • June 10, 2020

Carnegie Mellon University Software Engineering Institute's CERT notification center has posted a warning of a flaw in the Universal Plug and Play protocol that could potentially affect billions of internet-connected devices. If exploited, this flaw could lead to DDoS attacks and theft of data.

Senate Report: Chinese Telecoms Operated Without Oversight

Doug Olenick • June 9, 2020

A U.S. Senate report found that three Chinese telecommunications firms operated in the United States for two decades without proper oversight from the federal agencies that were assigned to provide security guidance and advice to the Federal Communications Commission.

Study Finds Open Source Vulnerabilities Doubled in 2019

Doug Olenick • June 9, 2020

The number of reported vulnerabilities found in open source software more than doubled in 2019 to almost 1,000, with projects such as Magento, GitLab, and Jenkins posting the largest increases, according to security firm RiskSense.

Analyzing the Role of Digital Identity Management

Doug Olenick • June 9, 2020

For an upcoming virtual roundtable, Alex Laurie of ForgeRock discusses the importance of digital identity management, the need for organizations to quickly and accurately register people, comply with privacy regulations and define and manage the level of risk involved.

Maze Ransomware Gang Hits Defense Contractor ST Engineering

Doug Olenick • June 8, 2020

The prolific Maze ransomware gang has been tied to yet more attacks, including against Singapore-based defense contractor ST Engineering's North American subsidiary, VT San Antonio Aerospace. Separately, the ransomware gang breached systems at nuclear missile contractor Westech.

Maze Promotes Other Gang's Stolen Data On Its Darknet Site

Doug Olenick • June 4, 2020

The Maze ransomware gang is hosting and promoting data stolen by other ransomware operators on its "Maze News" website, according to IBM researchers, who are concerned this could be a sign of growing collaboration among cybercrime groups.

Researchers Disclose 2 Critical Vulnerabilities in SAP ASE

Doug Olenick • June 3, 2020

Researchers at the security firm Trustwave have disclosed six vulnerabilities in SAP Adaptive Server Enterprise 16.0 (ASE) database software, with two rated as critical. These two vulnerabilities could enable attackers to perform arbitrary code execution and tamper with a system's data.

Researcher Discloses 'Sign in with Apple' Zero-Day Flaw

Doug Olenick • June 1, 2020

An independent security researcher disclosed a zero-day vulnerability contained in the "Sign in with Apple" feature that, if exploited, could have resulted in a full account takeover. The vulnerability has been patched, and Apple says it found no account misuse tied to it.

Hackers Breached 6 Unpatched Cisco Internal Servers

Doug Olenick • May 29, 2020

Six internal servers that Cisco uses to support its virtual networking service were compromised earlier this month after the company failed to patch two SaltStack zero day vulnerabilities. The company did not describe the damage done, saying only that "a limited set of customers" was impacted.

LiveJournal Blog Platform Credential Leak: What Happened?

Doug Olenick • May 28, 2020

The Russian blogging platform LiveJournal confirmed this week that it suffered several brute-force attacks in 2011 and 2012. But it insists that the 26 million usernames and passwords that are now available for sale on darknet forums came from other sources.

Framework for Managing Identity in Healthcare Introduced

Doug Olenick • May 22, 2020

In response to the growing threat of identity-centric cyberattacks in healthcare, the Health Information Sharing and Analysis Center has published a framework for managing identity for the full work lifecycle of employees, practitioners, patients and business partners.

«
1
…
21
22
23 (current)
24
»

«
1
…
21
22
23 (current)
24
»