Robert Lemos

Shortened URLs are convenient for sharing long Web addresses in email messages and through social media, but at the same time, pose a privacy hazard as the URLs produced by popular services are so short they are vulnerable to brute-force searching, a Cornell Tech research effort found. In a paper published in April, two researchers […]

Criminals have started targeting hospitals and schools with ransomware, using vulnerabilities in popular application servers to infiltrate organizations’ networks and to insert backdoors to allow access, according to an analysis by networking giant Cisco. In a scan of the Internet, the company found that more than 3.2 million computers running the popular JBoss application server […]

U.S. business associations criticized an opinion by a European group of privacy experts that expressed concerns about the E.U.-U.S. Privacy Shield, the latest proposed agreement to allow data to be transferred between the European Union and the United States. The Article 29 Working Party, a committee of data-protection commissioners from European countries, concluded that although […]

For a week in March, Website security firm CloudFlare analyzed the traffic hitting its customers’ sites from the anonymous Tor network. The results of the study illustrate the double-edged nature of online anonymity. The Tor network—a peer-to-peer collection of volunteered servers linked together to create an anonymizing Web service—allows people in repressive countries to surf […]

The number of zero-day vulnerabilities discovered in 2015 jumped to 54, more than double the previous year’s record-setting 24 such vulnerabilities, Symantec stated in its annual Internet Security Threat Report (ISTR) released on April 12. The dramatic increase in zero-day vulnerabilities—defined by Symantec as software security flaws that are exploited before being patched by their […]

The alleged hack of Mossack Fonseca, a Panamanian law firm, has resulted in the leak of more than 11.5 million documents that detail the workings of offshore accounts held by many politicians and wealthy citizens. The leak happened a year ago, when an unknown source contacted the Süddeutsche Zeitung (SZ), a German newspaper. The newspaper […]

For two days in mid-March, visitors to major news and information sites—such as the New York Times, Newsweek, The Hill and the Weather Network—may have been redirected to Web servers that attempted to infect visitors’ systems with a variant of the Angler exploit kit and, ultimately, ransomware. So far, the impact of the attack is […]

A few weeks after Verizon released a report outlining 18 common data breach scenarios—dressed up with names such as “The Snake Bite” and “The Imperfect Stranger”—the company embarrassingly had to acknowledge its own breach. Call it “Scenario 19 – Ironic Injection.” Attackers used a flaw in the company’s Web portal for enterprise customers to steal […]

The cyber-attackers that targeted Ukraine’s energy distribution infrastructure in December were “highly structured and resourced,” taking down than 27 substations in an attack against Ukrainian power companies, according to a report released by the Electricity Information Sharing and Analysis Center (E-ISAC) on March 21. Three separate energy companies—known as “oblenergos”—all came under attack on Dec. […]

The Internal Revenue Service, the agency that collects more than $3 trillion in revenue for the United States, is under siege by cyber-criminals and fraudsters. In 2015, a popular scam—where criminals filed fake income-tax reports to collect fraudulent refunds—became even more common. So-called tax-refund fraud accounted for 45 percent of reported identity-theft cases, up from […]