Robert Lemos

In March, U.S. agencies warned that Russia government actors were targeting U.S. critical infrastructure in widespread attacks aimed at securing a foothold in the most sensitive networks.  The attackers were using spear-phishing emails and watering-hole attacks to compromise victims’ computers. If they gained a foothold, they next conducted network reconnaissance, gathered user names and passwords, […]

The gathering of records on more than 50 million Facebook users has underscored the dangers of online data mining, and the claims of the company that collected the information, Cambridge Analytica, highlighted the possibilities of what could be done with the data.  Cambridge Analytica used the data to create profiles of 50 million users then […]

This year marked a major milestone for distributed denial-of-service attacks, when—not just one, but two—attacks crossed the 1 Tbps bandwidth threshold.  In late February, attacks on the Github software-collaboration service and an unspecified online gaming provider topped terabit-per-second volumes not seen in the past, according to attack-mitigation firm Arbor Networks.  As with other modern distributed […]

Proving you are “you” has always been tricky. In the past, when personal information was not generally put online, asking a few personal questions was enough. Where did you live when you were 10 years old? What was the amount of your last mortgage payment?  Anyone could answer these questions and get access to sensitive […]

Despite the known risks of software vulnerabilities, most companies have unpatched security flaws in their infrastructure.  In its 2017 State of Software Security report, software testing firm Veracode found that only 14 percent of high-severity vulnerabilities are patched in the first month after discovery. More than three-quarters of all applications tested by the firm has […]

In mid-2017, attackers breached Equifax, stealing personal information on 143 million people and marking the end of an era. With sensitive information on more than half of all U.S. adults compromised by online attackers, people should no longer assume that their information is private.  In fact, consumers and workers should assume that their information is […]

With almost every company moving toward using the cloud in some part of the business, the mixture of cloud services, cloud infrastructure and on-premises technology has become a reality for most companies.  While about two-thirds of companies acknowledge that they operate in a hybrid-cloud environment, another 18 percent have IT environments that qualify as hybrid-cloud […]

In early December, a new version of Mirai—the internet of things malware responsible for creating a massive botnet that took down internet services in October 2016—started infecting home routers. Unlike Mirai, the latest version—dubbed Satori by security researchers—used two exploits in popular routers to compromise IoT devices and build a 700,000-node botnet in less than […]

Online attackers infiltrated a critical-infrastructure network, compromising systems and deploying malware designed to manipulate a system that could have shut down industrial processes, security firm FireEye warned in an advisory published on Dec. 14. FireEye did not identify the attacker or attribute the attack, which is dubbed TRITON, to any specific group, nor did it […]

Attackers promoting Iran’s political agenda have become increasingly sophisticated in their attacks, eliciting a warning from security firms that the nation is rapidly becoming an online powerhouse. Last month, for example, attacks attributed to Iranian agents exploited an MS Office vulnerability a week after it was patched by Microsoft, advanced-threat protection firm FireEye stated in […]