Robert Lemos

The criminals behind a well-known tool used to steal data and bank account information have upgraded the code to add a basic, but effective, function to evade malware analysis systems, according to a report issued by security firm Seculert on May 1. The report found that the malware, known as Dyre, checks for the number […]

San Francisco—A combination of gated mobile app stores, significant controls, vetting by Apple and Google, and a lack of good monetization strategies have made malware a rare occurrence on mobile devices in North America, network security firm Damballa reported here at the RSA Conference. Working with anonymous data captured from the large cellular providers that […]

San Francisco—As corporations team up with cops to take down criminals’ networks, the operators behind banking botnets have expanded beyond major financial institutions to hit smaller banks as well as other targets, such as corporate accounting and payroll systems, according to a report released here on April 22 at the RSA Conference by managed security […]

Following major breaches in 2014—which hit retail and health care firms the hardest—enterprises have increasingly adopted encryption strategies despite the majority having significant difficulties deploying the security technology, according to a survey conducted by the Ponemon Institute. The survey, released on Apr. 20, found that 64 percent of companies have an encryption strategy that is […]

An analysis of the market for buying and selling previously unknown software flaws, known as zero-day vulnerabilities, suggests that paying researchers to privately disclose security bugs to the developer works best to deplete the pool of easy-to-find flaws. The research was conducted by economics and policy researchers at the Massachusetts Institute of Technology, Harvard University, […]

Application vulnerabilities and malware continue to top security professionals’ list of worries, but the concerns have not translated into adopting secure development practices, a step shown to improve application security and catch software bugs earlier. Seventy-two percent of the nearly 14,000 chief information security officers (CISOs) and other security professionals surveyed indicated that application vulnerabilities […]

Cyber-criminals, nation-state actors and hacktivists became more nimble in 2014, exploiting more zero-day vulnerabilities, compromising a greater number of networks and conducting more targeted attacks, according to security firm Symantec’s annual Internet Security Threat Report. The data suggests that attackers are becoming more adept—or using more sophisticated tools—to attack companies and organizations. In 2014, for […]

International law-enforcement authorities at Interpol teamed up with Microsoft, the Cyber Defense Institute in Japan, and security firms Kaspersky Lab and Trend Micro to take down a second major botnet last week, in a coordinated effort to disrupt the criminal operation, the Interpol Global Complex for Innovation (IGCI) said in a statement on April 13. […]

European and U.S. law enforcement agencies teamed up with Intel Security, Kaspersky Lab and the Shadowserver Foundation to disrupt the Beebone botnet, a network of compromised computers that has likely infected hundreds of thousands of systems over six years. The operation—conducted on April 8 and led by the Dutch National High Tech Crime Unit—seized, registered […]

A file containing fake employee records—including faux Social Security numbers—and posted to two dark Websites and Dropbox was viewed more than 1,000 times and downloaded to computers in 22 countries in less than two weeks, according to researchers at security firm Bitglass. Half experiment and half publicity stunt, the project shows that cyber-criminals are quickly […]