Robert Lemos

Software maker Adobe launched a Web application vulnerability disclosure program, inviting security researchers to submit bugs found in its Web properties, but has declined to pay out rewards for high-severity bugs. The program, announced on March 4, gives researchers guidelines for testing Adobe properties and highlights eight categories of Web application weaknesses on which bug […]

Consumer dynamic RAMs are widely vulnerable to a known—but previously thought to be mostly theoretical—attack technique in which data successively written to a row of memory cells can flip a bit in an adjacent row and undermine a computer’s security, according to an investigation by Google researchers. In an analysis released on March 9, Google […]

The domain names used in espionage and cyber-crime operations hold clues to detecting the attacks before victims’ systems are compromised, researchers with Internet-security firm OpenDNS said on March 5. The company, which processes tens of billions of domain-name requests every day, has developed an algorithm that uses a variety of natural-language processing techniques and other […]

The number of U.S. consumers affected by identity fraud declined in 2014, but consumers whose information was inadvertently disclosed in a data breach were three times more likely to be impacted by fraud, according to a study released on March 3 by business-analysis firm Javelin Strategy & Research. Identity fraudsters abused an estimated 12.7 million […]

Over the past two years, cyber-criminals have focused more heavily on attacking Websites based on the WordPress content management system and its ecosystem of software plugins. The trend will continue in 2015, driven by the lack of security awareness among WordPress’ large user base and the lack of security expertise among its plugin developers, according […]

A new open-source intelligence analysis of the breach of health insurer Anthem has reinforced theories that the data theft leads back to a Chinese espionage program, security firm ThreatConnect stated on Feb. 27. In the report, which is based on public sources or “open-source” intelligence, security researchers at ThreatConnect and other companies found technical evidence […]

Three technology companies teamed up with international law enforcement to disrupt the Ramnit botnet, sinkholing more than 300 domains and seizing servers in four European countries, the organizations stated on Feb. 25. Since at least 2010, Ramnit has spread to systems by infecting files and has evolved into modular bot software focused on stealing passwords […]

While critics continue to take PC maker Lenovo to task for including Superfish adware on its consumer notebook systems, the flawed security of the network-traffic interception component has turned the spotlight on boutique developer Komodio. Komodia, a small information-technology firm founded in 2000, sells its network interception technology—Redirector and SSL Digestor—to other software makers. The […]

Groups in the Middle East and North Africa (MENA) region are becoming increasingly skilled at launching cyber-attacks, stealing sensitive data and adopting cyber-crime tactics, according to research released by two security firms. One group, dubbed Arid Viper by Trend Micro, used spearphishing, pornography and leased servers to conduct espionage attacks against Israeli targets, the company […]

An espionage group has infected thousands—and possibly tens of thousands—of targets globally using sophisticated malware that has telltale links to code previously attributed to operations carried out by the National Security Agency, according to a Feb. 16 report by Kaspersky Lab. Dubbed “Equation” by Kaspersky researchers, the group has operated for at least 15 years, […]