Robert Lemos

LAS VEGAS—Over the past five years, antivirus firms and malware-analysis startups have created automated systems for identifying and categorizing malware. Yet, such closed systems frequently fail to detect the newest malware and rarely allow security researchers to peek at the results. At the Black Hat security conference on Aug. 7 here, a group of researchers […]

LAS VEGAS—The leak of secret U.S. documents describing the expansion of the government’s Terrorist Screening Database has reopened the debate over whether whistleblowers should be prosecuted and how agencies and companies can prevent leaks of sensitive information. At the Black Hat security conference here, noted security expert Mikko Hypponen argued that many breaches—Edward Snowden’s leaks […]

A Russian cyber-criminal group compromised more than 400,000 servers and Websites using a common class of software flaw, known as a SQL injection vulnerability, to steal more than 1.2 billion usernames and passwords, according to Hold Security, which found the cache of credentials online. The group, dubbed “CyberVors” by the security firm, initially bought a […]

LAS VEGAS—When security teams patch software vulnerabilities in their systems, they too often focus on the wrong issues, patching the holes that are easiest to fix rather than fixing the flaws that are most likely to be the focus of attackers. To help companies improve their handling of software flaws, vulnerability management firm Core Security […]

For the second time in two years, mobile-security firm Bluebox Security announced a serious vulnerability in the Android operating system that could allow a malicious application to gain higher privileges and take control of devices. It’s the latest serious flaw in the Android operating system, which is, by far, the operating system most targeted by […]

In December, Australian teenager Joshua Rogers reported a vulnerability in a regional public-transportation site that could have exposed the information of roughly 600,000 Australian citizens. Instead of working with the 16-year-old bug hunter, the government agency responsible for the site, Public Transport Victoria, contacted the police. Such contentious relations between software developers and vulnerability researchers […]

Su Bin, a Chinese national accused of hacking into the network of defense contractor Boeing, was denied bail during a preliminary hearing in British Columbia Supreme Court on July 23, according to media reports. Canadian authorities arrested Su, the 48-year-old owner of Beijing-based Lode Technologies, on June 28 in response to a criminal complaint filed […]

The Electronic Frontier Foundation announced on July 20 a programming effort to create a secure, private way for people to share their wireless routers, allowing others to use their bandwidth without compromising their network security. The project, dubbed the Open Wireless Router, aims to give home users and businesses the ability to assign a portion […]

The Zombie Zero supply-chain attack targeted robotics manufacturers as well as shipping and logistics firms, compromising systems for more than a year, according to new details from the analysis of the economic-espionage campaign provided by security firm TrapX Security. Zombie Zero is a suspected nation-state attack, which compromised at least eight companies beginning in May […]

When security researchers publicly released details of the Heartbleed OpenSSL flaw in April, Websites and application vendors rushed to fix their software to eliminate the vulnerability. In the end, some 200 products and Web services—ranging from top online services such as Netflix and Google to nearly a score of Oracle products and almost every version […]