Robert Lemos

While North Korean and Russian cyber operations have dominated the news, hackers linked to China continue to target a variety of organizations worldwide, according to two separate reports published by security firms in the last week. One Chinese group has revived a decade-old remote access Trojan (RAT), known as “Hacker’s Door,” and begun using it […]

While attacks attributed to Russia and China most frequently make the news, North Korea continues to have significant success online, driven by a single-minded mission and a lack of consequences for the small nation. In the latest incident to be uncovered, an online attack linked to North Korea stole classified military documents, including war plans […]

The Securities and Exchange Commission announced on Sept. 20 that the agency online filing system, where all publicly-traded companies are required to file their financial statements, was hacked in 2016 to facilitate insider trading. The SEC, which regulates U.S. stock markets, discovered the breach last year, but did not know that the issue may have […]

The software supply chain is increasingly under threat by attackers who seek to turn legitimate software programs into Trojan horses that can compromise millions of computers. On Monday, security-software firm Avast announced that its popular system-cleaning program CCleaner—developed by Piriform, a company acquired by Avast in July—had been compromised during development and infected users’ system […]

The U.S. government banned any federal agency from using products made by Russian-owned and operated security firm Kaspersky Lab, concluding that the level of access that the security products have to be too great a risk for national security. In a Binding Operational Directive (BOD) published on Sept. 13, Elaine Duke, acting Secretary of U.S. […]

Security experts have long warned that legal identity verification should not just be linked to knowing four pieces of personal information: a person’s name, address, birth date and Social Security number. Yet, many companies rely on this data as their primary way to identify their customers. Thousands of people lose control of their phone numbers […]

A study of 21.8 million comments submitted to the U.S. Federal Communications Commission on the Trump administration’s plan to remove regulations from cable, telecom and broadband providers found that the lack of any user authentication left the system open to abuse and left any conclusions based on the data about public sentiments on the issue […]

The popular Unity game platform—used by professionals and hobbyists alike—is vulnerable to remote compromise because of a flaw in the Windows game editor, the company warned on Aug. 18. Unity advised developers who use the Windows version of its editor to update immediately. Users of the Mac version of the editor are not affected, but […]

Industrial control systems and the Internet-of-Things are the industries most likely to have unknown vulnerabilities in their products, because their development processes are the least mature, according to data from more than 4.8 billion automated tests conducted by clients of security-services firm Synopsys. The data comes from fuzz testing, or fuzzing, an automated process that […]

Companies that scan binaries using VirusTotal — or other cloud scanning services — may expose sensitive data to the public, especially when developers scan internally-developed applications using the service, managed security firm DirectDefense warned on Aug. 9. The problem came to light when the company found information belonging to clients of endpoint detection and response […]