Robert Lemos

Online thieves had a successful year in 2013, infecting three times as many computers, targeting a broader collection of nations’ financial institutions and branching out into Bitcoins, according to the latest analysis by security firm Symantec. In a report surveying the impact of financial Trojans—the malicious software used to compromise consumers’ PCs and steal money […]

After a single attempt to resurrect the ZeroAccess botnet, the criminal group controlling the network of approximately 1.3 million compromised PCs has signaled to defenders its intention to move on. This week, Microsoft, which continues to monitor the ZeroAccess botnet, detected a new message to the remaining computers’ infected ZeroAccess malware. Unlike a previous attempt […]

Software firms’ tepid approach to increasing the focus on security in the application development process has failed to staunch the flow of reports of new software flaws, but a global vulnerability purchasing program could help, argued a report published on Dec. 18 by security-information firm NSS Labs. In 2012, the number of vulnerabilities reported in […]

Venture investments in security firms took off in 2013, a trend that is expected to continue in the coming year, according to industry insiders. For the 12 months ending in June 2013, investment firms gave more than $1.4 billion to security startups and companies in 239 deals, according to investment-tracking firm CB Insights. The activity […]

While cyber-attackers are increasingly targeting third-party suppliers as a way to get access to their clients, most companies do not evaluate the security readiness of their partners and software providers. A group of 10 financial firms aims to remedy this lack of oversight with the release of guidelines advising companies on the best ways to […]

A cyber-attack currently hitting systems on the Internet uses two vulnerabilities—one in Adobe Reader and another in Windows—to compromise Windows XP and 2003 systems and download code, according to a technical analysis of the attack published by security firm Trustwave on Dec. 11. The attack, first detected by threat-protection firm FireEye in late November, uses […]

A group of researchers at Microsoft have created a tool that guesses passwords in real time as a way of helping users select better sequences of numbers, letters and special characters to protect their data. The system, called Telepathwords, models the way that attackers attempt to guess passwords based on common patterns used in passwords. […]

A botnet group compromised hundreds of thousands of users’ systems, grabbing passwords, and caching them on a central server, an analysis of which was published by security researchers at consultancy Trustwave. The passwords include user names and passwords for 1.6 million Website users, 320,000 email account credentials and tens of thousands for other services, including […]

Software vulnerability programs and marketplaces give security professionals a place to sell their research, but also segment the community into groups of “haves” and “have-nots,” allowing each private group to hold an average of 58 security flaws about which the public has no knowledge, according to a report released by security consultancy NSS Labs on […]

Targeted attacks aimed at stealing data from companies continue to worry information-security professionals, as limited resources and complex technology continued to hobble their efforts to defend against the so-called advanced persistent threats (APTs), according to a survey released Dec. 3. Companies discovered an average of nine successful targeted attacks in their networks in the past […]