Robert Lemos

Malware authors and operators are increasingly using Secure Sockets Layer (SSL) encryption to hide their communications and escape detection, with the use of SSL for malware communications doubling in the first six months of 2017, security-in-the-cloud firm Zscaler said in its latest threat report. On average, the company has seen 600,000 “encrypted malicious activities” every […]

Locked down networks with no direct Internet access could still be infected with malware and have data exfiltrated through a brazen technique that uses the environment’s own security software as a channel to the Internet, according to a presentation two researchers delivered at the Black Hat Security Briefings on July 27. The technique exploits some […]

Business email compromise, ransom-seeking criminals and questionable programs that collect information are three of the major threats facing companies in 2017, according to Cisco’s Midyear Cybersecurity Report, published on July 20. Malware and denial-of-service attacks aimed at forcing victims to pay a ransom—known as ransomware and ransom denial-of-service (RDoS), respectively—affect 49 percent of companies, according […]

Companies are continuing to struggle with quickly shutting out former employees from accessing systems once they leave the company, according a survey conducted by Arlington Research and commissioned by OneLogin. The survey of 500 IT workers found that, while one-in-five companies have experienced a data breach caused by an ex-employee, 32 percent of companies take […]

Companies focused on securing their web applications have slightly reduced the number of flaws in their software, but about half of all applications continue to remain vulnerable for 365 days a year, according to web security firm WhiteHat Security’s latest annual report. The report, based on data from both dynamic and static analyses conducted by […]

Two separate European security authorities have concluded that the widespread Petya ransomware attack, also known as NonPetya, was not about money, but rather an assault conducted by a nation-state. On June 30, four researchers at the NATO Cooperative Cyber Defense Centre of Excellence (CCD COE) attributed both NotPetya and its predecessor, WannaCry, “most likely … […]

European companies and government agencies are reporting a widespread attack by a ransomware program that arrives in email and uses a leaked exploit to infect users’ systems, according to multiple accounts on June 27. The attack appears to be a year-old ransomware threat, known at Petya, created originally in 2016 but updated to use the […]

Developers continue to leave the vast majority of Web applications open to attack by leaving behind unused code, working with vulnerable third-party libraries and by allowing code frameworks to make requests for content from third-party sites, according to a report released this week. The data, collected by application-security firm tCell by observing real attacks on […]

Cloud services that allow anyone to propagate fake news or propaganda, to gain a following for provocative posts and to harness crowds of willing humans to pass on phony content to more credulous people have multiplied over the past year, security firm Trend Micro stated in an 81-page analysis published on June 13. The report, […]

Mac users need to beware of two new malware-as-a-service threats found on dark web sites—one focused on spyware-as-a-service and the other focused on ransomware—which target the macOS platform with new criminal cyber-attacks, according to researchers at AlienVault and Fortinet, both which announced their analyses of the services on June 9. The new Mac spyware, straight-forwardedly […]