Robert Lemos

A group of researchers urged the United States and the international community to take a close look at technology companies that provide network-filtering appliances to repressive regimes, after an Internet scan showed that 61 countries use one maker’s hardware to block or monitor communications. On Jan. 16, a human-rights-focused technology group at the University of […]

A five-year operation that has links to both the Chinese and Russians has focused on stealing diplomatic, industrial and scientific data from organizations based mainly in Eastern Europe and Asia, security firm Kaspersky Lab said in a report published Jan. 14. The operation—dubbed Red October, or Rocra, for short—used more than 60 secondary command-and-control servers […]

Security experts are again calling for users to disable the Java browser plug-in and uninstall the software on their systems, following the discovery of a zero-day vulnerability in the latest version of the Java Runtime Environment. Information about the vulnerability emerged Dec. 10, after a security professional discovered an exploit using the security hole to […]

Distributed denial-of-service attacks have continued to hamper the online operations of major financial institutions, but two reports shed light on the motivations of the attackers. On Jan. 8, Internet security firm Incapsula released its analysis of a compromised server used in the attack on banks. The analysis concludes that the attackers continue to use compromised […]

More than 30 months after the disclosure of a government program to help secure critical infrastructure, digital rights groups continue to have questions about whether the intent of the system is to monitor private networks. On Jan. 2 the Electronic Privacy Information Center (EPIC) published 190 pages of documents released by the National Security Agency […]

For the third time in two years, an incident at one of the hundreds of certificate authorities that underpin the security of the Internet allowed a group—or in this case, a machine—the ability to pose as a legitimate online service provider. In a statement posted Jan. 3, Google announced that its Chrome browser “detected and […]

The developers for Ruby on Rails fixed a subtle bug in the Web development framework that could allow an attacker to take control of an application’s database by SQL injection. While the impact of the bug could be severe, most applications are not vulnerable unless they use Authlogic, a third-party authentication framework, and have exposed […]

Industrial control systems came under increasing scrutiny and attack in 2012, with almost 200 documented incidents, according to a report released last week by a component of the U.S. Department of Homeland Security. Energy firms accounted for more than 40 percent of the 198 incidents reviewed by the Industrial Control Systems (ICS) Cyber Emergency Response […]

The biggest security threats to companies in 2013 will depend on who is attacking the business: Opportunistic criminals will continue scanning for accounts with default or weak passwords, while targeted attackers will refine their attempts to fool employees, business services firm Verizon and security software firm McAfee stated in separate reports. In the past year, […]

A number of major banks have endured massive distributed denial-of-service attacks for much of December, with customers from Wells Fargo, Citibank and Bank of America reportedly complaining that they were unable to access the banks’ Websites toward the end of the month. Despite defenders adapting to new attack techniques, the denial-of-service attacks that started earlier […]