Robert Lemos

The National Security Agency concluded in May that the Russian General Staff Main Intelligence Directorate, or GRU, used phishing attacks to likely compromise at least one account at a U.S. election firm, according to a report in The Intercept published on June 5. The attackers used information gathered from the firm to target 122 local-government […]

A Georgia congressman has made a second attempt to craft legislation that carves out legal exemptions for companies that ‘hack back’ at attackers, posting a revised draft on May 25 that allows for beaconing technology, creates a mandatory reporting requirement and additional attempts to limit collateral damage. The draft of the legislation, known as the […]

The number of publicly-reported software security flaws jumped nearly 30 percent in the first quarter of 2017 compared to the same quarter the prior year, while more than 3.4 billion records were exposed indata breaches, according to a pair of reports released on May 23 by Risk Based Security. The two reports summarized data on […]

Healthcare systems using medical devices running embedded Windows have been infected with the WannaCry ransomware, highlighting that the impact of the malware goes beyond lost data or payoffs to cyber-criminals. A handful of different types medical systems have been infected with the WannaCry ransomware, disrupting some medical practices, according to an advisory sent to health […]

Companies caught their breath on Monday, following the worldwide spread of the WannaCry ransomware program last week, a digital epidemic that infected at least 200,000 devices in dozens of countries around the world. As security experts continued to investigate the incident, they quickly concluded that the attack could have been stymied by basic digital hygiene, […]

Over the past six months, a botnet known as Hajime has successfully infected more than 300,000 Internet-of-Things devices, in a sign that manufacturers continue to fail to secure their  network-connected devices, according to an analysis published by security firm Kaspersky Lab on April 25. The botnet mainly uses two methods of attack that focus on […]

The number of cloud applications used by the typical company continued to rise in the fourth quarter of 2016, while malware spreading through shared data on cloud platforms grew as a threat, cloud-services management firm Netskope stated in its April 2017 Cloud Report. The report, which covers that fourth quarter of 2016, found that the […]

Software development teams continue to rely on open-source code, but nearly two-thirds of the applications using open-source components have code flaws, according to report published by software-security firm Black Duck Software April 19. In an analysis of more than 1,000 application audits, Black Duck found an average of 27 vulnerabilities in each application, up from […]

User credentials became attackers’ preferred way to attempt to breach the security of enterprise networks in the first quarter of 2017, according to data from actual security events collected by Rapid7. While alerts tailored to the needs of a specific organization claimed the top slot in the list of common attacks, credential- and authorization-based attacks […]

Intelligence operatives targeting Ukrainian rebels and cyber-criminals targeting businesses used the same zero-day attack exploiting a vulnerability in Microsoft Word, according to an analysis published by FireEye on April 12. Microsoft patched the issue earlier this week, but not before attackers had a chance to widely use the exploit to compromise systems and install malware. […]