Robert Lemos

The Flamer cyber-espionage tool that targeted the Middle East has likely been operational for more than five years and as recently as May 2012, according to an analysis published by security firm Symantec on Sept. 17. Analyzing records from two command-and-control (C&C) servers discovered by security researchers, Symantec, along with Kaspersky Lab, the International Multilateral […]

Microsoft issued two security patches Sept. 11, fixing a pair of cross-site scripting flaws in two of its server products, but security researchers focused on an update coming in October that will restrict applications that use encryption keys with a length smaller than 1,024 bits. The September Patch Tuesday update fixes issues in the Microsoft’s […]

A recent criminal attack on the network of app developer BlueToad likely led to the leak of a million device identifiers for iPhones and iPads, the company said in a statement Sept. 10. The breach happened nearly a week ago, likely a day or two before a group linking itself to the Anonymous movement claimed […]

A group of data thieves, possibly linked to a 2009 attack on Google, has ramped up its operations, using exploits for at least eight previously unknown vulnerabilities-widely referred to as “zero-days”-to compromise systems at defense contractors, suppliers to the defense sector, human rights organizations and other companies, security firm Symantec stated in a report released […]

While malicious software targeting mobile phones has surged, it’s still a drop in the bucket compared with the horde of viruses, Trojan horses and rootkits that plague personal computers. For good reason: Mobile devices are typically of limited value to online criminals, who are driven by dollars. Yet criminals in China, Russia and Eastern Europe […]

A malicious program, designed by cyber-criminals to help them build their botnets, is causing disruption at hundreds of small Websites as the program attempts to hide its communications by sending out a large number of fake requests, said security firm Dell Secureworks Sept. 5. The software, known as Pushdo, communicates with its command-and-control servers-central systems […]

Anonymous-linked hackers with an anti-security group claimed on Sept. 3 to have stolen sensitive information on more than 12 million Apple devices and their users from an FBI-issued laptop, releasing one million redacted records from the file as proof. The FBI denied that the file came from the agency and refuted claims that a computer […]

A group of intellectual-property thieves has adopted the latest exploit for Java and continues to target companies in critical industries such as chemical manufacturing and defense, Symantec officials said Aug. 30. The attacks-by a group that the security firm calls the “Nitro gang”-hit four-dozen companies between July and September 2011, but have since continued at […]

Late last year and earlier this year, attackers snuck into Iranian systems and did-something. Exactly what happened will likely never be known, however, because their last act was to run a program-now known in the security community as “Wiper” malware-that deleted almost every trace of the attack and then effectively destroyed compromised systems. On Aug. […]

Security firms warned business users and consumers to remove Java if possible, after one company identified an attack against its customers using a previously unknown vulnerability in Java. On Aug. 24, threat-protection firm FireEye stopped an attack targeting the flaw and over the weekend confirmed that the security issue was previously undiscovered. The attack exploited […]