Rob Lemos

Persistent Bots: Five Ways They Stay Enmeshed in Your Network

Earlier this year, the developers of a malicious program created to infect Linux-based internet-of-things (IoT) devices found a way for it to automatically reinstall the malware following a reboot. The malware, known as Hide ‘N Seek, is the first known example of an IoT botnet that can stick around after the user restarts a device. […]

CCleaner Attack Targeted Telecoms, Network Hardware Providers

The malware inserted into CCleaner, a popular system utility downloaded by at least 2.3 million users, is far more serious than originally thought, specifically targeting the makers of networking equipment and enterprise software, according to evidence uncovered by investigators and published on Sept. 20. While Avast—the security firm that acquired CCleaner with its purchase of […]

Technologists Say Trump Cybersecurity Executive Order Only a ‘Plan of a Plan’

After more than 100 days in office, the Trump administration released its long-awaited executive order on cybersecurity May 11, which calls for government agencies to conduct security reviews and to recommend future steps to secure the United States’ infrastructure, networks and data. The executive order gives both civilian and military agencies a 60-day deadline for […]

Women’s Progress in Cyber-Security Stalled Over Past Two Years: Survey

Women’s participation in the cyber-security industry stagnated over the past two years, leveling off at 11 percent, which is much lower than women’s overall participation in the workforce, according to a biennial study published on March 15. The report, The 2017 Global Information Security Workforce Study: Women in Cybersecurity, found that upper-level management positions were […]

Software Patches Could Prevent Most Breaches, Study Finds

Approximately 80 percent of companies that had either a breach or a failed audit could have prevented the issue with a software patch or a configuration change, according to a security-automation survey of 318 firms. The survey, conducted by research firm Voke Media in late 2016, found that 27 percent of companies reported a failed […]

CA’s Veracode Deal Not a Sign of DevOps Consolidation, Analysts Argues

CA Technologies announced its intention March 7 to buy application-security firm Veracode in a $614 million deal—a move that has all the hallmarks of continuing the industry’s consolidation but more strongly shows the company’s commitment to expanding its DevOps software portfolio, a Forrester analyst argued in a research note published this week. The acquisition, which […]

Is 90 Days Enough? Google Releases Details of Unpatched Microsoft Flaws

For the second time in as many weekends, Google released details of a security issue in Microsoft’s software, which the Windows maker failed to patch after postponing the release of a regularly scheduled update on Feb. 14. Google—which funds a group of researchers, known as Project Zero—publishes details of security flaws after giving the software […]

States Oppose Designating Election Systems as Critical Infrastructure

Six weeks after the U.S. Department of Homeland Security underscored the importance of election computers and physical systems by designating them “critical infrastructure,” a group representing the nation’s secretaries of state voted to oppose the federal appellation. In its winter meeting, the National Association of Secretaries of State (NASS) adopted a resolution opposing the “critical […]

SecureWorks Exposes Phishing Fraudster Using Social Engineering Tricks

SAN FRANCISCO—Punking online fraudsters has a long history among hackers. Yet, managed security provider SecureWorks is recommending that some companies regularly play the dupe to hackers to cause them more pain and make their crimes less lucrative. At the RSA Security Conference, SecureWorks researchers Joe Stewart and James Bettke described an incident where they led […]

Congressional Staffers See Russian Hacking, FISA Vote as Priorities

SAN FRANCISCO—Investigations into the extent and impact of Russia’s hacking and disinformation campaigns aimed at impacting the U.S. elections will likely keep Congress busy for much of the year, three Congressional staffers told attendees at the RSA Security Conference on Feb. 14. During a session focused on Congressional priorities—which took even greater significance with the […]