Robert Lemos

As companies and software developers rush to patch vulnerabilities in the Bourne Again Shell, or Bash, attackers have already incorporated exploit code into a variety of tools, from network scanners to malware, attempting to urgently exploit the vulnerabilities before the lion’s share of systems are patched. Web security firm CloudFlare, for example, has seen 1.5 […]

As part of its plan to reduce its workforce by 18,000, Microsoft has cut an unspecified number of positions in its Trustworthy Computing group and split the security and privacy teams, placing them in separate business groups within the company. While the reorganization has caused some concern among security experts that Microsoft may be de-emphasizing […]

Attackers have begun using a serious vulnerability in Bash, the popular command-line software for Linux, to spread malware to vulnerable Web servers worldwide, according to early reports. The attacks come less than 24 hours after software firms first reported the vulnerability, which some security firms have promoted as “Shellshock” but has been assigned CVE-2014-6271. The […]

More than 20 incidents of cyber-espionage affected government contractors providing transportation services to the U.S. military, an investigation by the U.S. Senate Armed Services Committee found, according to a recently declassified report. The incidents, which occurred between 2008 and 2013, targeted logistics companies, providers of civilian air services and commercial shipping lines that provide services […]

From pervasive data collection by the U.S. National Security Agency and other intelligence agencies to the leak of intimate photos and information on dozens of celebrities from Apple’s iCloud service, the privacy failings of the Internet have increasingly garnered the spotlight. While new products have reached the market aimed at helping privacy-conscious consumers better secure […]

When government contractor MITRE came up with its widely used system for assigning a unique ID to each software flaw, known as the Common Vulnerabilities and Exposures (CVE) identifier, the group did not foresee a time when more than 9,999 vulnerabilities would be discovered in a year. Yet, with 6,500 IDs already assigned to software […]

The Kelihos botnet, which has survived three shutdown attempts, has begun sending out phishing messages that aim to exploit consumer concerns over the recent leak of information from Apple’s iCloud service, according to security firm Symantec. The phishing campaign consists of email messages purporting to be from Apple and asking the targeted victim to authorize […]

Web servers based on both Linux and Windows are rapidly being targeted by attackers and turned into server-side botnets capable of high-bandwidth denial-of-service attacks, two security firms stated in recently published analyses. On one hand, attackers are targeting unpatched or poorly-maintained Linux systems, exploiting known vulnerabilities and installing bot software to conscript the computers into […]

Visitors to a Website dedicated to industrial simulation software and system engineering were secretly monitored by malware that had infected the site in the latest assault on businesses using what’s commonly known as a watering-hole attack. The attack, first reported in a brief Aug. 28 analysis by security firm Alien Vault, involved a legitimate Website […]

A Brazilian cyber-criminal group has attempted to hijack consumers’ traffic and redirect victims to fake banking sites by changing their router settings, according to an analysis by security firm Kaspersky Lab. The attack, which appears to have affected 3,300 victims in three days, uses an email to lure potential victims to an attacker-controlled Website. When […]

Thirteen software companies and universities have banded together to create a group focused on educating developers about how to design secure software, releasing a report offering the 10 best practices to avoid common software flaws. Called the IEEE Computer Society Center for Secure Design, the group includes participants from Google, Twitter, RSA, McAfee, Harvard University […]

The Playstation Network, Blizzard’s Battle.net and Microsoft’s Xbox Live all suffered disruptions in the last 48 hours caused by a group—or perhaps a single individual—directing denial-of-service attacks at the game networks. The vandals, who donned the monicker of “LizardSquad” on Twitter, went from juvenile to Jihad on Monday when they began posting terrorist-related images and […]