Robert Lemos

About

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's written for Ars Technica, CNET, eWEEK, MIT Technology Review, Threatpost and ZDNet. He won the prestigious Sigma Delta Chi award from the Society of Professional Journalists in 2003 for his coverage of the Blaster worm and its impact, and the SANS Institute's Top Cybersecurity Journalists in 2010 and 2014.

IT Pros Ready to Switch Jobs in Search of Pay Increases, Training

While most information-technology professionals say they are satisfied with their jobs, nearly two-thirds feel they are underpaid and do not have adequate training opportunities, which will leave many looking for new positions in 2018, according to an annual survey by IT community Spiceworks. The 2018 IT Career Outlook survey of 2,163 workers in Europe and […]

Microsoft, ESET Work With Law Enforcement to Disrupt Gamarue Botnet

Microsoft and security firm ESET announced on Dec. 4 that the companies have been cooperating with international law enforcement agencies for more than a year to disrupt a sprawling botnet, known as Gamarue. Gamarue—a crime kit that is known on Internet underground marketplaces as the Andromeda bot—has infected, or attempted to infect, more than 1 […]

Reported Software Vulnerabilities on Track to Break Record in 2017

The number of reported software flaws took off in 2017 and is on track for a record-breaking year, according to two organizations that track vulnerability disclosures. The National Vulnerability Database, managed by the U.S. National Institute of Standards and Technology, has documented more than 13,400 vulnerabilities so far this year, more than double the database […]

Data Shows China Likely Delaying Vulnerability Reports to Help Attacks

China intelligence officials are likely delaying the release of information on high-severity vulnerabilities to evaluate the security flaws for operational utility and to benefit the nation’s online espionage efforts, according to an analysis of vulnerability disclosure trends and timing conducted by Recorded Future, a threat- and information-analysis firm. In a report published on Nov. 16, […]

Attacks Exploit Microsoft Dynamic Data Exchange Protocol

In at least three separate campaigns, online attackers have used a feature of Microsoft Office documents—known as the Dynamic Data Exchange (DDE) protocol—to download and execute malware, internet security firm Zscaler stated in a Nov. 15 analysis of the attacks. The DDE fields allow a document, such as an Excel spreadsheet, to automatically update its […]

States Starting to Implement Audits to Bolster Election Integrity

After clear evidence emerged that Russia attempted to influence the results of the 2016 U.S. presidential election by social media, and more directly by hacking election systems, state governments are embarking on a variety of efforts to use statistical auditing to verify election results. On Nov. 15, Colorado kicked off its first statewide statistical audit […]

Vast Majority of Users Don’t Use Two-Factor Authentication: Survey

Despite a steady diet of news coverage of major data breaches, more than two-thirds of people have never used two-factor authentication—a second way of identifying themselves when logging into an online account, according to a survey-based report published by Duo Security on Nov. 7. The report found that 28 percent of Americans had ever used […]

Kaspersky Lab Claims Malware Caused Security App to Grab Secret Data

Facing a ban of its products by U.S. government agencies and an ongoing congressional investigation for allegedly aiding Russian intelligence, security firm Kaspersky Lab released on Oct. 25 its own analysis into whether its software was used to steal data from the U.S. government, arguing that it found only a single case where classified data […]

Cyber-Criminals Using Compromised RDP Servers to Anonymize Attacks

More than 35,000 servers that host remote desktops for companies have been compromised by an Eastern European group that is selling access to the computers for less than $15 each, threat-intelligence firm Flashpoint stated in an analysis published on Oct. 24. The compromised remote desktop protocol (RDP) servers allow the dark-web group to offer anonymization […]

U.S Lawmakers File Bill to Enable Businesses to Pursue Cyber-Criminals

Companies may get the legal power to chase cyber-criminals across the Internet, if a bill introduced in the U.S. House of Representatives passes muster. The bill, the Active Cyber Defense Certainty Act (ACDC), is the brainchild of Rep. Thomas Graves (R-GA), who started pitching the legislation in March and accepted industry comment over the past […]