Cyberattack

Cyberattack / Featured Blogs

Notes from NANOG 81

As the pandemic continues, the network operator community continues to meet online. NANOG held its 81st meeting on February 8 and 9, and these are my notes from some of the presentations at that meeting... Ethernet, developed in 1973 at Xerox PARC, was a revolutionary step in network architectures in many ways. The common bus architecture imposed several constraints on the network that have echoed through the ensuing four decades in all kinds of ways. more

3 Most Scary Attacks that Leaked Personally Identifiable Information (PII) of Millions of Users

Cybercriminals are increasingly targeting Personally Identifiable Information (PII). The reason being "data is the new gold" in this digital world, and the more sensitive some data is, the more value it has. There is no more sensitive data than personally identifiable information because it contains enough information to identify you digitally. Examples of personally identifiable information include name, email, contact number, address, social security number, tax file number, banking or financial information, and more such data that helps identify you. more

Clarivate Domain Survey Reveals a 10% Increase in Cyberattacks

Clarivate has once again surveyed global business leaders about the importance of domain names to their organizations, including the role of domains as intellectual property (IP) assets. The 2020 survey followed up on our 2019 survey, revealing key year-over-year trends in how organizations manage, secure and budget for domain names. In this blog, we review key trends from the new report. more

Reshaping Cyberspace: Beyond the Emerging Online Mercenaries and the Aftermath of SolarWinds

Ahmed Mansoor is an internationally recognized human rights defender based in the Middle East and recipient of the Martin Ennals Award (sometimes referred to as a "Nobel Prize for human rights"), On August 10 and 11, 2016, Mansoor received an SMS text messages on his iPhone promising "new secrets" about detainees tortured if he clicked on an included link. Instead of clicking, Mansoor sent the messages to the Canadian Citizen Lab researchers. more

Protecting an Enterprise from Cyber Catastrophe

We are suffering an epidemic of cyberattacks while in a viral pandemic. This post is for those who have responsibility for assuring that the IT-based services offered by their enterprise can quickly recover in the case of successful cyber-attack or other disaster. University of Vermont Medical Center (UVMMC) is an excellent hospital. I owe my life to treatment there and am grateful for both the skill and the kindness of UVMMC staff. They have been devastated by a cyber-attack. more

Cybersecurity Considerations in the Work-From-Home Era

Verisign is deeply committed to protecting our critical internet infrastructure from potential cybersecurity threats, and to keeping up to date on the changing cyber landscape. Over the years, cybercriminals have grown more sophisticated, adapting to changing business practices and diversifying their approaches in non-traditional ways. We have seen security threats continue to evolve in 2020, as many businesses have shifted to a work from home posture due to the COVID-19 pandemic. more

Authenticated Resolution and Adaptive Resolution: Security and Navigational Enhancements to the DNS

The Domain Name System (DNS) has become the fundamental building block for navigating from names to resources on the internet. DNS has been employed continuously ever since its introduction in 1983, by essentially every internet-connected application and device that wants to interact online. Emerging from an era where interconnection rather than information security was the primary motivation, DNS has gradually improved its security features. more

New CSC Research Finds Significant Lack of Redundancy for Enterprise DNS

As outlined in CSC's recent 2020 Domain Security Report: Forbes Global 2000 Companies, cybercriminals are disrupting organizations by attacking the protocol responsible for their online presence -- their domain name system (DNS). When a DNS is overwhelmed with traffic due to a distributed denial of service (DDoS) attack or configuration error, content and applications become inaccessible to users, affecting both revenue and reputation. more

Beware of Abandoned Domain Names in this Turbulent Time and as the Global Economy Changes

The outbreak of COVID-19 has caused worldwide disruption -- for whole nations and their economies. Unfortunately, there will be some side effects for businesses. A number of brands will disappear from the streets and shelves, as businesses that fail to weather the storm will have to fold. Companies that do survive will likely focus more on their core markets, pulling brands out of higher risk, less profitable markets... more

Do Your Analytics Efforts Expose Your SQL Data Sources to Attacks?

Structured Query Language (SQL) continues to be quite relevant today. Many organizations still use SQL database systems, and it still ranks as the top in-demand language in tech job postings -- even in 2020. Companies are also increasing their analytics and business intelligence efforts, where SQL skills come in as quite handy. SQL queries allow you to pull key information from databases quickly. more

Industry Updates

Beyond Healthcare IoCs: Threat Expansion and EHR Impersonation Detection

Detecting ChatGPT Phishing on Social Media with the Help of DNS Intelligence

SocGholish IoCs and Artifacts: Tricking Users to Download Malware

Profiling a Massive Portfolio of Domains Involved in Ransomware Campaigns

Gauging How Big a Threat Gigabud RAT Is Through an IoC List Expansion Analysis

Catching Batloader Disguised as Legit Tools through Threat Vector Identification

Tracing Connections to Rogue Software Spread through Google Search Ads

Malware Persistence versus Early Detection: AutoIT and Dridex IoC Expansion Analysis

Sifting for Digital Breadcrumbs Related to the Latest Zoom Attack

Cloud Atlas May Hide Their Tracks but 1,800+ Unpublicized Artifacts Can Help Orgs Tag Them

Exposing Chat Apps Exploited for Supply Chain Attacks

From Data Breach to Phishing to Lapsus$: Cyber Attacks That Echoed in 2022

Supply Chain Security: A Closer Look at the IconBurst and Material Tailwind Attacks

Is Aurora as Stealthy as Its Operators Believe?

Australian Government Steps In