Cyberattack

Cyberattack / Most Viewed

Black Frog: Next Generation Botnet, No Generation Spam Fighting

Black Frog -- a new effort to continue the SO-CALLED Blue Security fight against spammers. A botnet, a crime, a stupid idea that I wish would have worked -- News items on Black Frog. Blue Frog by Blue Security was a good effort. Why? Because they wanted to "get spammers back". They withstood tremendous DDoS attacks and abuse reports, getting kicked from ISP after ISP. ...The road to hell is filled with good intentions. Theirs was golden, but they got to hell, quite literally, non-the-less. ...When Blue Security went down, some of us made a bet as to when two bored guys sitting and planning their millions in some café would show up, with Blue Security's business plan minus the DDoS factor. Well -- they just did. more

Cyber-Terrorism Rising, Existing Cyber-Security Strategies Failing, What Are Decision Makers to Do?

While conventional cyber attacks are evolving at breakneck speed, the world is witnessing the rise of a new generation of political, ideological, religious, terror and destruction motivated "Poli-Cyber™" threats. These are attacks perpetrated or inspired by extremists' groups such as ISIS/Daesh, rogue states, national intelligence services and their proxies. They are breaching organizations and governments daily, and no one is immune. more

Canadian Internet Registration Authority Launches Cloud-Based DNS Firewall Service

The Canadian Internet Registration Authority (CIRA) has announced the launch of a security service called D-Zone DNS Firewall -- a cloud-based cybersecurity solution -- to protect Canadian organizations from rasomware and malware. more

A Noteworthy Report on Fast Flux Hosting

This very interesting document was released by ICANN's Generic Names Supporting Organization (GNSO) for public comment yesterday. And it asks some fundamental questions while at the same time pointing to sources such as the Honeynet Alliance's reports on fast flux. more

Proceedings of Name Collisions Workshop Available

Keynote speaker, and noted security industry commentator, Bruce Schneier (Co3 Systems ) set the tone for the two days with a discussion on how humans name things and the shortcomings of computers in doing the same. Names require context, he observed, and "computers are really bad at this" because "everything defaults to global." Referring to the potential that new gTLDs could conflict with internal names in installed systems, he commented, "It would be great if we could go back 20 years and say 'Don't do that'," but concluded that policymakers have to work with DNS the way it is today. more

The Longevity of the Three-Napkin Protocol

It is not often I go out to my driveway to pick up the Washington Post -- yes, I still enjoy reading a real physical paper, perhaps a sign of age -- and the headline is NOT about how the (insert DC sports team here) lost last night but is instead is about an IT technology. That technology is the Border Gateway Protocol (BGP), a major Internet protocol that has been around for more than a quarter century, before the Internet was commercialized and before most people even knew what the Internet was. more

So Long, Farewell: The Worst DDoS Attacks of 2016

The year 2016 will go down in infamy for a number of reasons. It was the year an armed militia occupied an Oregon wildlife refuge, Britain voted to Brexit, an overarching event that will simply be referred to as The Election occurred, and Justin Bieber made reluctant beliebers out of all of us. 2016 was also the worst year on record for distributed denial of service (DDoS) attacks by a margin that can only be considered massive. more

Conventional Thinking Won’t Work in New Era of ISIS & ‘Unprecedented’ Cyber & Non-Cyber Attacks

Conventional thinking or solutions will no longer work in the new era of ISIS and the 'Unprecedented' cyber and non-cyber attacks we live in today. Like it or not, everyone is impacted, and no one is immune. Whether you are an average citizen, a chairman or CEO of a multinational, or a government or academic institution leader, the questions to ponder are: Do you know what to do next? Do you know what the solution is? more

Why DNS is Broken, in Plain English

At ICANN's meeting in Egypt last week, I had the opportunity to try and explain to various non-technical audiences why the Domain Name System (DNS) is vulnerable to attack, and why that is important, without needing a computer science degree to understand it. Here is the summary. more

MIT 2010 Spam Conference Starts Tomorrow…

In January we presented the glorious history of the MIT spam conference, today we present the schedule for the first day. Opening session will be from this author, Garth Buren with a topic entitled The Internet Doomsday Book, with details be released the same day as the presentation. Followed by Dr. Robert Bruen with a review of activities since the last MIT spam conference... more

Hackers Use Tesla’s Amazon Cloud Account to Mine Cryptocurrency

Tesla's cloud environment has been infiltrated by hackers and used to mine cryptocurrencies, researchers have discovered. Other victims include Aviva and Gemalto. more

Newly Discovered Malware Called VPNFilter is Targeting at Least 500K Networking Devices Worldwide

Cisco's security arm, Talos, today revealed a several-month-old research on a sophisticated modular malware system dubbed "VPNFilter. more

Russian Hackers Have Penetrated U.S. Electric Utilities

U.S. federal government officials have revealed Russian hackers have been able to gain access to the networks of electric utilities in the country, according to a report by The Wall Street Journal. more

Cigarette Smuggling and Cyber Security: Low-Tech Crimes Fund High-Tech Threats

You may not connect the cheap cigarettes sold under the counter (or out of a trunk, bodega or by a street vendor) with the mysterious charges on your credit card that you don't remember making or the cash that has, somehow, just disappeared from your bank account. You also may not connect that website selling cheap cigarettes made in second and third world countries with Shellshock or whatever the fashionably scary cyber-threat of the day is when you're reading this. more

Open DNS Resolvers - Coming to an IP Address Near You!

Three vectors were exploited in the recent DDoS attack against Spamhaus: 1) Amplification of DNS queries through the use of DNSSEC signed data; 2) Spoofed source addresses due to lack of ingress filtering (BCP-38) on originating networks; 3) Utilisation of multiple open DNS resolvers While. 1) is unavoidable simply due to the additional data that DNSSEC produces, and 2) "should" be practised as part of any provider's network configuration, it is 3) that requires "you and I" ensure that systems are adequately configured.  more