If you haven't been reading the news of late, venerable anti-spam service Spamhaus has been the target of a sustained, record-setting Distributed Denial-of-Service (DDoS) attack over the past couple of weeks... Of course, bad guys are always mad at Spamhaus, and so they had a pretty robust set-up to begin with, but whoever was behind this attack was able to muster some huge resources, heretofore never seen in intensity, and it had some impact, on the Spamhaus website, and to a limited degree, on the behind-the-scenes services that Spamhaus uses to distribute their data to their customers. more
A new type of DDoS attack takes advantage of an old vulnerability with the potential to put any company with an online presence at risk of attack warn researchers. more
The joint statement was released on Monday at the United Nations ahead of the UN General Assembly's General Debate calling on all states to support the evolving framework and to join in ensuring "greater accountability and stability in cyberspace." more
Thousands of TalkTalk and Post Office customers in the UK have had their Internet access cut by an attack targeting certain types of Internet routers, according to a BBC report on Thursday. more
A recent malware attack on the control systems of an industrial plant has renewed concerns about the threat hacking poses to critical infrastructure. more
Working in the anti-spam and online malware fight can be depressing or at best invoke multiple personality disorder. We all know things are bad on the net, but if you want a dose of stark reality, check out Brian Kreb's fantastic 'Security Fix' blog on the Washington Post site... Speaking to an old friend who asked me what I was doing these days, I recently likened the fight against this relentless onslaught to having one's pinky in a dyke, and there are days when I don't even think we have a dyke! more
A cybersecurity bill introduced in the U.S. Senate on April 1st, 2009 would give the United States federal government extraordinary power over private sector Internet services, applications and software. This proposed legislation is a direct result of a review ordered by the Obama administration into government policies and processes for defending against Internet-born attack. The focus of the bill, according to a summary released by the sponsoring senators, is on establishing a new partnership between the public and private sectors in a joint effort to bolster Internet security... more
In the U.S., it is a federal crime to use malware to intentionally cause "damage without authorization" to a computer that is used in a manner that affects interstate or foreign commerce. Most, if not all, U.S. states outlaw the use of malware to cause damage, as do many countries. The Council of Europe's Convention on Cybercrime, which the United States ratified a few years ago, has a provision concerning the possession of malware. Article 6(1)(b) of the Convention requires parties to the treaty to criminalize the possession of malware "with intent that it be used for the purpose of committing" a crime involving damage to a computer or data... more
A fledgling international cyber security alliance is continuing to gather backing from private business, according to a recent article published on ComputerWeekly.com. The International Cyber Security Protection Alliance (ICSPA) aims to support law enforcement agencies in countries that lack the resources to fight cybercrime. Commercial security organizations such as McAfee and Trend Micro are supporting the alliance. more
A new security report reveals cryptominers infected ten times more organizations than ransomware in 2018, but only one in five IT security professionals were aware their company's networks had been infected by mining malware. more
A report "Securing Cyberspace for the 44th Presidency" has just been released. While I don't agree with everything it says (and in fact I strongly disagree with some parts of it), I regard it as required reading for anyone interested in cybersecurity and public policy. The analysis of the threat environment is, in my opinion, superb; I don't think I've seen it explicated better. Briefly, the US is facing threats at all levels, from individual cybercriminals to actions perpetrated by nation-states. The report pulls no punches... more
Everyone has heard of the cyber security attacks on Target (2013), Home Depot (2014), Neiman Marcus (2014), Sony Pictures (2014), and the United States' second-largest health insurer, Anthem (reported February 2015), but have you heard of the security breaches for Aaron Brothers, Evernote (denial of service attack), P.F. Chang's China Bistro, Community Health Services, Goodwill Industries, SuperValu, Bartell Hotels, Dairy Queen, U.S. Transportation Command contractors, and more. more
The sixth annual Counter-eCrime Operations Summit (CeCOS VI) will engage questions of operational challenges and the development of common resources for the first responders and forensic professionals who protect consumers and enterprises from the ecrime threat every day. This year's meeting will focus on the shifting nature of cybercrime and the attendant challenges of managing that dynamic threatscape. more
Lots of coverage in the last two days about a Memorial Day weekend attack that took down the servers of Revision3, an Internet video network. This story has a lot of ingredients -- P2P maneuvering, DDoS attack, copyright vs. piracy, talk of laws broken and the FBI investigating. more
According to press reports, a water utility's SCADA network was hacked. The attacker turned a pump on and off too much, resulting in physical damage to the pump. ... For years, security specialists have been warning that something like this could happen. Although more and more people have started to believe it, we still hear all of the usual reassuring noises -- the hackers don't know enough, we have defenses, there are other safeguards, etc. That debate is now over... more
A World-Renowned Source for Internet Developments. Serving Since 2002.