Cyberattack

Cyberattack / Most Viewed

Security by Obscurity?

Ah yes, 'Security by obscurity': "Many people believe that 'security through obscurity' is flawed because... secrets are hard to keep." I'm glad the guys guarding the A Root Servers are up on the latest security trends. Of course, you could hide the A Root Servers at the heart of the Minotaur's maze, but they're still going to be "right over there" in cyberspace, at 198.41.0.29 more

New CSC Research Finds Significant Lack of Redundancy for Enterprise DNS

As outlined in CSC's recent 2020 Domain Security Report: Forbes Global 2000 Companies, cybercriminals are disrupting organizations by attacking the protocol responsible for their online presence -- their domain name system (DNS). When a DNS is overwhelmed with traffic due to a distributed denial of service (DDoS) attack or configuration error, content and applications become inaccessible to users, affecting both revenue and reputation. more

IBM Launches Quad9, a DNS-based Privacy and Security Service to Protect Users from Malicious Sites

The new DNS service, called Quad9, is aimed at protecting users from accessing malicious websites known to steal personal information, infect users with ransomware and malware, or conduct fraudulent activity. more

78% of Cybersecurity Professionals Expect an Increase in DNS Threats, Yet Have Reservations

A recent survey conducted by the Neustar International Security Council confirmed the heightened interests on domain name system (DNS) security. The survey reveals that over three-quarters of cybersecurity professionals anticipate increases in DNS attacks, especially with more people shopping online amid the pandemic. Yet, close to 30% have reservations about their ability to respond to these attacks. more

The Internet of Stupid Things

In those circles where Internet prognostications abound and policy makers flock to hear grand visions of the future, we often hear about the boundless future represented by "The Internet of Things". This phrase encompasses some decades of the computing industry's transition from computers as esoteric piece of engineering affordable only by nations, to mainframes, desktops, laptops, handhelds, and now wrist computers. Where next? more

Endpoint Rollbacks & Data Shadow Copies

Recently I was asked by a customer how they can easily set up rollback capabilities on the endpoints in their corporate network. They had seen the marketing hype by various security technology providers that their products included rollback capabilities they could utilize if/when one of their workstations or servers was infected by malware. Having gotten this question more than once, I thought it would be a good subject to share with a broader audience. more

CircleID’s Top 10 Posts of 2009

Looking back at the year that just ended, here are the top ten most popular news, blogs, and industry news on CircleID in 2009 based on the overall readership of the posts. Congratulations to all the participants whose posts reached top readership in 2009 and best wishes to the entire community in 2010. more

Why Is It So Hard to Run a Bitcoin Exchange?

One of the chronic features of the Bitcoin landscape is that Bitcoin exchanges screw up and fail, starting with Mt. Gox. There's nothing conceptually very hard about running an exchange, so what's the problem? The first problem is that Bitcoin and other blockchains are by design completely unforgiving. If there is a bug in your software which lets people steal coins, too bad, nothing to be done. more

CircleID’s Top Ten Posts of 2012

Here are the top ten most popular news, blogs, and industry updates featured on CircleID during 2012 based on the overall readership of the posts for the past 12 months. Congratulations to all the participants whose posts reached top readership and best wishes to the entire community for 2013. more

Lessons Learned from the Namejuice/DROA/DROC Outage

Last week an ICANN registrar, Namejuice, went off the air for the better part of the day -- disappearing off the internet at approximately 8:30 am, taking all domains delegated to its nameservers with it, and did not come back online until close to 11 pm ET. That was a full business day and more of complete outage for all businesses, domains, websites, and email who were using the Namejuice nameservers -- something many of them were doing. more

A Dangerous, Norm-Destroying Attack

Kim Zetter has a new story out describing a very serious attack. In fact, the implications are about as bad as possible. The attack has been dubbed ShadowHammer by Kaspersky Lab, which discovered it. Briefly, some crew of attackers -- I suspect an intelligence agency; more on that below -- has managed to abuse ASUS' update channel and private signing key to distribute bogus patches. more

Blacklists Down from Fear of DDoS

Yet another DNS blacklist has been taken down out of fear of the DDoS attacks that took down Osirusoft, Monkeys.com, and the OpenRBL. Blackholes.compu.net suffered a Joe-Job (A Joe-Job is essentially spam designed to look like it's coming from someone else.) earlier this week. Apparently the Joe-Jobing was enough to convince some extremely ignorant mail administrators that Compu.net is spamming and blocked mail from compu.net. Compu.net has also seen the effects of DDoS attacks on other DNS blacklist maintainers. They've decided that the risk to their actual business is too great and they are pulling the plug on their DNS blacklist before they come under the gun by spammers. more

Anonymous Plans to Go After DNS Root Servers. What Will Be the US’s Response?

The other day on pastebin, snippets of an email conversation were posted with members of the hacking group Anonymous discussing plans to conduct DOS attacks against the Internet's root name servers... Going after the Internet's root servers is a very bold move by Anonymous. Whereas before they were "merely" breaking into companies that they believed were acting contra to the hacker ethic, going after the Internet infrastructure is another thing altogether. Why? more

Kidnapping, Theft and Rape Are Not “Cyber” Crimes

Kidnap. Rape. There are no lesser words that can be used to describe what happened to the daughter of an anti-spam investigator in Russia. His daughter was recently released, according to Joseph Menn's recent article on Boing Boin, after having been kidnapped from her home five years ago, fed drugs, and made to service men, as a warning to ward off further investigations. The criminals behind these vicious acts were also responsible for large spamming organization associated with Russian Mob activity. more

Security Researchers are Warning About a New IoT Botnet Storm Brewing

A brand new botnet, dubbed ‘IoTroop’, is discovered evolving and recruiting IoT devices at a far greater pace and with more potential damage than the Mirai botnet of 2016. Researchers at the security firm, Check Point, are warning that "a massive Botnet is forming to create a cyber-storm that could take down the internet. ... Our research suggests we are now experiencing the calm before an even more powerful storm. The next cyber hurricane is about to come." more