U.S. Subcommittee on Communications & Technology and the Subcommittee on Commerce, Manufacturing, and Trade have announced a joint hearing to examine recent cyberattacks. more
Based on the total number of transactions, Zscaler reports botnets as the biggest security risk on the Internet for the enterprises. "Once a host gets infected, the botnet usually spreads quickly within an enterprise. It also generates a significant amount of traffic to the command and control server, to download additional malware or perform other actions." more
SANS has announced NetWars CyberCity, a small-scale city located close by the New Jersey Turnpike complete with a bank, hospital, water tower, train system, electric power grid, and a coffee shop. NetWars CyberCity was developed to teach cyber warriors from the U.S. Military how online actions can have kinetic effects. more
The European Commission has launched a new public-private partnership on cybersecurity expected to trigger €1.8 billion ($2B) of investment by 2020. more
Leading French presidential candidate Emmanuel Macron's campaign confirmed on Friday a "massive" computer hack that dumped its campaign emails online less than two days before the election. more
According to reports, North Korea has accused the United States for conducting a cyberattack that has disrupted Internet connectivity in the country. "While the details of the cause of the disruption are unknown, we can confirm that in the last two days, North Korea's sole Internet provider has, in fact, suffered from disruptions in connectivity to the global Internet," reports Doug Madory from Renesys. more
A group of ISPs on wednesday told U.S. Congress that passing new cybersecurity rules affecting broadband and mobile service providers is counterproductive and should be resisted. Jason Livingood, vice president of Internet systems engineering at Comcast, during a hearing before the U.S. House of Representatives Energy and Commerce Committee's communications subcommittee, said: ISPs have "strong incentives" to secure their networks and invest heavily in cybersecurity because of competition. more
A report, released today by McAfee, Inc., titled "Security Takes the Offensive," says that traditionally, security technology companies and computer users have taken a defensive posture, putting the cyber equivalent of body armor on computers, networks and in the cloud. The report's authors say it is now time to avoid enemy strikes altogether by taking a more aggressive stance, aligning forces and involving law enforcement. more
Cybercriminals are continuing to exploit human nature and relying on familiar attack patterns such as phishing, and increase their reliance on ransomware, where data is encrypted and a ransom is demanded, according to Verizon 2016 Data Breach Investigations Report released today. more
Wout de Natris: "In this decision OPTA revokes the registration of Diginotar as a so called Trusted Third Party. Diginotar issued certified certificates for digital signatures. The security breach by Iranian hackers over the summer, which Diginotar did not report to the authorities, lead to severe credibility issues for all Diginotar certificates issued before. This included Dutch government websites, but also led to severe breaches of privacy for Iranian end users, in multiple countries. As a result of OPTA's decision all certificates issued by Diginotar have to be revoked, while at the same she is forbidden to issue new ones. more
Security experts from Google's Project Zero along with researchers from Red Hat, have identified and helped patch a security flaw in the GNU C Library (glibc) that could be exploited via rogue DNS servers, reports Catalin Cimpanu from Softpedia. more
Department of Homeland Security (DHS) Secretary Janet Napolitano today opened the new National Cybersecurity and Communications Integration Center (NCCIC) — a 24-hour, DHS-led coordinated watch and warning center that will improve national efforts to address threats and incidents affecting the nation's critical information technology and cyber infrastructure. more
"A radical review of cybersecurity in space is needed to avoid potentially catastrophic attacks," warn researchers at the International Security Department of UK-based thinktank, Chatham House. more
In today's world with botnets, viruses and other nefarious applications that use DNS to further their harmful activities, outbound DNS security has been largely overlooked. As a part of multi-layer security architecture, a DNS Firewall should not be ignored. After serving as a consultant for multiple organizations, I have encountered many companies that allow all internal devices to send outbound DNS queries to external DNS servers - a practice that can lead to myriad problems. more
Last month, the Russian state-sponsored hacking group "Midnight Blizzard" gained access to the email accounts of Microsoft leadership, even exfiltrating documents and messages. The group reportedly used a simple brute-force style attack to access a forgotten test account and then exploited the permissions on that account to access the emails of employees in the cybersecurity and legal teams. more