The United States and Israel are reported to be responsible for developing the Flame virus aimed at collecting intelligence in preparation for cyber-sabotage aimed at slowing Iran's ability to develop a nuclear weapon, according to Western officials with knowledge of the effort. According the Washington Post, "[t]he massive piece of malware secretly mapped and monitored Iran's computer networks, sending back a steady stream of intelligence to prepare for a cyberwarfare campaign, according to the officials." more
It seems that this last holiday season didn't bring much cheer or goodwill to corporate security teams. With the public disclosure of remotely exploitable vulnerabilities and backdoors in the products of several well-known security vendors, many corporate security teams spent a great deal of time yanking cables, adding new firewall rules, and monitoring their networks with extra vigilance. more
On many occasions I have written about the dangers of electronic communications in relation to data retention laws, government e-spying and other activities undermining our democracy and our liberty. To date governments still have to come up with evidence that all of this spying on their citizens has prevented any terrorist attacks. Terrorism has been given as the key reason for the government's spying. more
Domain names that can be rapidly acquired, used in an attack, and abandoned before they can be traced are a critical resource for cybercriminals. Some attacks, including spam and ransomware campaigns and criminal infrastructure operation (e.g., "botnets"), benefit particularly from the ability to rapidly and cheaply acquire very large numbers of domain names – a tactic known as bulk registration. more
Details of Infineon’s RSA key generation vulnerability was made public today after several announcements by vendors last week. more
An apparent Iranian influence operation targeting internet users worldwide is reported as significantly larger than previously identified, Reuters reports. more
Google has announced its first initiative out of Jigsaw which is the expansion of its experimental service, Project Shield. Google is offering Project Shield as a free service leveraging Google technology to protect news and free expression sites from DDoS attacks on the web. more
In the upcoming Black Hat London presentation, security researcher from University College London, Vasilios Mavroudis and colleagues are going to describe and demonstrate the practical security and privacy risks that arise with the adoption systems enabled with ultrasonic cross-device tracking (uXDT). more
Since January 2016, discreet campaigns involving malware called Trojan.Odinaff have targeted a number of financial organizations worldwide, warned Symantec Security Response team on Tuesday. more
Web applications, on average, experience twenty seven attacks per hour, or roughly one attack every two minutes, according to the newly released Imperva Web Application Attack Report. Report also notes that when websites came under automated attack they received up to 25,000 attacks in one hour, or 7 attacks every second. more
In part 1, I talked about some of the risks associated with BYOD. But there are actions you can take to greatly reduce this risk. One effective method for limiting the risk of BYOD is to employ DNS-based security intelligence techniques. DNS-based security intelligence makes use of an enterprise's caching DNS server to monitor and block DNS queries to known botnet command and control (C&C) domains. more
The cybersecurity reports, which represent only a slice of all cyber attacks on the Fed, were obtained by Reuters through a Freedom of Information Act request. more
U.S. Sen. Mark R. Warner (D-VA), a member of the Senate Select Committee on Intelligence and co-founder of the bipartisan Senate Cybersecurity Caucus, has released a letter asking three federal agencies for information on the tools available that prevent cyber criminals from compromising consumer products, such as Internet of Things (IoT) devices. more
The Western energy sector is being targeted by a new wave of cyberattacks capable of providing attackers ability to severely disrupt affected operations, according to reports on Wednesday. more
According to a report by the Defense Science Board, the President-elect Barack Obama will inherit a cybersecurity infrastructure that is ill-prepared for advanced cyberattacks which will be of particular challenge for the new leaders... Reporting today on eWeek, Roy Mark writes: "The Bush administration has been widely criticized by security experts as de-emphasizing cyber-security and hamstringing the authority of officials in charge of government-wide cyber-security" said Roy Mark in a report eWeek." more
A World-Renowned Source for Internet Developments. Serving Since 2002.