Reports from various sources indicate Pyeongchang Olympics organizers were looking into a disruption of non-critical systems on the day of the opening ceremony but could not yet confirm if it was a cyberattack. more
There has been a lot of discussion lately about the potential for IPv6 to create security issues. While there are definitely some security risks of IPv6 deployment, a carefully considered implementation plan can help mitigate against security risks. As we approach World IPv6 Launch tomorrow, I thought it prudent to share the below described incident that iDefense recently observed. more
ICANN has appointed IID President and CTO Rod Rasmussen to its Security and Stability Advisory Committee (SSAC). An area that Rasmussen's work and recent SSAC reports have both covered in-depth is domain name hijacking. Recent hijackings against UFC.com and Coach.com, and similar past attacks against CheckFree, Comcast and Twitter have heightened awareness about the security dangers with the Internet's infrastructure. more
We recently received an email from a customer asking about hybrid DDoS mitigation and its ability to stop large application layer attacks. Here's the truth: Hybrid DDoS mitigation works and can stop large application layer attacks. Hybrid DDoS mitigation typically involves a purpose-built DDoS mitigation appliance or software on dedicated hardware that sits immediately in front of or behind an enterprise's edge router. more
The newly released handbook applies the practice of international law with respect to electronic warfare. The Tallinn Manual on the International Law Applicable to Cyber Warfare -- named for the Estonian capital where it was compiled -- was created at the behest of the NATO Co-operative Cyber Defence Centre of Excellence, a NATO think tank. It takes current rules on battlefield behaviour, such as the 1868 St Petersburg Declaration and the 1949 Geneva Convention, to the internet, occasionally in unexpected ways. more
The team behind the free networking software Samba has issued and emergency patch for a remote code execution vulnerability. more
Transition spokesman Sean Spicer told reporters today that former New York City Mayo, Rudy Giuliani will "chair" the cyber task force that Trump announced last Friday. The task force is given three months from Trump's inauguration to deliver a cybersecurity plan. more
Germany is trying to beef up its cyber defense, after the interior minister called for rules that allow nations to attack foreign hackers targeting critical infrastructure. more
Usernames/email addresses and encrypted passwords for profile accounts created on the ICANN.org public website have been obtained by an unauthorized person, the Internet Corporation for Assigned Names and Numbers announced Wednesday night. more
Reading up on COVID-19 and Zoom/Boris Johnson outcry yesterday, an analogy struck me between the two: the lack of testing. In both cases, to truly know how safe and secure we are, testing needs to be stepped up considerably. This post focuses on cybersecurity. Over the past days and weeks, more and more organisations have switched to digital products and services to sustain working from home, to keep productivity up and to be connected. more
A significant ransomware attack by a group known as AlphV or BlackCat has severely disrupted pharmacies across the U.S., affecting the delivery of prescription medications for over ten days. This attack on Change Healthcare has resulted in considerable difficulties for hospital pharmacies and nationwide drug distribution. more
Defense Systems reports: "The U.S. government's sweeping new cybersecurity strategy announced May 16 states that the country will respond to a major cyberattack using any or all of the means at its disposal, reports the Associated Press. Although military response to a cyberattack is one of the options listed in the International Strategy for Cyberspace, it will be considered only as a last resort, officials said." more
The Biden administration has issued a stark warning to the nation's governors about the increasing threat of cyberattacks on the United States' water and wastewater systems. more
The U.S. Department of Homeland Security has issued a warning about cybersecurity vulnerabilities in medical devices which have come after independent researchers, or the companies themselves, reporting the problems. more
It is certainly true that DDoS and hacking are on the rise; there have been a number of critical hacks in the last few years, including apparent attempts to alter the outcome of elections. The reaction has been a rising tide of fear, and an ever increasing desire to "do something." The something that seems to be emerging is, however, not necessarily the best possible "something." Specifically, governments are now talking about attempting to "wipe out" the equipment used in attacks. more