Cyberattack

APT: The Cancer Within

Unless you have a team employing the latest proactive threat-hunting techniques, the stealthy Advanced Persistent Threat (APT) hiding in your network can pass by completely unnoticed. There are as many definitions of APT as experts writing about the topic, so let's boil it down to the simple essentials: APTs are usually implanted and maintained by a team of malicious actors with the intention of living long term in your network while extracting valuable private information. more

In Response to Offensive Destruction of Attack Assets

It is certainly true that DDoS and hacking are on the rise; there have been a number of critical hacks in the last few years, including apparent attempts to alter the outcome of elections. The reaction has been a rising tide of fear, and an ever increasing desire to "do something." The something that seems to be emerging is, however, not necessarily the best possible "something." Specifically, governments are now talking about attempting to "wipe out" the equipment used in attacks. more

ICANN Website Breached, Passwords Obtained by an Unauthorized Person

Usernames/email addresses and encrypted passwords for profile accounts created on the ICANN.org public website have been obtained by an unauthorized person, the Internet Corporation for Assigned Names and Numbers announced Wednesday night. more

Department of Homeland Security Issues More Warnings on Security Vulnerabilities in Medical Devices

The U.S. Department of Homeland Security has issued a warning about cybersecurity vulnerabilities in medical devices which have come after independent researchers, or the companies themselves, reporting the problems. more

U.S. Targets Russian Mastermind Behind Dominant Ransomware Landscape, Offers $10 Million Reward

The U.S. government has declared criminal charges, economic sanctions, and a $10 million reward for information leading to the arrest of a Russian citizen, Mikhail Matveev. Accused of a series of ransomware attacks, Matveev's alleged operations, known as Babuk, have targeted entities such as the D.C. police, an airline, and other American industries. more

Swimming Australia Website Comes Under DDoS Attack in Wake of Allegations Against Chinese Swimmer

The website of Swimming Australia has come under DDoS attack just hours after the Australian Bureau of Statistics went back online following a similar attack bringing the online census initiative to a halt. more

Cyber Security Forecast for 2009: Data and Mobility Key Part of Emerging Threats

Georgia Tech Information Security Center (GSTISC) today held its annual Security Summit on Emerging Cyber Security Threats and released the GTISC Emerging Cyber Threats Report for 2009, outlining the top five areas of security concern and risk for consumer and enterprise Internet users for the coming year... According to the report, data will continue to be the primary motive behind future cyber crime-whether targeting traditional fixed computing or mobile applications. "It's all about the data," says security expert George Heron -- whether botnets, malware, blended threats, mobile threats or cyber warfare attacks. more

US Government Networks Thoroughly Penetrated by Foreign Spies, Experts Tell Senate

Network security experts from across the U.S. government told a U.S. Senate Armed Services Subcommittee on Tuesday that federal networks have been thoroughly penetrated by foreign spies, and that current perimeter-based defenses that attempt to curb intrusions are outdated and futile. more

Security Researchers Announce First SHA-1 Collision, Confirming Fears About Its Vulnerabilities

In a joint announcement today, Dutch research institute CWI and Google revealed that they have broken the SHA-1 internet security standard "in practice". more

North Korea’s Spy Agency Behind WannaCry

According to a report from The Washington Post, the NSA has linked the North Korean government to the creation of the WannaCry ransomeware that resulted in affecting over 300,000 people in almost 150 countries last month. more

British Organizations Could Face Massive Fines for Cybersecurity Failures

Organizations who fail to implement effective cybersecurity measures could be fined as much as £17 million or 4% of global turnover, as part of Britain's plan to prevent cyberattacks. more

Hosters: Is Your Platform Being Used to Launch DDoS Attacks?

As anyone who's been in the DDoS attack trenches knows, large multi-gigabit attacks have become more prevalent over the last few years. For many organizations, it's become economically unfeasible to provision enough bandwidth to combat this threat. How are attackers themselves sourcing so much bandwidth? more

Ransomware Attacks Skyrocket: Median Cost Doubles to $26,000, Representing a Quarter of All Breaches, Reports Verizon

A report from Verizon Business's 16th annual Data Breach Investigations Report (DBIR) reveals a startling surge in the frequency and cost of cyberattacks. It analyzed 16,312 security incidents and 5,199 breaches, showing a sharp uptick in the cost of ransomware.  more

Characterizing the Friction and Incompatibility Between IoC and AI

Many organizations are struggling to overcome key conceptual differences between today's AI-powered threat detection systems and legacy signature detection systems. A key friction area -- in perception and delivery capability -- lies with the inertia of Indicator of Compromise (IoC) sharing; something that is increasingly incompatible with the machine learning approaches incorporated into the new breed of advanced detection products. more

U.S. Issues Cyber Incident Coordination Policy

White House has issued new directive spelling out how the Federal government will coordinate its incident response activities in the event of a large-scale cyber incident. more