Cybercrime

Abusive and Malicious Registrations of Domain Names

When ICANN implemented the Uniform Domain Name Dispute Resolution Policy (UDRP) in 1999, it explained its purpose as combating "abusive registrations" of domain names which it defined as registrations "made with bad-faith intent to profit commercially from others' trademarks... Bad actors employ a palette of stratagems, such as combining marks with generic qualifiers, truncating or varying marks or by removing, reversing, and rearranging letters within the second level domain (typosquatting). more

Equifax Breach Blamed on Open-Source Software Flaw

Equifax has blamed a flaw in the software running its online databases for the massive breach revealed last week that has allowed hackers to steal personal information of as many as 143 million customers. more

Lessons Learned from Harvey and Irma

One of the most intense natural disasters in American history occurred last week...You may wish to donate or get involved with hurricane Harvey relief to help the afflicted. That's great, but as we all know, we should be wary of who we connect with online... The FTC warned last week that there are many active relief scams in progress and noted that there always seems to be a spike in registration of bogus domains. more

Equifax Hacked, Nearly Half of US Population Affected

In an announcement today, credit reporting giant Equifax revealed a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. more

Fighting Phishing with Domain Name Disputes

I opened an email from GoDaddy over the weekend on my phone. Or so I initially thought. I had recently helped a client transfer a domain name to a GoDaddy account (to settle a domain name dispute), so the subject line of the email -- "Confirm this account" -- simply made me think that I needed to take another action to ensure everything was in working order. But quickly, my radar went off. more

Security is a System Property

There's lots of security advice in the press: keep your systems patched, use a password manager, don't click on links in email, etc. But there's one thing these adages omit: an attacker who is targeting you, rather than whoever falls for the phishing email, won't be stopped by one defensive measure. Rather, they'll go after the weakest part of your defenses. You have to protect everything -- including things you hadn't realized were relevant. more

Probability of ROI and Tighter Network Security by Blocking Malicious Subdomains

Failing to block a stealthy malicious host from making connections to your network could cost your company millions of dollars, a damaged reputation, and severe losses in sensitive private data. Threat intel teams have faced on-going problems: Expensive feeds that are slow to catch new threats; Chasing false positives in alerts wastes time and money; and Vendors selling a new appliance for every ill. Would 100% of your users Spot the Bot? more

British Security Researcher Credited for Stopping WannaCry Is Charged in a U.S. Cybercrime Case

The 23-year-old British security researcher, Marcus Hutchins, who a few months ago was credited with stopping the WannaCry outbreak by discovering a hidden "kill switch" for the malware, is now reported to have been arrested by the FBI over his alleged involvement in separate malicious software targeting bank accounts. more

No One is Immune: Qatar Crisis Started by a Targeted Poli-Cyber Attack

The Qatar Crisis started with a targeted Poli-Cyber hack of an unprecedented nature. Its shockwaves and repercussions continue to alter political and business fortunes, directions and paradigms not only in the Gulf region but globally. Almost everyone around the world is now aware of the this crisis that started early June. By mid July a Washington Post report cited US intelligence officials that the UAE orchestrated hacking of Qatari government sites, sparking regional upheaval that started it all. more

Kansas System Hacked, Social Security Numbers of Millions Accessed Spanning 10 States

Hackers breached a Kansas Department of Commerce data system used across multiple states and gained access to more than 5.5 million Social Security Numbers, according to local news sources. more

Afghanistan Enacts Law Targeting Online Crime and Militancy

Afghanistan's President Ashraf Ghani has signed into law a cybercrime bill this week targeting online crime and militancy by groups such as the Taliban and Islamic State despite concerns it could limit free speech. more

U.S. Critical Infrastructure Will Be Attacked Within 2 Years, According to 2017 Black Hat Survey

According to a 2017 Black Hat Attendee Survey, cyberattacks on U.S. enterprise and critical infrastructure are coming soon, and in most cases defenders are not prepared. more

U.S. Nuclear Power and Other Energy Companies Hacked by Russians According to Government Officials

Russian government hackers are reported to be behind latest cyber-intrusions into the business systems of U.S. nuclear power and other energy companies with efforts to assess networks. more

U.S. Lawmakers Wary of Kaspersky Lab, the Russian Cybersecurity Firm

U.S. Congress is growing increasingly suspicious of the popular Russian anti-virus software provider, Kaspersky Lab. more

Petya Ransomware Spreading Rapidly Worldwide, Effecting Banks, Telecom, Businesses, Power Companies

A large scale ransomware attack today is spreading rapidly worldwide, shutting down computers at corporates, power supplies, and banks across Russia, Ukraine, Spain, France, UK, India, and Europe and demanding $300 in bitcoins. more