Wout de Natris: "In this decision OPTA revokes the registration of Diginotar as a so called Trusted Third Party. Diginotar issued certified certificates for digital signatures. The security breach by Iranian hackers over the summer, which Diginotar did not report to the authorities, lead to severe credibility issues for all Diginotar certificates issued before. This included Dutch government websites, but also led to severe breaches of privacy for Iranian end users, in multiple countries. As a result of OPTA's decision all certificates issued by Diginotar have to be revoked, while at the same she is forbidden to issue new ones. more
Security experts at RSA Research Lab have reported the discovery of a new type of phishing attack targeted against online banking customers that combines a typical phishing website with a live change session initiated by fraudsters. The technique dubbed "Chat-in-the-Middle" not only attempts to trick customers into entering their usernames and passwords into a phishing site but obtains further sensitive information (such as answers to secret questions used by banks to authenticate customers). According to the report, this attack is currently targeting a single U.S.-based financial institution, however operators of all online banking websites are cautioned. more
Just over one week ago, the New York Times published a major investigation into the intractable problem of illegal sexual images of minors being exchanged online. Despite flaws in the story and its companion pieces, the main take-away that Internet companies have failed to adequately address the problem has resonated widely. Prostasia Foundation too has been critical of some of the Internet platforms called out in the article. But at the same time, we need to be realistic about how much responsibility we can (or should) place on tech firms to solve this problem. more
A first-time study of publically-reported data breaches in the 28 European Union member countries, plus Norway and Switzerland, conducted by the Central European University's Center for Media, Data and Society (CMDS) has found that between 2004 and 2014 the continent's organizations suffered 229 incidents covering 227 million personal records. more
In a recent article published by WIRED Magazine, a significant shift in international law regarding cyberwarfare has been brought to light. The International Criminal Court (ICC) at the Hague has signaled its intention to investigate and prosecute hacking crimes that breach existing international law without the need for new regulations. more
A couple of days ago there was a lot of interest in how terrorists may have been using chat features of popular video console platforms (e.g. PS4, XBox One) to secretly communicate and plan their attacks. Several journalists on tight deadlines reached out to me for insight in to threat. Here are some technical snippets on the topic that may be useful for future reference. more
Michael "Mick" Moran, who has helped rescue thousands of child abuse material victims since he started working in the field in 1997, challenged the internet industry to do more to protect innocent children as he received the 2017 M3AAWG Mary Litynski Award. more
A 32-year-old Russia man was sentenced on Friday to 27 years in prison for computer hacking crimes that is reported to have caused over $169 million in damages to small businesses and financial institutions. more
Domain names that can be rapidly acquired, used in an attack, and abandoned before they can be traced are a critical resource for cybercriminals. Some attacks, including spam and ransomware campaigns and criminal infrastructure operation (e.g., "botnets"), benefit particularly from the ability to rapidly and cheaply acquire very large numbers of domain names – a tactic known as bulk registration. more
Since January 2016, discreet campaigns involving malware called Trojan.Odinaff have targeted a number of financial organizations worldwide, warned Symantec Security Response team on Tuesday. more
In part 1, I talked about some of the risks associated with BYOD. But there are actions you can take to greatly reduce this risk. One effective method for limiting the risk of BYOD is to employ DNS-based security intelligence techniques. DNS-based security intelligence makes use of an enterprise's caching DNS server to monitor and block DNS queries to known botnet command and control (C&C) domains. more
The cybersecurity reports, which represent only a slice of all cyber attacks on the Fed, were obtained by Reuters through a Freedom of Information Act request. more
U.S. Sen. Mark R. Warner (D-VA), a member of the Senate Select Committee on Intelligence and co-founder of the bipartisan Senate Cybersecurity Caucus, has released a letter asking three federal agencies for information on the tools available that prevent cyber criminals from compromising consumer products, such as Internet of Things (IoT) devices. more
U.S. authorities announced today that they have shut down one of the largest spam operations in the world, an extensive network with ties to Australia, New Zealand, India, China and the United States. The group, dubbed 'HerbalKing' by spam fighting organizations, had been active as far back as 2005 and became notorious as the number one worst spam gang on the Internet for much of 2007 and 2008 according to Spamhaus, a non-profit anti-spam research group. more
As news of the spread of the coronavirus (COVID-19) continues to emerge, CSC has undertaken the first in a series of studies looking at how the development of the crisis has affected online content. This first article looks at the numbers of registered domains with names containing coronavirus-related strings - "coronavirus" or "covid(-)19" (optional hyphen) - and analyzes the types of content present on the associated websites. more
A World-Renowned Source for Internet Developments. Serving Since 2002.