Cybersecurity

Sponsored
by

Blogs

Hijacked IP Addresses

From time to time, a party can get out of control. Raucous celebration can become careless, even destructive. Combine a critical number of young people, a certain amount of beer and lots of music and damage often happens. Partygoers leave a mess behind them. The same thing happens to some IP addresses. Malicious actors use IP addresses properly registered to someone else. more

Registration Patterns of Deceptive Domains

A key requirement for a bad actor wanting to launch a brand attack is the registration of a carefully chosen domain name. The most convincing infringements frequently use a domain name that's deceptively similar to that of the official site of the target brand. This allows a variety of attacks to be executed, including phishing attacks... more

Cyberhygiene Requires Critical Thinking

At his farewell speech in August outgoing, Telstra CEO Andy Penn mentioned that the cyber threat has never been as serious as the present. He mentioned the deteriorating geopolitical situation and the big shift in how criminals operate in the cyber domain. One thing is for sure is that in order to enjoy all the positives resulting from the digital economy, we need to be far more vigilant about the barrage of information that we are receiving and/or have access to. more

Businesses Beware: Cybersecurity Awareness Varies Based on Job Function

Businesses should consider bumping phishing as an urgent concern in their cybersecurity agendas. To those still unacquainted, "phishing" refers to the use of fake emails, messages, and websites that fool users into giving up access to accounts and information or into installing malware through attachments. It has become quite rampant over recent years. Attackers are using the method as a primary means to breach defenses, and with good reason: they work. more

The Latest OEWG on ICTs Report: Thoughts and Recommendations

At the end of July, the Open-ended Working Group (OEWG) on ICTs -- which is currently discussing how states should and shouldn't behave in cyberspace - concluded its third meeting, which falls in the middle of its four-year mandate (ending in 2025). Below, we provide a summary of what happened, reflections on the outcomes and implications (the good and the bad), and some practical recommendations for stakeholders and governments to consider ahead of the next meeting. more

Visit of US House Speaker Pelosi to Taiwan Has Little Impact on Network Infrastructures

I'm writing this from Taipei, where I have lived in peace for over 10 years. Sadly I learned that during this week, intermediate-range ballistic missiles (operated by China) have flown far above the capital of Taiwan and that five of them have landed in the waters of Japan's exclusive economic zone (EEZ). This provocative live-firing drill came as a direct response from China following Pelosi's visit. more

Solving the “Fake Twitter Profile” Problem Using DNS

Recently, an article I wrote for Bitcoin Magazine talked about how we can use DNS underscore scoping to better abstract Lightning addresses and even create a de facto specification that could work on any resource (like a wallet or a smart contract) across all blockchains. more

Where Domain Security Meets the Supply Chain Crunch

Over the last two years, we've all faced supply shortages on items we previously never thought could be in short supply. Most recently, the baby formula and semiconductor markets were hit. Before that, supply chain attacks on Colonial Pipeline and JBS Foods showed us that an attack on one company through a singular point of compromise has the potential to disrupt an entire network of connected companies, products, partners, vendors, and customers. more

IP Address Blocking

A network can fence its own IP addresses or block specific external ones from access. Administrators frequently block access to their own IP addresses to bar unwanted access to content. Individual IPs or blocks of IPs may also be blocked due to unwanted or malicious behavior. IP address blocking prevents a specific IP address or group of IP addresses from connecting with a server, computer, or application. more

Branded Domains Are the Focal Point of Many Phishing Attacks

As a long-established online attack strategy, phishing remains a popular tool for fraudsters because of its effectiveness. The Anti-Phishing Working Group reported more than 300,000 distinct phishing attacks in December 2021 -- more than three times the number reported in early 2020, and the highest monthly total ever identified. more

Webcast May 23: Finnish Internet Forum – ‘Internet and War’ Panel

On Monday May 23 2022 at 3 -- 5pm EEST (12:00 -- 14:00 UTC) the Finnish Internet Forum will convene a panel at the University of Helsinki with the topic 'Internet and War'. A panel of experts will address the question of how the war has affected the Internet and how the Internet has been used to influence Finland and elsewhere during the war. The event will be conducted in English. more

NIS2: A New Cyber Jurisdiction Paradigm

The approval on 13 May by the European Council and Parliament of a near-final draft Directive on European Cybersecurity (NIS2) brings the world's most far-reaching cyber regime closer to realization. What is generally unknown, however, is the broad scope and global extraterritorial jurisdiction reach of the Directive. It applies to almost every online service and network capability that exists as infrastructure or "offered" anywhere in Europe. more

Securing Weak Links in Supply Chain Attacks

We've all heard the term, "you're only as strong as your weakest link." Whether talking about a tug of war on the playground, a sports team, or a business, this rings as true as ever. Every business relies on a series of suppliers and vendors -- be it the dairy farm supplying milk to the multinational food manufacturer or the payment systems that retailers use. These links form supply chains that every business, large and small, deals with. There is simply no way around it. more

Monumental Cybersecurity Blunders

Two recent celebrated cybersecurity standards history events brought together sets of people who were intimately involved with some of the most significant network security standards work ever undertaken. These included the X.509 digital certificate standards at ITU X.509 Day, and the Secure Digital Network System (SDNS) standards at the NSA Cryptologic History Symposium 2022. more

Breaking the Rules on Counterfeit Sales: The Use of Hidden Links

Counterfeiting is big business. A 2021 study by the Organisation for Economic Cooperation and Development (OECD) estimated that the international trade in counterfeit and pirated products was worth up to $464 billion in 2019, or around 2.5% of all world trade. A significant proportion of this trade occurs via digital channels, where global annual expenditure on eCommerce is more than $4 trillion. more

News Briefs

InternetNZ Has Disclosed a Vulnerability That Can Be Weaponized Against Authoritative DNS Servers

PIR Launches New Institute to Combat DNS Abuse

DNSSEC Now Deployed in all Generic Top-Level Domains, Says ICANN

Backlash Over Potential Firing of U.S. Election Cybersecurity’s Top Official

New Data Reveals Phishing Attacks Are Bigger Than Reported, Exact Size of Problem Unknown

CENTR Has Released an Animated Video on ccTLDs and Their Technical Role Concerning Content

Trust Has Eroded Within the Cybercriminal Underground Causing a Switch to Ecommerce Platforms

Google Reports 18 Million Daily COVID-19 Related Malware, Phishing Emails Per Day

Zoom Faces Class-Action Lawsuit, Accused of Overstating Its Privacy Standards

Over 360 Security Experts Around the World From Group to Combat COVID-19 Hackers, Protect Hospitals

Firefox Starts the Roll Out of DNS Over HTTPS (DoH) by Default for US-Based Users

Israel’s Entire Voter Registry Exposed, the Massive Data Leak Involves 6.5 Million Voters

Highly Sensitive Domain Corp.com Up for Sale by Original Owner, Calls It a ‘Chemical Waste Dump’

Microsoft Takes Legal Action Against North Korean Cybercrime Group, Takes Down 50 Domains

U.N. Approves Resolution to Combat Cybercrime Despite Opposition From E.U., the U.S. and Others

Microsoft Announces Plans to Adopt DoH in Windows

Cybersecurity Workforce Needs to Grow 145% to Close Skills Gap Worldwide, Says New Study

Leading Domain Registries and Registrars Release Joint Document on Addressing ‘DNS Abuse’

EU Member States Release Report on Coordinated Risk Assessment on Cybersecurity in 5G Networks

More Than 500 Schools in the U.S. Hit by Ransomware in 2019, Says Report

Most Viewed

Most Commented

Taking Back the DNS

Fake Bank Site, Fake Registrar

When Registrars Look the Other Way, Drug-Dealers Get Paid

Who Is Blocking WHOIS? Part 2

ICANN Complaint System Easily Gamed

Verisign Updates – Sponsor

Industry Insights: Verisign, ICANN and Industry Partners Collaborate to Combat Botnets

Addressing DNS abuse and maintaining a healthy DNS ecosystem are important components of Verisign's commitment to being a responsible steward of the internet. We continuously engage with the Internet Corporation for Assigned Names and Numbers (ICANN) and other industry partners to help ensure the secure, stable and resilient operation of the DNS. more

Q2 2018 DDoS Trends Report: 52 Percent of Attacks Employed Multiple Attack Types

Verisign just released its Q2 2018 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of customers of Verisign DDoS Protection Services. more

Operational Update Regarding the KSK Rollover for Administrators of Recursive Name Servers

Currently scheduled for October 11, 2018, the Internet Corporation for Assigned Names and Numbers (ICANN) plans to change the cryptographic key that helps to secure the internet's Domain Name System (DNS) by performing a Root Zone Domain Name System Security Extensions (DNSSEC) key signing key (KSK) rollover. more

Q1 2018 DDoS Trends Report: 58 Percent of Attacks Employed Multiple Attack Types

Verisign has released its Q1 2018 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of Verisign DDoS Protection Services, and security research conducted by Verisign Security Services. more

DNS-Based Threats: Cache Poisoning

As DNS attacks grow in frequency and impact, organizations can no longer afford to overlook DNS security as part of their overall defense-in-depth strategy. As with IT security in general, no single tactic can address the entire DNS threat landscape or secure the complete DNS ecosystem. more

Q4 2017 DDoS Trends Report: Financial Sector Experienced 40 Percent of Attacks

Verisign has released its Q4 2017 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of Verisign DDoS Protection Services and security research conducted by Verisign Security Services. more

DNS-Based Threats: DNS Reflection and Amplification Attacks

Cybercriminals recognize the value of DNS availability and look for ways to compromise DNS uptime and the DNS servers that support it. As such, DNS becomes an important point of security enforcement and a potential point in the Cyber Kill Chain for many cyber-attacks. more

Industry Updates

Participants – Random Selection