Cybersecurity

Sponsored
by

Blogs

Damaging Malware Uncovered in the Google Play Store

Android users can choose from 3.718 million applications in the Google Play Store. When installing applications, the majority of consumers trust Google to keep their devices safe from hackers. However, the reality is different. Just back in May 2023, researchers discovered over 101 infected applications in the Android store. Many of these apps counted over 400 million downloads. more

Challenges in Measuring DNS Abuse

From the creation of DNSAI Compass ("Compass"), we knew that measuring DNS Abuse1 would be difficult and that it would be beneficial to anticipate the challenges we would encounter. With more than a year of published reports, we are sharing insights into one of the obstacles we have faced. One of our core principles is transparency and we've worked hard to provide this with our methodology. more

The IoT Cyber Seal Fog

For four days in Southern France, cybersecurity experts from a broad array of different countries and sectors gathered for the annual ETSI Security Conference. The event undertaken by one of the world's major industry information-communication (ICT) standards organisations was intended to take stock of the state of cybersecurity and trends. more

Mitigating DNS Abuse and Safeguarding the Internet

The internet is a beacon of global connectivity and information, but it has also become a battleground where malicious actors exploit vulnerabilities for various immoral purposes. Domain Name System (DNS) abuse stands has proven a constant in the internet threat landscape, posing risk to the overall digital trust. more

Notes from NANOG 89: Trust and Network Infrastructure

Trust is such a difficult concept in any context, and certainly, computer networks are no exception. How can you be assured that your network infrastructure is running on authentic platforms, both hardware and software and its operation has not been compromised in any way? more

The FCC Cyber Trust Label Gambit

Several weeks ago, the Federal Communications Commission (FCC) embarked on one of the most far-reaching regulatory gambits in its 90-year history. It is formally known as a Notice of Proposed Rulemaking in the matter of Cybersecurity Labeling for Internet of Things, Docket 23 -- 239. The FCC offers ICT product developers the use of its FCC trademarked cyber trust mark placed on their products in exchange for accepting open-ended Commission cybersecurity jurisdiction... more

Business Logic Vulnerabilities Are the Hidden Menace in Modern Software

The first things that usually come to mind when talking about software development risks are bugs and security issues that have not been detected or those that have been discovered but left unaddressed. Some may also point out poor code quality reviews and the use of third-party components and dependencies laced with malicious code. more

Biden’s National Cybersecurity Strategy Suggests Increased Website Security, Customer Protection

Phishing attacks have been rising over the past couple of years. Reports show that there was a 345 percent increase in phishing attacks between 2020 and 2021. In 2022, the number of advanced phishing attacks rose by 356 percent. Behind these alarming numbers, however, is an even uglier picture of digital fraud: a difficult-to-quantify prevalence of fake or spoof websites. more

EU CRA: Regulatory Extremism and Exceptionalism

European Union (EU) legislators, like most of the world, are troubled about the increasing number and severity of cybersecurity incidents. However, unlike most of the world, which is taking a flexible, adaptive Zero Trust Model approach of continuous controls for cyberdefense, the EU government is pursuing a vastly expanded version of the failed Common Criteria certification model coupled with regulatory extremism and exceptionalism strategies. more

The Standards Myth That Does Not Stop

The latest iteration of the most expansive, omnipotential cybersecurity legal regime ever drafted appeared a few days ago. The European Union (EU) Cyber Resilience Act (CRA) is attempting to assert jurisdiction and control over all "products with digital elements" defined as "any software or hardware product and its remote data processing solutions, including software or hardware components to be placed on the market." more

Shaky Consensus at the OEWG on ICTs: Where Next for UN Discussions on State Behaviour in Cyberspace?

On 24-28 July, states convened in New York for the fifth session of the UN First Committee's Open ended Working Group on ICTs (OEWG), which aims to establish a common understanding of - and further develop the framework for - responsible state behaviour in cyberspace. This session marked a critical juncture in the process, with states negotiating the OEWG's annual progress report... more

Cybersecurity for Schools

FCC Chairwoman Jessica Rosenworcel recently asked the other FCC Commissioners to support a proposal to spend $200 million over three years to bolster school cybersecurity. Rosenworcel plans to issue a Notice for Proposed Rulemaking (NRPM) soon for her proposal. The NPRM will set off a round of public comments and then a ruling if a majority of the Commissioners agree with the final set of rule changes. more

Verisign Will Help Strengthen Security With DNSSEC Algorithm Update

As part of Verisign's ongoing effort to make global internet infrastructure more secure, stable, and resilient, we will soon make an important technology update to how we protect the top-level domains (TLDs) we operate. The vast majority of internet users won't notice any difference, but the update will support enhanced security for several Verisign-operated TLDs and pave the way for broader adoption and the next era of Domain Name System (DNS) security measures. more

Have You Reviewed Your Domain Lock Portfolio?

Domain names give your intellectual property visibility, as well as provide function for your company's infrastructure. Vital domain names are simply too important to be left exposed. To protect them, you can add extra layers of security to your digital brand with easy, secure, server-level protection in addition to multi-level locks that combat domain name system (DNS) hijacking and protect against unauthorized changes and deletions to your critical domain names. more

Next Steps in Preparing for Post-Quantum DNSSEC

In 2021, we discussed a potential future shift from established public-key algorithms to so-called "post-quantum" algorithms, which may help protect sensitive information after the advent of quantum computers. We also shared some of our initial research on how to apply these algorithms to the Domain Name System Security Extensions, or DNSSEC. In the time since that blog post, we've continued to explore ways to address the potential operational impact of post-quantum algorithms on DNSSEC, while also closely tracking industry research and advances in this area. more

News Briefs

Australia Launches Major Cybersecurity Revamp Following Recent Major Cyberattacks

Denmark Encounters Largest Cyber Attack on Its Critical Infrastructure to Date

Rise in Cybercrime Exploiting Artificial Intelligence Hype Leads to Growing Threats Within the .ai Domain Space

U.S. National Security Agency Announces AI Security Center

Online Safety Bill: UK’s Digital Overhaul

UK’s National Agencies Release White Paper on Evolving Cyber Crime Ecosystem

Phishing Attacks Surge Despite Increased Awareness, New Strategies Needed

The Rising Cost of Digital Theft and Espionage in Germany

Hospitals Advised to Prepare for a Month of Downtime Following Cyberattacks

Belarus-Linked Hackers Target Diplomats, Likely With State Support

U.S. Schools Targeted in Ransomware Attacks: White House Responds

British Researchers Discover AI-Powered Technique That Can Extract Data Through Typing Sounds

Widespread Cyberattack Paralyzes US Hospital Systems, Interrupting Critical Healthcare Services

SEC Now Giving Companies a 4-Day Deadline to Reveal Cyberattacks

China’s Top Diplomat Calls for Global Cyberspace Fairness, Urges Resistance to Technological Dominance

Google Limits Some Employees’ Access to the Internet

Massive Data Breach Hits HCA: 11 Million Records Compromised

Russian Cyberattack Disrupts Operations at Japan’s Largest Maritime Port: Global Threat Intensifies

Ransomware Attacks on US Hospitals Trigger Significant Ripple Effects on Neighboring Facilities

Unsolicited Smartwatches Bearing Malware Target U.S. Service Members: Army CID Raises Alarm

Most Viewed

Most Commented

Taking Back the DNS

Fake Bank Site, Fake Registrar

When Registrars Look the Other Way, Drug-Dealers Get Paid

Who Is Blocking WHOIS? Part 2

ICANN Complaint System Easily Gamed

Verisign Updates – Sponsor

Industry Insights: Verisign, ICANN and Industry Partners Collaborate to Combat Botnets

Addressing DNS abuse and maintaining a healthy DNS ecosystem are important components of Verisign's commitment to being a responsible steward of the internet. We continuously engage with the Internet Corporation for Assigned Names and Numbers (ICANN) and other industry partners to help ensure the secure, stable and resilient operation of the DNS. more

Q2 2018 DDoS Trends Report: 52 Percent of Attacks Employed Multiple Attack Types

Verisign just released its Q2 2018 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of customers of Verisign DDoS Protection Services. more

Operational Update Regarding the KSK Rollover for Administrators of Recursive Name Servers

Currently scheduled for October 11, 2018, the Internet Corporation for Assigned Names and Numbers (ICANN) plans to change the cryptographic key that helps to secure the internet's Domain Name System (DNS) by performing a Root Zone Domain Name System Security Extensions (DNSSEC) key signing key (KSK) rollover. more

Q1 2018 DDoS Trends Report: 58 Percent of Attacks Employed Multiple Attack Types

Verisign has released its Q1 2018 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of Verisign DDoS Protection Services, and security research conducted by Verisign Security Services. more

DNS-Based Threats: Cache Poisoning

As DNS attacks grow in frequency and impact, organizations can no longer afford to overlook DNS security as part of their overall defense-in-depth strategy. As with IT security in general, no single tactic can address the entire DNS threat landscape or secure the complete DNS ecosystem. more

Q4 2017 DDoS Trends Report: Financial Sector Experienced 40 Percent of Attacks

Verisign has released its Q4 2017 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of Verisign DDoS Protection Services and security research conducted by Verisign Security Services. more

DNS-Based Threats: DNS Reflection and Amplification Attacks

Cybercriminals recognize the value of DNS availability and look for ways to compromise DNS uptime and the DNS servers that support it. As such, DNS becomes an important point of security enforcement and a potential point in the Cyber Kill Chain for many cyber-attacks. more

Industry Updates

Participants – Random Selection