Cybersecurity

Sponsored
by

Blogs

Visit of US House Speaker Pelosi to Taiwan Has Little Impact on Network Infrastructures

I'm writing this from Taipei, where I have lived in peace for over 10 years. Sadly I learned that during this week, intermediate-range ballistic missiles (operated by China) have flown far above the capital of Taiwan and that five of them have landed in the waters of Japan's exclusive economic zone (EEZ). This provocative live-firing drill came as a direct response from China following Pelosi's visit. more

Solving the “Fake Twitter Profile” Problem Using DNS

Recently, an article I wrote for Bitcoin Magazine talked about how we can use DNS underscore scoping to better abstract Lightning addresses and even create a de facto specification that could work on any resource (like a wallet or a smart contract) across all blockchains. more

Where Domain Security Meets the Supply Chain Crunch

Over the last two years, we've all faced supply shortages on items we previously never thought could be in short supply. Most recently, the baby formula and semiconductor markets were hit. Before that, supply chain attacks on Colonial Pipeline and JBS Foods showed us that an attack on one company through a singular point of compromise has the potential to disrupt an entire network of connected companies, products, partners, vendors, and customers. more

IP Address Blocking

A network can fence its own IP addresses or block specific external ones from access. Administrators frequently block access to their own IP addresses to bar unwanted access to content. Individual IPs or blocks of IPs may also be blocked due to unwanted or malicious behavior. IP address blocking prevents a specific IP address or group of IP addresses from connecting with a server, computer, or application. more

Branded Domains Are the Focal Point of Many Phishing Attacks

As a long-established online attack strategy, phishing remains a popular tool for fraudsters because of its effectiveness. The Anti-Phishing Working Group reported more than 300,000 distinct phishing attacks in December 2021 -- more than three times the number reported in early 2020, and the highest monthly total ever identified. more

Webcast May 23: Finnish Internet Forum – ‘Internet and War’ Panel

On Monday May 23 2022 at 3 -- 5pm EEST (12:00 -- 14:00 UTC) the Finnish Internet Forum will convene a panel at the University of Helsinki with the topic 'Internet and War'. A panel of experts will address the question of how the war has affected the Internet and how the Internet has been used to influence Finland and elsewhere during the war. The event will be conducted in English. more

NIS2: A New Cyber Jurisdiction Paradigm

The approval on 13 May by the European Council and Parliament of a near-final draft Directive on European Cybersecurity (NIS2) brings the world's most far-reaching cyber regime closer to realization. What is generally unknown, however, is the broad scope and global extraterritorial jurisdiction reach of the Directive. It applies to almost every online service and network capability that exists as infrastructure or "offered" anywhere in Europe. more

Securing Weak Links in Supply Chain Attacks

We've all heard the term, "you're only as strong as your weakest link." Whether talking about a tug of war on the playground, a sports team, or a business, this rings as true as ever. Every business relies on a series of suppliers and vendors -- be it the dairy farm supplying milk to the multinational food manufacturer or the payment systems that retailers use. These links form supply chains that every business, large and small, deals with. There is simply no way around it. more

Monumental Cybersecurity Blunders

Two recent celebrated cybersecurity standards history events brought together sets of people who were intimately involved with some of the most significant network security standards work ever undertaken. These included the X.509 digital certificate standards at ITU X.509 Day, and the Secure Digital Network System (SDNS) standards at the NSA Cryptologic History Symposium 2022. more

Breaking the Rules on Counterfeit Sales: The Use of Hidden Links

Counterfeiting is big business. A 2021 study by the Organisation for Economic Cooperation and Development (OECD) estimated that the international trade in counterfeit and pirated products was worth up to $464 billion in 2019, or around 2.5% of all world trade. A significant proportion of this trade occurs via digital channels, where global annual expenditure on eCommerce is more than $4 trillion. more

The World of the Subdomain

A web domain name is the foundational piece of internet property allowing its owner (registrant) to construct and host an associated website. On a domain, the owner is also able to construct whatever subdomains they wish -- a process that is technically achieved via the configuration of records on the authoritative domain name system (DNS) server. more

ICANN SSAD Proposal Poised to Succeed?

The GNSO Council and the ICANN Board both seem poised to grant sufficient runway to the community to refine an idea for a simple ticketing system designed to centralize requests for registrant information disclosures and provide meaningful data that is likely to help ICANN staff enhance its assessment of the SSAD proposal. This is very good news for those who advocate for consumer safety and trust on the Internet, and it is very good news for the ICANN multistakeholder model. more

Domain Security: An Underused Cybersecurity Strategy and First Line of Defense in Your Zero Trust Model

Domain security is a critical component to help mitigate cyberattacks in the early stages - your first line of defense in your organization's Zero Trust model. According to the Cybersecurity and Infrastructure Security Agency (CISA), most cyberattacks - including ransomware and business email compromise (BEC) - begin with phishing. Although losses due to ransomware now exceed billions annually, most ransomware protection and response measures don't adequately address phishing risks in the early stages of an attack because they don't include domain security measures to protect against the most common phishing attacks. more

Ukraine: What Are the Likely Implications for Norms and Discussions in Cyberspace?

The invasion of Ukraine by Russia on 24 February, and the events since, have shocked and horrified the world. The immediate focus must be on protecting the safety, security and human rights of the Ukrainian population. But we can already see how the war will also impact broader global events, discussions and behaviour, particularly relating to the digital environment. more

Routing Without Rumor: Securing the Internet’s Routing System

The Domain Name System has provided the fundamental service of mapping internet names to addresses from almost the earliest days of the internet’s history. Billions of internet-connected devices use DNS continuously to look up Internet Protocol addresses of the named resources they want to connect to - for instance, a website such as blog.verisign.com. Once a device has the resource’s address, it can then communicate with the resource using the internet’s routing system. more

News Briefs

InternetNZ Has Disclosed a Vulnerability That Can Be Weaponized Against Authoritative DNS Servers

PIR Launches New Institute to Combat DNS Abuse

DNSSEC Now Deployed in all Generic Top-Level Domains, Says ICANN

Backlash Over Potential Firing of U.S. Election Cybersecurity’s Top Official

New Data Reveals Phishing Attacks Are Bigger Than Reported, Exact Size of Problem Unknown

CENTR Has Released an Animated Video on ccTLDs and Their Technical Role Concerning Content

Trust Has Eroded Within the Cybercriminal Underground Causing a Switch to Ecommerce Platforms

Google Reports 18 Million Daily COVID-19 Related Malware, Phishing Emails Per Day

Zoom Faces Class-Action Lawsuit, Accused of Overstating Its Privacy Standards

Over 360 Security Experts Around the World From Group to Combat COVID-19 Hackers, Protect Hospitals

Firefox Starts the Roll Out of DNS Over HTTPS (DoH) by Default for US-Based Users

Israel’s Entire Voter Registry Exposed, the Massive Data Leak Involves 6.5 Million Voters

Highly Sensitive Domain Corp.com Up for Sale by Original Owner, Calls It a ‘Chemical Waste Dump’

Microsoft Takes Legal Action Against North Korean Cybercrime Group, Takes Down 50 Domains

U.N. Approves Resolution to Combat Cybercrime Despite Opposition From E.U., the U.S. and Others

Microsoft Announces Plans to Adopt DoH in Windows

Cybersecurity Workforce Needs to Grow 145% to Close Skills Gap Worldwide, Says New Study

Leading Domain Registries and Registrars Release Joint Document on Addressing ‘DNS Abuse’

EU Member States Release Report on Coordinated Risk Assessment on Cybersecurity in 5G Networks

More Than 500 Schools in the U.S. Hit by Ransomware in 2019, Says Report

Most Viewed

Most Commented

Taking Back the DNS

Fake Bank Site, Fake Registrar

When Registrars Look the Other Way, Drug-Dealers Get Paid

Who Is Blocking WHOIS? Part 2

ICANN Complaint System Easily Gamed

Verisign Updates – Sponsor

Industry Insights: Verisign, ICANN and Industry Partners Collaborate to Combat Botnets

Addressing DNS abuse and maintaining a healthy DNS ecosystem are important components of Verisign's commitment to being a responsible steward of the internet. We continuously engage with the Internet Corporation for Assigned Names and Numbers (ICANN) and other industry partners to help ensure the secure, stable and resilient operation of the DNS. more

Q2 2018 DDoS Trends Report: 52 Percent of Attacks Employed Multiple Attack Types

Verisign just released its Q2 2018 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of customers of Verisign DDoS Protection Services. more

Operational Update Regarding the KSK Rollover for Administrators of Recursive Name Servers

Currently scheduled for October 11, 2018, the Internet Corporation for Assigned Names and Numbers (ICANN) plans to change the cryptographic key that helps to secure the internet's Domain Name System (DNS) by performing a Root Zone Domain Name System Security Extensions (DNSSEC) key signing key (KSK) rollover. more

Q1 2018 DDoS Trends Report: 58 Percent of Attacks Employed Multiple Attack Types

Verisign has released its Q1 2018 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of Verisign DDoS Protection Services, and security research conducted by Verisign Security Services. more

DNS-Based Threats: Cache Poisoning

As DNS attacks grow in frequency and impact, organizations can no longer afford to overlook DNS security as part of their overall defense-in-depth strategy. As with IT security in general, no single tactic can address the entire DNS threat landscape or secure the complete DNS ecosystem. more

Q4 2017 DDoS Trends Report: Financial Sector Experienced 40 Percent of Attacks

Verisign has released its Q4 2017 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of Verisign DDoS Protection Services and security research conducted by Verisign Security Services. more

DNS-Based Threats: DNS Reflection and Amplification Attacks

Cybercriminals recognize the value of DNS availability and look for ways to compromise DNS uptime and the DNS servers that support it. As such, DNS becomes an important point of security enforcement and a potential point in the Cyber Kill Chain for many cyber-attacks. more

Industry Updates

Beauty and the Beast: Are These Domains Possible Vehicles for Cosmetic Product Counterfeiting?

Are Threat Actors Intercepting Your OTPs? These Cyber Resources Might Be Helping Them

Unlike Its Namesake, Aoqin Dragon Isn’t Mythical

Matanbuchus with Cobalt Strike: Not Your Favorite Combo

Conti Ransomware: Still Alive and Kicking

Predator Surveillance Software May Not Be Lawful at All

GALLIUM APT Group and Other Threat Actors in Disguise

Both Aged and New Domains Play a Role in the NDSW/NDSX Malware Campaign

Phishers Are Impersonating Maersk: What Other Container Shipping Companies Are Targeted?

Careful, the Next Premium SMS Offer You Subscribe to May Be Malicious

Father’s Day: Bad Guys’ Activities

Phishing Automated through Chatbots, We Found Potentially Connected Domains

In the Market for a New Car? Beware Not to Get on the Phishing Bandwagon

Blurring the Lines between APTs and Cybercrime: Cobalt Mirage Uses Ransomware to Target U.S. Organizations

Online Shopping Danger? 13K+ Cybersquatting Properties of Top E-Commerce Sites Discovered

Participants – Random Selection