Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
Global leaders gathered in New York at the Summit of the Future and adopted the "Pact for the Future" on Sunday 22nd September. This is a historic milestone as the Pact is the first international agreement aimed at securing a better digital future for all, grounded in human rights. The recent adoption of the "Pact for the Future" at the United Nations General Assembly marks a significant step toward revitalizing multilateral cooperation in an increasingly fragmented world.
Despite global polarization, recent UN cyber diplomacy has achieved three significant agreements in 2024: a cyber attack reporting system, a convention against cybercrime, and a "Global Digital Compact." These successes show that consensus on global issues is possible, though the vague wording of agreements raises concerns about their long-term effectiveness in ensuring security and peace.
When it comes to breach disclosures, today's chief information security officers (CISOs) are struggling with an especially turbulent regulatory environment. Security teams are understaffed, and systems are more extensive, making them harder to monitor and defend, while threats are becoming more sophisticated, more frequent, and more varied. It's at precisely this difficult juncture that regulations and enforcement are rapidly changing, leaving CISOs feeling like they are running up the down escalator.
There are many inconvenient truths about radio spectrum sharing and transceiver interoperability that require full ventilation and resolution. Spectrum users want exclusive access and - news flash - they do not like to share! Campaign events, like the Trump Bulter, PA rally, require short notice, forced cooperation between and among federal, state, and local law enforcement officers, as well as a variety of other government agencies.
Interisle Consulting Group today released its fourth annual Phishing Landscape report investigating where and how cybercriminals acquire naming and hosting resources for phishing. Our study shows that cybercriminals evolved their tactics for obtaining attack resources, including sharply increasing their exploitation of subdomain and gateway providers.
A recent news story, following research from security provider Infoblox, highlighted the case of the 'Revolver Rabbit' cybercriminal gang, who have registered more than half-a-million domains to be used for the distribution of information-stealing malware. The gang make use of automated algorithms to register their domains, but unlike the long, pseudo-random ('high entropy') domain names frequently associated with such tools, the Revolver Rabbit domains instead tend to consist of hyphen-separated dictionary words (presumably so as to obfuscate their true purpose), with a string of digits at the end.
The Optus outage in Australia from last year was immediately on my mind when on Friday afternoon a similar event swept, this time, across the world. Also, in this case it was a software update that caused the problem. This time from global security software provider CrowdStrike. The culprit appears to be an update to the CrowdStrike Falcon platform, a security monitoring tool widely deployed by businesses and organisations on Microsoft desktop computers and notebooks.
On June 9 CircleID published an insightful article by Thomas Rickert entitled "Demystifying Art 28 NIS2." In that piece Thomas set forth two alternative interpretations of Article 28(6) of NIS2, and argued that TLD registries should not be required to maintain a separate database of the registrant data under NIS2. In my view, Thomas' approach is inconsistent with the remainder of Article 28, and would not achieve the goals of NIS2 to improve cybersecurity across the EU member states.
On December 14, 2022, the European Parliament adopted the Directive on measures for a high common level of cybersecurity across the Union (Directive (EU) 2022/2555) hereinafter referred to as "NIS2"), which was published in the official journal on December 27, 2022. Being a directive, NIS2 requires transposition into national law. According to Art. 41 of NIS2, the transposition into national law must take place by October 17, 2024 and the measures must be applied as of October 18, 2024.
I recently appeared on the 419 Consulting podcast to discuss the European Union's NIS 2.0 Directive and its impact on the domain name ecosystem. I encourage all TLD registries, domain name registration service providers, and DNS operators to listen to the recording of that session which Andrew Campling has made available.
A World-Renowned Source for Internet Developments. Serving Since 2002.