Cybersecurity

Sponsored
by

Cybersecurity / Featured Blogs

Can We Get More Eyes on Britain’s Largest Scam “Watch List”?

The FCA has been naming and shaming financial scam domains for decades. Its "warning list" is probably one the most extensive databases of its kind. But does it do a good enough job of actually warning people? Let us begin with the FCA website, which would not exactly get full points for user-friendliness: locating the "watch list" is a task in and of itself, to say nothing of consulting and scrutinising it.

Damaging Malware Uncovered in the Google Play Store

Android users can choose from 3.718 million applications in the Google Play Store. When installing applications, the majority of consumers trust Google to keep their devices safe from hackers. However, the reality is different. Just back in May 2023, researchers discovered over 101 infected applications in the Android store. Many of these apps counted over 400 million downloads.

Challenges in Measuring DNS Abuse

From the creation of DNSAI Compass ("Compass"), we knew that measuring DNS Abuse1 would be difficult and that it would be beneficial to anticipate the challenges we would encounter. With more than a year of published reports, we are sharing insights into one of the obstacles we have faced. One of our core principles is transparency and we've worked hard to provide this with our methodology.

The IoT Cyber Seal Fog

For four days in Southern France, cybersecurity experts from a broad array of different countries and sectors gathered for the annual ETSI Security Conference. The event undertaken by one of the world's major industry information-communication (ICT) standards organisations was intended to take stock of the state of cybersecurity and trends.

Mitigating DNS Abuse and Safeguarding the Internet

The internet is a beacon of global connectivity and information, but it has also become a battleground where malicious actors exploit vulnerabilities for various immoral purposes. Domain Name System (DNS) abuse stands has proven a constant in the internet threat landscape, posing risk to the overall digital trust.

Notes from NANOG 89: Trust and Network Infrastructure

Trust is such a difficult concept in any context, and certainly, computer networks are no exception. How can you be assured that your network infrastructure is running on authentic platforms, both hardware and software and its operation has not been compromised in any way?

The FCC Cyber Trust Label Gambit

Several weeks ago, the Federal Communications Commission (FCC) embarked on one of the most far-reaching regulatory gambits in its 90-year history. It is formally known as a Notice of Proposed Rulemaking in the matter of Cybersecurity Labeling for Internet of Things, Docket 23 -- 239. The FCC offers ICT product developers the use of its FCC trademarked cyber trust mark placed on their products in exchange for accepting open-ended Commission cybersecurity jurisdiction...

Business Logic Vulnerabilities Are the Hidden Menace in Modern Software

The first things that usually come to mind when talking about software development risks are bugs and security issues that have not been detected or those that have been discovered but left unaddressed. Some may also point out poor code quality reviews and the use of third-party components and dependencies laced with malicious code.

Biden’s National Cybersecurity Strategy Suggests Increased Website Security, Customer Protection

Phishing attacks have been rising over the past couple of years. Reports show that there was a 345 percent increase in phishing attacks between 2020 and 2021. In 2022, the number of advanced phishing attacks rose by 356 percent. Behind these alarming numbers, however, is an even uglier picture of digital fraud: a difficult-to-quantify prevalence of fake or spoof websites.

EU CRA: Regulatory Extremism and Exceptionalism

European Union (EU) legislators, like most of the world, are troubled about the increasing number and severity of cybersecurity incidents. However, unlike most of the world, which is taking a flexible, adaptive Zero Trust Model approach of continuous controls for cyberdefense, the EU government is pursuing a vastly expanded version of the failed Common Criteria certification model coupled with regulatory extremism and exceptionalism strategies.