Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
A study conducted by the Verizon Business RISK team in cooperation with the United States Secret Service has found that breaches of electronic records in 2009 involved more insider threats, greater use of social engineering and the continued strong involvement of organized criminal groups. more
As I read through multiple postings covering the proposed Computer Fraud and Misuse Act, such as the ever-insightful writing of Rob Graham in his Obama's War on Hackers or the EFF's analysis, and the deluge of Facebook discussion threads where dozens of my security-minded friends shriek at the damage passing such an act would bring to our industry, I can't but help myself think that surely it's an early April Fools joke. more
In the first section of this piece, I argued that the anti-Huawei litany only makes sense when one realizes that it is the Chinese state, not a global telecommunication equipment manufacturer based in China, is the target of this attack. China, in this view, is an integrated monolith, and any Chinese firm can be ordered to do the government's will without any legal, political, or economic checks and balances. more
Who would have thought that typewriters and handwritten letters would ever be back in fashion? But back in 2013 it was reported that Russia was buying large quantities of typewriters. When this was further investigated the country denied that this was for security reasons. Since the Snowden revelations there has been a further rush on typewriters, both by government officials and by a range of, mainly corporate, businesses. more
For those people tracking the evolution and deployment of DNSSEC or who are just interested in "DNS security" in general there is a great amount of activity happening next week at IETF 90 in Toronto. I dove into this activity in great detail in a recent post, "Rough Guide to IETF 90: DNSSEC, DANE and DNS Security", and summarized the activity in a Deploy360 post... more
As with any high-stakes event, elections have become a prime target for cybercriminals seeking to exploit public trust through impersonation, misinformation, and scams. CSC's comprehensive research about the 2024 U.S. Election reveals the alarming role of dormant domains, which have the potential to be exploited for launching cyber attacks against political campaigns, organizations, and constituents. more
In a note released this week, Google announced that it will begin publicly sharing National Security Letters (NSLs) it receives that have been freed of nondisclosure obligations either through litigation or legislation. more
The antivirus industry has been trying to deal with false positive detection issues for a long, long time - and it's not going to be fixed anytime soon. To better understand why, the physicist in me draws an analogy with Heisenberg's Uncertainty Principle - where, in its simplest distillation, the better you know where an atom is, the less likely you'll know it's momentum (and vice versa) - aka the "observer effect". more
On Friday 11 January 2013 the European Cybercrime Centre, EC3, officially opened its doors at Europol in The Hague. If something shone through from the speeches of the panel participants, it is that there are tight budget restraints and a strong wish to cooperate with the U.S., the Interpol centre in Singapore and Russia. Let me share my thoughts on expectations. more
Popular RSS reader Feedly has been hit by major distributed denial of service (DDoS) attacks beginning 2:04am PST on Wednesday causing the service to be completely down for several hours two days in a row. (Second attack still undergoing as of the time of this post.) more
Let's play the analogy game. The Internet of Things (IoT) is probably going end up being like... a box of chocolates, because you never do know what you are going to get? a big bowl of spaghetti with a serious lack of meatballs? Whatever it is, the IoT should have network folks worried about security. Of course, there is the problem of IoT devices being attached to random places on the network, exfiltrating personal data back to a cloud server you don't know anything about. more
Do you have an idea for an innovative use of DNSSEC or DANE? Have you recently deployed DNSSEC or DANE and have some "lessons learned" that you could share? Did you develop a new tool or service that works with DNSSEC? Have you enabled DNSSEC by default in your products? (And why or why not?) Do you have ideas about how to accelerate usage of new encryption algorithms in DNSSEC? more
In January 2018, I looked back at 2017 to figure out how routing security looked globally and on a country level. Using the same metrics and methodology, I've recently taken a look at 2018 to see if we're making improvements. The good news is, it seems like the routing system is doing better! But there is still much work to be done. Using BGPStream.com, a great public service providing information about suspicious events in the routing system, I analyzed the number of incidents... more
A recent survey of US companies conducted by Proofpoint has found companies increasingly concerned over data leaks via emplyee misuse of email, blogs, social networks, multimedia channels and text messages. From the report: "[A]s more US companies reported their business was impacted by the exposure of sensitive or embarrassing information (34 percent, up from 23 percent in 2008), an increasing number say they employ staff to read or otherwise analyze the contents of outbound email (38 percent, up from 29 percent in 2008). The pain of data leakage has become so acute in 2009 that more US companies report they employ staff whose primary or exclusive job is to monitor the content of outbound email (33 percent, up from 15 percent in 2008)." more
Vietnam is now responsible for more than 10% of the worlds spam, according to threat analysis from managed security firm, Network Box. November saw malware threat levels remain consistently high with Vietnam taking the number one spam spot from last month’s chart topper, Brazil. more
A World-Renowned Source for Internet Developments. Serving Since 2002.