Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
According to the Cybersecurity and Infrastructure Security Agency (CISA), most cyberattacks, including ransomware and business email compromise, begin with phishing. Although losses due to ransomware now exceed billions annually, most ransomware protection and response measures don't protect against the most common phishing attacks. Established research shows that phishing attacks most commonly occur from a maliciously registered, confusingly similar domain name, a compromised or hijacked legitimate domain name, or via email header spoofing. more
In part two of The [Dot] Brand Tribes we argued that introducing new branded generic Top-Level Domains (gTLDs) would bring value to brand owners and have positive effects on customer recognition. In this last post we'll continue that theme and talk about how brand owners can come together to provide shared spaces using the banking industry as an example. more
I recently shared at a conference how a seasoned brand and fraud expert from one of the world's largest global financial institutions lamented a major attack where multiple fraudulent websites would pop up every single day. All attacks were launched from the same registrar and web hosting company, and no matter how much they reached out to these providers, they received the same reply: "we will pass on your request to the registrant or site owner," and then nothing happened. more
Everyone knows the $100B/year U.S. security apparatus taps almost the entire Internet. Friendly governments help from Australia to Canada to France. Companies like AT&T, Ericsson, Verizon, and Nokia obviously cooperate. The NSA assumes that China is attempting to do the same and that Huawei, as a Chinese company, will provide assistance. The evidence suggests otherwise. Huawei is the primary opponent of U.S. security. more
The premise of crowdsourcing the task of uncovering new bugs and vulnerabilities in an organization's web applications or consumer products sounds compelling to many. What's not to like with the prospect of "many eyes" poking and prodding away at a corporate system for a minimal reward -- and preemptively uncovering flaws that could have been exploited by hackers with nefarious intent? more
A recent study suggests Rustock and Xarvester malware provided the most efficient spambot code, enabling individual zombie computers to send 600,000 spam messages each over a 24 hour period. "Over the past few years, botnets have revolutionized the spam industry and pushed spam volumes to epidemic proportions despite the best efforts of law enforcement and the computer security industry. Our intention was to better understand the origins of spam, and the malware that drives it," said Phil Hay, senior threat analyst, TRACElabs (a research arm of security company Marshal8e6)... more
Now that we are all working from home (WFH), the need for encryption must also increase in priority and awareness. Zoom's popular video conferencing solution got in hot water because they promised "end-to-end" encryption but didn't deliver on it - prompting some organizations to ban it from use altogether. Encryption protects confidential information from being exposed in transmission, providing a secure way for the intended recipient to get the information without snooping by others. more
A new network of European telecommunication satellites will be active from 2024, following the green light by European Parliament. The Infrastructure for Resilience, Interconnectivity and Security by Satellite project is aimed at providing a secure communications infrastructure for EU government bodies and agencies, emergency services and European delegations around the world. more
J. Nicholas Hoover reporting in InformationWeek: "The White House on Wednesday issued an update of the Obama administration's ongoing cybersecurity work, detailing some of the steps being taken in an effort to secure the nation's networks against cyber attacks and in the process offering some new insight into the administration's future plans. The progress report, issued immediately after a meeting held by White House cybersecurity coordinator Howard Schmidt with agency secretaries, cybersecurity experts..." more
The United States has shifted its Russia strategy more toward offense and inserted potentially crippling malware inside Russia's electric power grid at a depth and with an aggressiveness that had never been tried before, according to a New York Times's story that broke over the weekend. more
The White House has released a charter offering more transparency into the Vulnerabilities Equities Process. more
A team of researchers have released a report detailing a new type of threat in which adjacent IoT devices, such as Internet-connected light bulbs, will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction. more
There are new threats that you may have already been exposed to. Here are some of the new threats and advice on how to protect yourself. During this pandemic, Zoom has emerged as a very popular teleconferencing choice for companies and educational institutions, but a new weakness for Zoom was also discovered. Some online conferences and classes that had not password protected their sessions fell victim to eavesdroppers using the screen sharing feature to "Zoom Bomb" those sessions with graphic images. more
Talking technical is easy. Distilling technical detail, complex threats and operation nuances down to something that can be consumed by people whose responsibility for dealing with cybercrime lays three levels below them in their organizational hierarchy is somewhat more difficult. Since so many readers here have strong technical backgrounds and often face the task of educating upwards within their own organizations, I figured I'd share 4 slides from my recent presentation that may be helpful in communicating how the world has changed. more
"Nobody knows anything," screenwriter William Goldman (think "Butch Cassidy and the Sundance Kid" and "The Princess Bride") said famously of Hollywood. The same may be said of enterprise security. Word now comes that the Sony hack for which the FBI has fingered North Korea may, in fact, be the work of some laid-off and disgruntled Sony staff. But that's not clear, either. more
A World-Renowned Source for Internet Developments. Serving Since 2002.