Cybersecurity

Trump Relaxes U.S. Regulation to Launch Cyberattacks

President Donald Trump has reversed an Obama-era policy that set limits on how the United States deploys cyberattacks. more

The Rise of ChatGPT and Its Impact on Cybersecurity

The emergence of ChatGPT, a powerful AI language model developed by OpenAI, has revolutionized the way developers approach coding tasks. With its ability to generate code snippets and even entire software programs, ChatGPT offers convenience and time-saving potential. more

Security Lapses Lead to Squarespace Domain Hijacks

At least a dozen organizations experienced domain hijacks through the domain registrar Squarespace last week. The incidents, occurring between July 9 and July 12, primarily affected cryptocurrency businesses such as Celer Network, Compound Finance, Pendle Finance, and Unstoppable Domains. more

NIST Cancels FISMA Continuous Monitoring Document’s 2nd Public Draft

NIST has released a revised FIMSA Implementation Schedule that omits a previously planned Second Public Draft of SP 800-137: Information Security Continuous Monitoring for Federal Information Systems and Organizations. Instead, NIST plans to proceed directly to a Final Public Draft, now expected in May 2011. more

Coronavirus Online Threats Going Viral, Part 5: Social Media

For our final blog in this series, looking at the online risks associated with COVID-19, we focus on social media. The popularity of social media channels means that they are extremely susceptible to exploitation by cybercriminals and other infringers, particularly during the coronavirus crisis. In an earlier post in this series, we discussed the use of social media for the distribution of phishing-related content, but CSC has also noted marked activity relating to the creation of fake accounts. more

Over 2 Million VPN Passwords Compromised by Malware Attacks

A recent report from Specops Software reveals alarming security vulnerabilities within VPN password systems, highlighting over two million VPN passwords stolen by malware in the past year. more

U.S. Department of Transportation Issues Federal Cybersecurity Guidance to Automotive Industry

U.S. Department of Transportation issues Federal guidance to the automotive industry for improving motor vehicle cybersecurity. The guidance covers cybersecurity best practices for all motor vehicles, individuals and organizations manufacturing and designing vehicle systems and software. more

A CENTR White Paper on Creating More Standardized and Streamlined Domain Registry Lock Services

CENTR has published a white paper separating registry lock services into two standardized models. This categorization and the included recommendations can help top-level domain registries (re)design their registry lock services. The aim of the paper is to reduce fragmentation in implementation between registries to explain the value of registry lock to domain holders more easily. more

Centralizing DNS Data for Security, Compliance, and Performance

Private DNS data lakes consolidate fragmented logs into a centralised platform, improving visibility, security, and compliance. They enable advanced analytics, strengthen threat detection, and help organisations optimise network performance in increasingly complex IT environments. more

Going for Broke: Financial Services Industry Falling Behind on DNSSEC Adoption

Many CircleID readers have been watching the acceleration of DNSSEC adoption by top level domains with great interest, and after many years the promise of a secure and trustworthy naming infrastructure across the generic and country-code domains finally seems within reach. While TLD DNSSEC deployments are major milestones for internet security, securing the top level domains is not the end goal - just a necessary step in the process. more

US-CERT Says They Are Aware of DNS Exploit Code, Emphasizes Urgent Patching

The United States Computer Emergency Readiness Team (US-CERT) has acknowledged that they are aware of the publicly available exploit code for a cache poisoning vulnerability in common DNS implementations. US-CERT is re-emphasizing the urgency of patching vulnerable DNS systems. more

Most Cyberattacks Are From Hostile States, Reports U.K.‘s National Cyber Security Centre

A report from the U.K.'s National Cyber Security Centre blames hostile foreign states for the majority of the 1,167 attacks dealt with in the past two years. more

It’s Up to Each of Us: Why I WannaCry for Collaboration

WannaCry, or WannaCrypt, is one of the many names of the piece of ransomware that impacted the Internet last week, and will likely continue to make the rounds this week. There are a number of takeaways and lessons to learn from the far-reaching attack that we witnessed. Let me tie those to voluntary cooperation and collaboration which together represent the foundation for the Internet's development. more

NANOG 95: From Faster Fibre to Route Leaks, Operators Face Old Problems with New Tools

The NANOG 95 conference spotlighted breakthroughs in fibre optics, wireless technology, routing security, and quantum computing, offering a forward-looking assessment of internet infrastructure and its vulnerabilities, as reported by APNIC's Geoff Huston. more

Which Direction Will the Internet Go? Take Our Survey and Help Us Explore the Forces at Work

In the past seven years, the number of people online has essentially doubled, from 1.7 billion in 2009 to about 3.4 billion today. New and innovative services have also emerged and people and companies around the world are using the Internet in ways barely imagined at the turn of the decade. Looking ahead to the next five to seven years, there are many forces at work that could have a significant impact on the Internet. more