Cybersecurity

Trump Names Former Bush Aide Thomas Bossert Chief Adviser on Cybersecurity, Counterterrorism Role

President-elect Donald J. Trump has named Thomas P. Bossert, a top national security aide under President George W. Bush, to be his homeland security adviser, the Trump transition team announced Tuesday morning," Michael D. Shear reporting in the New York Times. more

US House Hearing Scheduled on Internet Stability, IANA Transition

The Subcommittee on Communications and Technology has scheduled a hearing for Wednesday, April 2, 2014 on "Ensuring the Security, Stability, Resilience, and Freedom of the Global Internet." more

Group Announces Certificate Authority to Encrypt the Entire Web, Lunching in 2015

EFF, Mozilla, Cisco, Akamai, Identrust, and researchers at the University of Michigan today announced a new certificate authority (CA) initiative called "Let's Encrypt". more

GDPR Fine Enough or More Disclosure?

The UK cares about its citizens' privacy to the tune of a $229 million (US) fine of British Airways for a breach that disclosed information of approximately half a million customers. It's exciting -- a significant fine for a significant loss of data. I think GDPR will lead to improved security of information systems as companies scramble to avoid onerous fines and start to demand more from those who provide information security services and products. more

Data Broker Reported to Have Exposed a Database Containing Close to 340 Million Individual Records

A data broker based in Palm Coast, Florida, is reported to have exposed a database that contained close to 340 million personal records on a publicly accessible server. more

Senate Urges Domain Registrars to Combat Russian Election Interference

The United States Senate Intelligence Committee Chair, Mark Warner, has called on several domain name registrars, including Namecheap, GoDaddy, and Cloudflare, to address the misuse of their services by Russian actors attempting to influence the 2024 U.S. presidential election. more

Threat Intelligence Platform in Action: Investigating Important Use Cases

As technology gets more and more sophisticated, tech-savvy cybercriminals are having a field day devising increasingly ingenious ways to steal confidential data from ill-prepared targets. What this means is that an equally sophisticated cybersecurity response is needed to keep attackers at bay. This would involve re-examining reactive cybersecurity practices and adopting a proactive approach towards an active search for risks and vulnerabilities with the help of threat intelligence (TI). more

ICANN Security Team Reports on Conficker Post-Discovery Analysis

A paper released today by ICANN provides a chronology of events related to the containment of the Conficker worm. The report, "Conficker Summary and Review," is authored by ICANN's Dave Piscitello, Senior Security Technologist on behalf of the organization's security team. more

Researchers Detail Faster Methods to Defeat Botnets Like Conficker and Kraken

Michael Cooney reporting in NetworkWorld: "Security researchers this week will detail a prototype system they say can better detect so-called Domain Name Generation- (DGA) based botnets such as Conficker and Kraken without the usual labor- and time-intensive reverse-engineering required to find and defeat such malware. The detection system, called Pleiades, monitors traffic below the local DNS server and analyzes streams of unsuccessful DNS resolutions..." more

EU Launches First European Public-Private Partnership on Cybersecurity, Plans $2B Investment

The European Commission has launched a new public-private partnership on cybersecurity expected to trigger €1.8 billion ($2B) of investment by 2020. more

A Research Finds Banking Apps Leaking Info Through Phones

A recent research seems to indicate that financial industries should increase the security standards they use for their mobile home banking solutions. IOActive Labs recently performed a black box and static analysis of worldwide mobile home banking apps. The research used iPhone/iPad devices to test a total of 40 home banking apps from the top 60 most influential banks in the world. more

SANS Develops Small-Scale City to Train Cyber Warriors

SANS has announced NetWars CyberCity, a small-scale city located close by the New Jersey Turnpike complete with a bank, hospital, water tower, train system, electric power grid, and a coffee shop. NetWars CyberCity was developed to teach cyber warriors from the U.S. Military how online actions can have kinetic effects. more

Airplanes Vulnerable to Hacking, Says U.S. Department of Homeland Security

Researchers have been able to successfully demonstrate a commercial aircraft can be remotely hacked. more

Botnets: Most Prevalent Threat on the Internet for the Enterprises

Based on the total number of transactions, Zscaler reports botnets as the biggest security risk on the Internet for the enterprises. "Once a host gets infected, the botnet usually spreads quickly within an enterprise. It also generates a significant amount of traffic to the command and control server, to download additional malware or perform other actions." more

Watching the Watchers Watching Your Network

It seems that this last holiday season didn't bring much cheer or goodwill to corporate security teams. With the public disclosure of remotely exploitable vulnerabilities and backdoors in the products of several well-known security vendors, many corporate security teams spent a great deal of time yanking cables, adding new firewall rules, and monitoring their networks with extra vigilance. more