Cybersecurity

The Operationalization of Norms and Principles on Cybersecurity

With two simultaneous processes getting underway in the UN General Assembly's First Committee, the UN Group of Governmental Experts (GGE) and the Open-Ended Working Group (OEWG) on Cybersecurity, and several technology and multi-stakeholder initiatives pushing cybersecurity improvement, the world of cyber norms has become both more interesting and more complicated. more

European Data Breaches Have Resulted in Loss of 645 Million Records Since 2004

A first-time study of publically-reported data breaches in the 28 European Union member countries, plus Norway and Switzerland, conducted by the Central European University's Center for Media, Data and Society (CMDS) has found that between 2004 and 2014 the continent's organizations suffered 229 incidents covering 227 million personal records.  more

New Trojan Used in High Level Financial Attacks, Multiple Banks Attacked

Since January 2016, discreet campaigns involving malware called Trojan.Odinaff have targeted a number of financial organizations worldwide, warned Symantec Security Response team on Tuesday. more

Cybercriminals Continuing to Exploit Human Nature, Increasing Reliance on Ransomware, Study Finds

Cybercriminals are continuing to exploit human nature and relying on familiar attack patterns such as phishing, and increase their reliance on ransomware, where data is encrypted and a ransom is demanded, according to Verizon 2016 Data Breach Investigations Report released today. more

Experts Concerned Over Looming Security Risks of Ultrasonic Cross-Device Tracking

In the upcoming Black Hat London presentation, security researcher from University College London, Vasilios Mavroudis and colleagues are going to describe and demonstrate the practical security and privacy risks that arise with the adoption systems enabled with ultrasonic cross-device tracking (uXDT). more

FISMA Focus: Continuously Monitoring the Cyber-Levee

NIST's release of their initial public draft of SP 800-137, Guide for Continuous Monitoring of Information Systems and Organizations will create a set of challenges for the federal cybersecurity community. Agencies and contractors will need to shape the document through the multi-stage revision process while continuing to implement their own continuous monitoring measures. more

Automated Web Application Attacks Can Peak at 25,000 an Hour

Web applications, on average, experience twenty seven attacks per hour, or roughly one attack every two minutes, according to the newly released Imperva Web Application Attack Report. Report also notes that when websites came under automated attack they received up to 25,000 attacks in one hour, or 7 attacks every second. more

Security Flaw in TPM Chips Allows Attacks on RSA Private Keys

Details of Infineon’s RSA key generation vulnerability was made public today after several announcements by vendors last week. more

Healthcare Industry Was the Most Common Victim of Third-Party Breaches in 2022

Health care industry was the most common victim of cyberattacks in 2022, according to a report by cyber intelligence firm, Black Kite. The study found a total of 34.9% of cyberattacks occurred in health care, up 1% from the year before, making it the most attacked sector for the second year in a row. more

Flame Virus Was Developed by U.S., Israel to Slow Iranian Nuclear Efforts, According to Officials

The United States and Israel are reported to be responsible for developing the Flame virus aimed at collecting intelligence in preparation for cyber-sabotage aimed at slowing Iran's ability to develop a nuclear weapon, according to Western officials with knowledge of the effort. According the Washington Post, "[t]he massive piece of malware secretly mapped and monitored Iran's computer networks, sending back a steady stream of intelligence to prepare for a cyberwarfare campaign, according to the officials." more

FBI Takes Down China-Backed Botnet, Facilitates Ransomware Negotiations

The FBI and international partners dismantled a China-backed botnet run by the Integrity Technology Group, a company linked to Chinese government espionage. more

Making Voting Easy is Scaring the Life Out of Security Experts

Apollo 11 was the spaceflight which landed the first two humans on the Moon. Commander Neil Armstrong and lunar module pilot Buzz Aldrin landed the Apollo Lunar Module, Eagle, on July 20, 1969. Armstrong became the first person to step onto the lunar surface six hours later, and Aldrin joined him 19 minutes later. The two astronauts spent about two and a quarter hours outside the spacecraft, and they collected 47.5 pounds of lunar material to bring back. more

Biden Administration to Back UN Cybercrime Treaty Amid Controversy

The Biden administration is poised to support a contentious United Nations cybercrime treaty, a move likely to spark debate over potential abuses, according to top officials.  more

Symantec Chosen as Verification Agent for .bank and .insurance TLDs

fTLD Registry Services, LLC has announced an agreement with Symantec Corporation to provide verification services for the ".bank" and ".insurance" generic top-level domains. According to the report, Symantec will be responsible for adding a layer of protection to the new domains by verifying the eligibility of companies requesting domain names, making sure the person requesting the domain name is authorized by the company and ensuring the name requested by the company complies with fTLD's policies. more

NANOG’s Edward Mc Nair to Deliver Keynote Address at CaribNOG 17 in April

Edward Mc Nair will deliver the keynote address at the next regional meeting of the Caribbean Network Operators Group (CaribNOG), to be held in Bridgetown, Barbados from April 10 to 12. The featured talk will take place on Thursday 11 April at 9 am AST. A live netcast will be available. Mc Nair is the Executive Director of the North American Network Operators Group (NANOG). more