Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
Straightforward out-of-court domain name proceeding can provide efficient relief against fraudulent websites and email. Google has seen a steep rise amid the Coronavirus pandemic in new websites set up to engage in phishing (i.e. fraudulent attempts to obtain sensitive information such as usernames, passwords and financial details). Companies in all industries - not just the financial sector - are at risk from this nefarious practice. But one relatively simple out-of-court proceeding may provide relief. more
During a conference, "Internet of Things," in France, the U.S. Department of Commerce made the announcement that it will hold a public consultation on the different proposals to cryptographically sign the DNS root zone file, and determine who will hold the root zone trust anchor for global DNSSEC implementation, says Milton Mueller on the Internet Governance Forum blog. The blog, titled "Commerce Department asks the world to comment on its plans to retain control of the root," continues... more
An Internet Bill of Rights may or may not be a good idea. The point here is that, besides highly commendable topics such as net neutrality and privacy, some of them seem to mandate cybersecurity. Approved in Brazil last May, the Marco Civil includes the principle of preservation of stability, security and functionality of the network, via technical measures consistent with international standards. more
Think your organization is exempt from in-house network abuse? Think again. A CFCA Global Fraud Survey of communication service providers found that dealer fraud was one of the top five methods of fraud, costing $US 3.35 billion annually. In this scenario, customer service representatives (CSRs) or administrators with access to account information may upgrade friends or family to a premium service package or even provide free access to services. more
The 24th DNS-OARC meeting was held last week in Buenos Aires -- a two-day DNS workshop with amazingly good, consistent content. The programme committee are to be congratulated on maintaining a high quality of presentations. Here are my picks of the workshop. They fall into three groups, covering themes I found interesting... These presentations related to the ongoing problem of DNS as a source of reflection attacks, or a victim of attempted DDoS... more
The Australian Bureau of Statistics reports deliberate and "malicious" attacks from offshore, designed to sabotage nation's first online 2016 Census. more
Despite headlines now at least a couple of years old, the InfoSec world is still (largely) playing lip-service to the lack of security talent and the growing skills gap. The community is apt to quote and brandish the dire figures, but unless you're actually a hiring manager striving to fill low to mid-level security positions, you're not feeling the pain -- in fact, there's a high probability many see problem as a net positive in terms of their own employment potential and compensation. more
In a post on a developers’ forum, software engineer on the Google Chrome team Ryan Sleevi has announced Google’s plan to start gradually distrust all existing Symantec-issued certificates. more
In the always interesting Lawfare blog, former FBI counsel Jim Baker in a piece called Rethinking Encryption reiterates his take on the encryption debates. There's a certain amount that makes me want to bang my head against the wall... But it's worth reading to remind us of what the other side is thinking, even with a lot of motivated reasoning that makes him conclude that Congress can pass some laws and the going dark problem will be solved. more
Sophie Curtis of eWeek reports: "Researchers have discovered a hole in the secure sockets layer (SSL) protocol, enabling man-in-the-middle attackers to hack into secure applications despite traffic encryption. According to security researcher Chris Paget, hackers can exploit this flaw by breaking into shared hosting environments, mail servers and databases, and inserting text into encrypted traffic as it passes between two end users. This could lead to fragmentation of SSL transactions, giving hackers the opportunity to inject false commands such as password resets into communications which are otherwise encrypted." more
Russian government hackers are reported to be behind latest cyber-intrusions into the business systems of U.S. nuclear power and other energy companies with efforts to assess networks. more
Security researchers have identified a new phishing attack method designed to trick users into surrendering confidential information after they have logged on to an online banking, brokerage, or other sensitive website. The technique, called In Session Phishing, can be used to inject into all major browsers legitimate looking Pop Up messages using malicious JavaScript that request passwords, account numbers, etc., on behalf of the trusted website. more
At Verisign, we believe that continuous improvements to the safety and security of the global routing system are critical for the reliability of the internet. As such, we've recently embarked on a path to implement Resource Public Key Infrastructure (RPKI) within our technology ecosystem as a step toward building a more secure routing system. In this blog, we share our ongoing journey toward RPKI adoption and the lessons we've learned as an operator of critical internet infrastructure. more
Security expert and malware analyst, Lenny Zeltser has examined a creative malware distribution method in the real world where fliers placed on windshield of cars scare drivers into visiting a malicious website. Zeltser writes: "Several days ago, yellow fliers were placed on the cards in Grand Forks, ND. They stated: 'PARKING VIOLATION This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to website-redacted' ... If you went to the website, you'd see several photos of cars on parking lots in that specific town..." more
In what is currently the largest healthcare industry data breach, Hospital Corporation of America (HCA) has confirmed the theft of 11 million patient records. HCA, one of the country's most prominent healthcare providers, believes the breach originated from an external storage system used for email automation. more
A World-Renowned Source for Internet Developments. Serving Since 2002.