Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
In a joint announcement today, Dutch research institute CWI and Google revealed that they have broken the SHA-1 internet security standard "in practice". more
The United States and India signed a Memorandum of Understanding (MOU) today to promote closer cooperation and the timely exchange of information between the organizations of their respective governments responsible for cybersecurity, according to U.S. Department of Homeland Security. "The MOU was signed in New Delhi by Jane Holl Lute, Deputy Secretary for the U.S. Department of Homeland Security (DHS) and R. Chandrashekhar, Secretary, India Department of Information Technology." more
With traditional cyber strategies failing businesses and governments daily, and the rise of a new breed of destruction-motivated Poli-Cyber terrorism threatening "Survivability", what are top decision makers to do next? There is a global paradigm change in the cyber and non-cyber threat landscape, and to address it the industry has to offer innovative solutions. more
Over at Techdirt, Mike Masnick did a great post a few weeks back on a theme I've written about before: peoples' tendency to underestimate the robustness of open platforms. "Once people have a taste for what that openness allows, stuffing it back into a box is very difficult. Yes, it's important to remain vigilant, and yes, people will always attempt to shut off that openness, citing all sorts of "dangers" and "bad things" that the openness allows..." more
White House has issued new directive spelling out how the Federal government will coordinate its incident response activities in the event of a large-scale cyber incident. more
Apple's Wordwide Developers Conference may have just ended, but already, the conference release of Mac's OS X 10.6 — a beta build previewed for developers — has been leaked onto torrent sites. It borders on irony: for years, Mac lovers have touted the superior security of the Mac operating system over Windows, but earlier this year, it was torrent sites — the very sites where OS X 10.6 is now being freely copied — that caused more than 25,000 Mac users to fall victim to the iServices Trojan. Some Macs never learn. more
Symantec has disabled part of one of the world's largest networks of infected computers, according to reports today. About 500,000 hijacked computers have been taken out of the 1.9 million strong ZeroAccess botnet. The zombie computers were used for advertising and online currency fraud and to infect other machines. Security experts warned that any benefits from the takedown might be short-lived. more
Straightforward out-of-court domain name proceeding can provide efficient relief against fraudulent websites and email. Google has seen a steep rise amid the Coronavirus pandemic in new websites set up to engage in phishing (i.e. fraudulent attempts to obtain sensitive information such as usernames, passwords and financial details). Companies in all industries - not just the financial sector - are at risk from this nefarious practice. But one relatively simple out-of-court proceeding may provide relief. more
Each SANSFIRE, the Handlers who can make it to DC get together for a panel discussion on the state of information security. Besides discussion of the hot DNS issue, between most of us there is a large consensus into some of the biggest problems that we face. Two come to mind, the fact that "users will click anything" and that "anti-virus is no longer sufficient". These are actually both related in my mind... more
The 24th DNS-OARC meeting was held last week in Buenos Aires -- a two-day DNS workshop with amazingly good, consistent content. The programme committee are to be congratulated on maintaining a high quality of presentations. Here are my picks of the workshop. They fall into three groups, covering themes I found interesting... These presentations related to the ongoing problem of DNS as a source of reflection attacks, or a victim of attempted DDoS... more
Security researchers have identified a new phishing attack method designed to trick users into surrendering confidential information after they have logged on to an online banking, brokerage, or other sensitive website. The technique, called In Session Phishing, can be used to inject into all major browsers legitimate looking Pop Up messages using malicious JavaScript that request passwords, account numbers, etc., on behalf of the trusted website. more
Think your organization is exempt from in-house network abuse? Think again. A CFCA Global Fraud Survey of communication service providers found that dealer fraud was one of the top five methods of fraud, costing $US 3.35 billion annually. In this scenario, customer service representatives (CSRs) or administrators with access to account information may upgrade friends or family to a premium service package or even provide free access to services. more
The Australian Bureau of Statistics reports deliberate and "malicious" attacks from offshore, designed to sabotage nation's first online 2016 Census. more
As part of its Transparency Report, Google recently released large amount of data related to unsafe websites. Google groups unsafe websites into two main categories: Malware and Phishing sites. more
The U.S. government has declared criminal charges, economic sanctions, and a $10 million reward for information leading to the arrest of a Russian citizen, Mikhail Matveev. Accused of a series of ransomware attacks, Matveev's alleged operations, known as Babuk, have targeted entities such as the D.C. police, an airline, and other American industries. more
A World-Renowned Source for Internet Developments. Serving Since 2002.