Cybersecurity / Most Viewed

UK Raises Cybersecurity Spending to $2.3 Billion

Britain's finance minister on Tuesday announced government's new five year National Cyber Security Strategy, almost doubling the funding from its 2011 plan to 1.9 billion-pound ($2.3 billion). more

Reprot Suggests China Hacked High-Level Officials at Federal Deposit Insurance Corporation

The former chairman, chief of staff and general counsel of the agency were all infiltrated. more

British Banks Not Fully Reporting Cyber Attacks, Fear Punishment, Bad Publicity

"Britain's banks are not reporting the full extent of cyber attacks to regulators for fear of punishment or bad publicity, bank executives and providers of security systems say," reports Lawrence White in Reuters today. more

US Senators in Letter to Yahoo Say Late Hack Disclosure “Unacceptable”

"A group of Democratic U.S. senators on Tuesday demanded Yahoo Inc (YHOO.O) to explain why hackers' theft of user information for half a billion accounts two years ago only came to light last week and lambasted its handling of the breach as "unacceptable," reports Dustin Volz from Washington in Reuters. more

Is Zoom’s Server Security Just as Vulnerable as the Client Side?

Zoom programmers made elementary security errors when coding, and did not use protective measures that compiler toolchains make available. It's not a great stretch to assume that similar flaws afflict their server implementations. While Mudge noted that Zoom's Windows and Mac clients are (possibly accidentally) somewhat safer than the Linux client, I suspect that their servers run on Linux.Were they written with similar lack of attention to security? more

Security Lapses Lead to Squarespace Domain Hijacks

At least a dozen organizations experienced domain hijacks through the domain registrar Squarespace last week. The incidents, occurring between July 9 and July 12, primarily affected cryptocurrency businesses such as Celer Network, Compound Finance, Pendle Finance, and Unstoppable Domains. more

Kaspersky Lab to Shut Down U.S. Operations Amid Federal Ban

Russian cybersecurity firm Kaspersky Lab has announced the closure of its U.S. division, resulting in layoffs for its U.S.-based employees. The decision follows a recent U.S. Commerce Department ban on the sale of Kaspersky software, effective from July 20, due to national security concerns. more

Analysis of the Global IT Breakdown Caused by Microsoft-CrowdStrike

The Optus outage in Australia from last year was immediately on my mind when on Friday afternoon a similar event swept, this time, across the world. Also, in this case it was a software update that caused the problem. This time from global security software provider CrowdStrike. The culprit appears to be an update to the CrowdStrike Falcon platform, a security monitoring tool widely deployed by businesses and organisations on Microsoft desktop computers and notebooks. more

Phishers Exploit the Cybercrime Supply Chain Despite the Availability of Effective Countermeasures

Interisle Consulting Group today released its fourth annual Phishing Landscape report investigating where and how cybercriminals acquire naming and hosting resources for phishing. Our study shows that cybercriminals evolved their tactics for obtaining attack resources, including sharply increasing their exploitation of subdomain and gateway providers. more

An Unnatural .Bond: A Study of a ‘Megacluster’ of Malware Domains

A recent news story, following research from security provider Infoblox, highlighted the case of the 'Revolver Rabbit' cybercriminal gang, who have registered more than half-a-million domains to be used for the distribution of information-stealing malware. The gang make use of automated algorithms to register their domains, but unlike the long, pseudo-random ('high entropy') domain names frequently associated with such tools, the Revolver Rabbit domains instead tend to consist of hyphen-separated dictionary words (presumably so as to obfuscate their true purpose), with a string of digits at the end. more