Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
I am proud (or disappointed) to announce the 8th annual MIT Spam Conference, March 25th and 26th at MIT in Cambridge, Massachusetts. A regular research competition that brings out the best minds in the fight against unsolicited email. At this point it would be helpful to provide a little background on the conference and remind everyone that the Call For Papers is still open. more
A new security report reveals cryptominers infected ten times more organizations than ransomware in 2018, but only one in five IT security professionals were aware their company's networks had been infected by mining malware. more
In the U.S., it is a federal crime to use malware to intentionally cause "damage without authorization" to a computer that is used in a manner that affects interstate or foreign commerce. Most, if not all, U.S. states outlaw the use of malware to cause damage, as do many countries. The Council of Europe's Convention on Cybercrime, which the United States ratified a few years ago, has a provision concerning the possession of malware. Article 6(1)(b) of the Convention requires parties to the treaty to criminalize the possession of malware "with intent that it be used for the purpose of committing" a crime involving damage to a computer or data... more
ICANN has published its first new monthly report providing statistics and insight into security threats to generic top-level domains (gTLDs). more
Garth Bruen writes: Within the next few weeks Google plans to update its pharmacy policy which will restrict pharmacy advertisements. Once in effect, the updated policy will only allow VIPPS and CIPA certified pharmacies to advertise. Additionally these pharmacies can only target ads within their country. more
In 2019, we've seen a surge in domain name system (DNS) hijacking attempts and have relayed warnings from the U.S. Cybersecurity and Infrastructure Agency, U.K.'s Cybersecurity Centre, ICANN, and other notable security experts. Although the topic has gained popularity amongst CIOs and CISOs, most companies are still overlooking important security blind spots when it comes to securing their digital assets outside the enterprise firewalls -- domains, DNS, digital certificates. more
DNS tunneling -- the ability to encode the data of other programs or protocols in DNS queries and responses -- has been a concern since the late 1990s. If you don't follow DNS closely, however, DNS tunneling likely isn't an issue you would be familiar with. Originally, DNS tunneling was designed simply to bypass the captive portals of Wi-Fi providers, but as with many things on the Web it can be used for nefarious purposes. For many organizations, tunneling isn't even a known suspect and therefore a significant security risk. more
The latest discovery came while researchers at a security firm found a young Russian hacker bragging in an online forum that he had collected and was ready to give away a far larger number of stolen credentials that ended up totalling 1.17 billion records, Reuters reports. more
Several years ago, vulnerability disclosure programs, also called "bug bounty" programs, were novel and eyed with suspicion. Given sensitivities and potential liabilities, companies are wary of public disclosure and hackers seeking to exploit research. When a hacker presented a flaw to a company, the company was more likely to be concerned about taking legal action than making a public announcement or offering a reward. That is changing. more
On November 2, 2009, Microsoft released its seventh edition of the Security and Intelligence Report (SIR). The SIR provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Using data derived from hundreds of millions of Windows computers, and some of the busiest online services on the Internet, this report also provides a detailed analysis of the threat landscape and the changing face of threats and countermeasures and includes updated data on privacy and breach notifications. The following is an excerpt from the SIR, pp 29-32, about the Conficker worm and the industry response that showed an incredible amount of collaboration across vendors. more
Heartbleed, for anyone who doesn't read the papers, is a serious bug in the popular OpenSSL security library. Its effects are particularly bad, because OpenSSL is so popular, used to implement the secure bit of https: secure web sites on many of the most popular web servers such as apache, nginx, and lighttpd. A few people have suggested that the problem is that OpenSSL is open source, and code this important should be left to trained professionals. They're wrong. more
At the Internet Engineering Task Force (IETF) it is time we accept the wide range of drivers behind (and implications of) standards and for stakeholders to start listening to each other. A protocol recently released by the IETF, DNS over HTTPS (DoH), is at the centre of an increasingly polarised debate. This is because DoH uses encryption in the name of security and privacy and re-locates DNS resolution to the application layer of the Internet. more
Today we publish an overview of domains registered through Domain Silver, Inc, a registrar operating in the .pl domain. This Registrar started operating in May 2012. Since that time, the CERT Polska team started to observe a large increase in the amount of malicious domains registered in .pl and to receive many complaints concerning domains registered through Domain Silver. more
In light of increasing reports of malicious activity targeting the DNS infrastructure, ICANN is calling for the full deployment of the Domain Name System Security Extensions (DNSSEC) across all unsecured domain names. more
A report "Securing Cyberspace for the 44th Presidency" has just been released. While I don't agree with everything it says (and in fact I strongly disagree with some parts of it), I regard it as required reading for anyone interested in cybersecurity and public policy. The analysis of the threat environment is, in my opinion, superb; I don't think I've seen it explicated better. Briefly, the US is facing threats at all levels, from individual cybercriminals to actions perpetrated by nation-states. The report pulls no punches... more
A World-Renowned Source for Internet Developments. Serving Since 2002.