Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
If you haven't been reading the news of late, venerable anti-spam service Spamhaus has been the target of a sustained, record-setting Distributed Denial-of-Service (DDoS) attack over the past couple of weeks... Of course, bad guys are always mad at Spamhaus, and so they had a pretty robust set-up to begin with, but whoever was behind this attack was able to muster some huge resources, heretofore never seen in intensity, and it had some impact, on the Spamhaus website, and to a limited degree, on the behind-the-scenes services that Spamhaus uses to distribute their data to their customers. more
An unprecedented cyberattack on the Canadian government also targeted Defence Research and Development Canada, making it the third key department compromised by hackers, CBC News has learned. ... While there is no definitive proof, of course, that China was behind these attacks, there is a lot of circumstantial evidence that points in that direction. China (allegedly) has a long history of engaging in espionage activities in order to gain access to information. In the United States, this is sometimes referred to as cyber warfare, but I think that cyber espionage is a better choice of terms. more
In my recent write-up I start by discussing some recent threats network operators should be aware of, such as recursive DNS attacks. Then, a bit on the state of the Internet, cooperation across different fields and how these latest threats with DDoS also relate to worms and bots, as well as spam, phishing and the immense ROI organized crime sees. I try and bring some suggestions on what can be done better, and where we as a community, as well as specifically where us, the "secret hand-shake clubs" of Internet security fail and succeed. Over-secrecy, lack of cooperation, lack of public information, and not being secret enough about what really matters. more
Over the last two years, we've all faced supply shortages on items we previously never thought could be in short supply. Most recently, the baby formula and semiconductor markets were hit. Before that, supply chain attacks on Colonial Pipeline and JBS Foods showed us that an attack on one company through a singular point of compromise has the potential to disrupt an entire network of connected companies, products, partners, vendors, and customers. more
At the 20th Internet Governance Forum in Lillestrøm, Norway, the UN Internet Governance Forum's dynamic coalition Internet Standards, Security and Safety (IS3C) released its new report on post-quantum policies. This report presents the findings of a collaborative study undertaken by IS3C and the French domain name registry Afnic and examines the critical need for Post-Quantum Cryptography (PQC) to achieve greater security in the ever-expanding global IoT landscape. more
DNSSEC is being rolled out quickly in top-level domain registries around the world, but there's still some way to go to encourage other Internet stakeholders to adopt the new security technology. That was one of the key takeaways from a day-long, comprehensive session on Domain Name System Security Extensions implementation worldwide, held during ICANN's public meeting in Cartagena, Colombia, last week. more
The 30-day .BANK Sunrise Period just concluded this week and is notable for several reasons. The .BANK TLD is highly restricted to members of the banking industry. The .BANK Registry (which also has rights to .INSURANCE, launching this fall), was founded by 24 companies and organizations from the banking and insurance industries, The Registry's founders include industry leaders such as the American Banking Association, Citigroup, Dollar Bank, Independent Community Bankers of America, JPMorgan, Visa and Wells Fargo. more
A recent report published by the cybersecurity firm Armor says ransomware infections have hit over 500 US schools in 2019 to date. Armor warns the rate of attack seems to be picking up with 15 new ransomware victims in the last two weeks, all of them educational institutions. more
We have just issued a new report detailing abuse of the Domain Name System and Registrar contract compliance issues. The report specifically discusses several items including: Registrars with current legal issues; Illicit Use of Privacy-Proxy WHOIS Registration; A study on the contracted obligation for Bulk WHOIS Access; and more. more
XENOTIME, the notorious group behind what is regarded as the most dangerous malware targetting industrial control systems has expanded its targeting beyond oil and gas to the electric utility sector. more
In a highly anticipated presentation, Internet security researcher Dan Kaminsky today gave details of the much talked about Domain Name System (DNS) vulnerability issue which has been intensely covered since it was publicly announced a month ago on Jul 8th. Although original plans entailed keeping the bug details undisclosed for 30 days in order to allow for necessary security patches to be implemented around the world, details of the bug were eventually leaked-and-confirmed 13 days after its public announcement. Even so, just hours ago in jam-packed ballroom during the Black Hat conference, Kaminsky delivered his 100-plus-slide presentation detailing the DNS flaw that, if exploited, could potentially "destroy the Web". more
Comcast, a leading ISP in the U.S., has fully deployed Domain Name System Security Extensions (DNSSEC) according to a company announcement today. Jason Livingood, Comcast's Vice President of Internet Systems writes: "As of today, over 17.8M residential customers of our Xfinity Internet service are using DNSSEC-validating DNS servers. In addition, all of the domain names owned by Comcast, numbering over 5,000, have been cryptographically signed. All of our servers, both the ones that customers use and the ones authoritative for our domain names, also fully support IPv6." more
Business email compromised (BEC) attacks targeting American companies are exploding, with an increase of over 476% in incidents between Q4 2017 and Q4 2018. Up as well is email fraud with companies experiencing an increase of over 226%. These highly targeted attacks use social engineering to identify specific company employees, usually in the finance department and then convince these employees to wire large sums of money to third-party banking accounts owned by the attackers. more
Several years ago, vulnerability disclosure programs, also called "bug bounty" programs, were novel and eyed with suspicion. Given sensitivities and potential liabilities, companies are wary of public disclosure and hackers seeking to exploit research. When a hacker presented a flaw to a company, the company was more likely to be concerned about taking legal action than making a public announcement or offering a reward. That is changing. more
March has seen the first of the DNS Operations, Analysis, and Research Center (OARC) workshops for the year, where two days of too much DNS is just not enough! These workshops are concentrated within two days of presentations and discussions that focus exclusively on the current state of the DNS. Here are my impressions of the meeting. more
A World-Renowned Source for Internet Developments. Serving Since 2002.