Cybersecurity

Sponsored
by

Cybersecurity / Recently Commented

U.S. Senate’s Hearing on ICANN

Later today, Senator Conrad Burns, who chairs the U.S. Senate subcommittee responsible for supervising ICANN, will be holding a hearing on a number of issues.

At the beginning of the year, a press release called "Burns Unveils NexGenTen Agenda For Communications Reform and Security in the 21st Century", had reported:

"U.S. Sen. Conrad Burns (R-Mont.) announced his top priorities for his chairmanship of the Senate Communications Subcommittee during the 108th legislative session. The ten items, called the Burns NexGenTen Tech Agenda, aim to strengthen security and usher reform for 21st Century Communication... more

Phishers Exploit the Cybercrime Supply Chain Despite the Availability of Effective Countermeasures

Interisle Consulting Group today released its fourth annual Phishing Landscape report investigating where and how cybercriminals acquire naming and hosting resources for phishing. Our study shows that cybercriminals evolved their tactics for obtaining attack resources, including sharply increasing their exploitation of subdomain and gateway providers. more

An Unnatural .Bond: A Study of a ‘Megacluster’ of Malware Domains

A recent news story, following research from security provider Infoblox, highlighted the case of the 'Revolver Rabbit' cybercriminal gang, who have registered more than half-a-million domains to be used for the distribution of information-stealing malware. The gang make use of automated algorithms to register their domains, but unlike the long, pseudo-random ('high entropy') domain names frequently associated with such tools, the Revolver Rabbit domains instead tend to consist of hyphen-separated dictionary words (presumably so as to obfuscate their true purpose), with a string of digits at the end. more

Analysis of the Global IT Breakdown Caused by Microsoft-CrowdStrike

The Optus outage in Australia from last year was immediately on my mind when on Friday afternoon a similar event swept, this time, across the world. Also, in this case it was a software update that caused the problem. This time from global security software provider CrowdStrike. The culprit appears to be an update to the CrowdStrike Falcon platform, a security monitoring tool widely deployed by businesses and organisations on Microsoft desktop computers and notebooks. more

Kaspersky Lab to Shut Down U.S. Operations Amid Federal Ban

Russian cybersecurity firm Kaspersky Lab has announced the closure of its U.S. division, resulting in layoffs for its U.S.-based employees. The decision follows a recent U.S. Commerce Department ban on the sale of Kaspersky software, effective from July 20, due to national security concerns. more

Security Lapses Lead to Squarespace Domain Hijacks

At least a dozen organizations experienced domain hijacks through the domain registrar Squarespace last week. The incidents, occurring between July 9 and July 12, primarily affected cryptocurrency businesses such as Celer Network, Compound Finance, Pendle Finance, and Unstoppable Domains. more

Biden Administration Probes Chinese Telecom Firms Over U.S. Data Security Concerns

The Biden administration is investigating China Mobile, China Telecom, and China Unicom over concerns that these companies could potentially exploit their access to U.S. data through their cloud and internet services, potentially sharing this data with the Chinese government. more

Biden Administration Bans Kaspersky Software Over National Security Concerns

The Biden administration is set to prohibit the sale of Kaspersky Lab's antivirus software in the U.S., citing national security risks due to the company's ties to the Russian government. more

Researchers Expose Privacy Risks in Apple and Starlink’s Geo-Location Data, Uncovering Military and Civilian Tracking

Researchers from the University of Maryland have revealed significant privacy and security concerns related to the way Apple and Starlink geo-locate devices. Their study found that Apple's Wi-Fi Positioning System (WPS) collects and publicly shares precise locations of Wi-Fi access points. more

UK First Country to Implement Cybersecurity Laws for Smart Devices, Including Banning Easily Guessable Default Passwords

Today UK's new consumer protection laws against hacking and cyber-attacks officially take effect. This legislation, a global first, mandates that all internet-connected smart devices - from smartphones and game consoles to connected refrigerators - meet stringent security standards. more

The xz liblzma Vulnerability

On 29 March 2024, an announcement was posted notifying the world that the Open-Source Software (OSS) package "xz-utils," which includes the xz data compression program and a library of software routines called "liblzma" and which is present in most Linux distributions, had been compromised. The insertion of the compromised code was done by "Jia Tan", the official maintainer of the xz-utils package. more

Biden Administration Alerts Governors to Rising Cyber Threats on U.S. Water Systems

The Biden administration has issued a stark warning to the nation's governors about the increasing threat of cyberattacks on the United States' water and wastewater systems. more

Global Law Enforcement Strikes Major Blow Against LockBit Ransomware Operation

In a significant global operation, law enforcement agencies from 10 countries have severely disrupted the LockBit ransomware group, recognized as the most prolific and harmful cyber threat worldwide. more

GAC Communiqués and Community Activity on DNS Abuse

This blog post and the associated report aim to provide an overview of DNS Abuse 1related issues the Governmental Advisory Committee (GAC), part of the ICANN multi-stakeholder model, has identified. We also summarize the relevant community activity taking place to address these areas of interest and highlight remaining gaps. From 2016 to June 2023, the GAC referenced four primary categories of activity related to DNS Abuse. more

UN Treaty Threatens Cybersecurity, Warns Google

As governments convene to discuss the UN Cybercrime Treaty, Google is urging caution, warning that the current draft could endanger online security and free expression.  more