Cybersecurity

The xz liblzma Vulnerability

On 29 March 2024, an announcement was posted notifying the world that the Open-Source Software (OSS) package "xz-utils," which includes the xz data compression program and a library of software routines called "liblzma" and which is present in most Linux distributions, had been compromised. The insertion of the compromised code was done by "Jia Tan", the official maintainer of the xz-utils package. more

Biden Administration Alerts Governors to Rising Cyber Threats on U.S. Water Systems

The Biden administration has issued a stark warning to the nation's governors about the increasing threat of cyberattacks on the United States' water and wastewater systems. more

Global Law Enforcement Strikes Major Blow Against LockBit Ransomware Operation

In a significant global operation, law enforcement agencies from 10 countries have severely disrupted the LockBit ransomware group, recognized as the most prolific and harmful cyber threat worldwide. more

GAC Communiqués and Community Activity on DNS Abuse

This blog post and the associated report aim to provide an overview of DNS Abuse 1related issues the Governmental Advisory Committee (GAC), part of the ICANN multi-stakeholder model, has identified. We also summarize the relevant community activity taking place to address these areas of interest and highlight remaining gaps. From 2016 to June 2023, the GAC referenced four primary categories of activity related to DNS Abuse. more

UN Treaty Threatens Cybersecurity, Warns Google

As governments convene to discuss the UN Cybercrime Treaty, Google is urging caution, warning that the current draft could endanger online security and free expression.  more

U.S. Implements New Visa Restrictions to Combat Commercial Spyware Abuse

The U.S. has introduced a new visa restriction policy targeting individuals implicated in the misuse of commercial spyware. Secretary of State Antony Blinken announced that these restrictions would apply to those involved in, facilitating, or benefiting from the abuse of such technology. more

Internet Governance Outlook 2024: “Win-Win-Cooperation” vs. “Zero Sum Games”?

The 2024 "To-Do-List" for all stakeholders in the global Internet Governance Ecosystem is a very long one. Not only the real world but also the virtual world is in turmoil. Vint Cerf once argued that the Internet is just a mirror of the existing world. If the existing world is in trouble, the Internet world has a problem. more

Verisign Provides Open Source Implementation of Merkle Tree Ladder Mode

The quantum computing era is coming, and it will change everything about how the world connects online. While quantum computing will yield tremendous benefits, it will also create new risks, so it's essential that we prepare our critical internet infrastructure for what's to come. That's why we're so pleased to share our latest efforts in this area, including technology that we're making available as an open source implementation to help internet operators worldwide prepare. more

UN and Cybersecurity: Searching for Consensus in a Divided World

The 78th UN General Assembly (UNGA) addressed the issue of cybersecurity again at one of its last meetings in December 2023. It included the adoption of four resolutions on the Open-Ended Working Group (OEWG), a "Program of Action" (POA), and autonomous weapon systems. The texts of the four draft resolutions were negotiated in UNGA's 1st committee, responsible for international security issues, in October and November 2023. more

Australia Launches Major Cybersecurity Revamp Following Recent Major Cyberattacks

Australia is set to enhance its cybersecurity framework in response to recent widespread cyberattacks. The government has released its 2023 -- 2030 Cyber Security Strategy, aiming to position Australia among the top cyber-secure nations by 2030. more

Denmark Encounters Largest Cyber Attack on Its Critical Infrastructure to Date

Denmark experienced its largest-ever cyberattack in May, targeting the nation's critical infrastructure. SektorCERT, the Danish cybersecurity authority, reported breaches in 22 companies within days. Many resorted to 'island mode,' isolating themselves from the internet to contain the threat. more

Rise in Cybercrime Exploiting Artificial Intelligence Hype Leads to Growing Threats Within the .ai Domain Space

Cybercriminals are leveraging the growing popularity of artificial intelligence to perpetrate attacks, capitalizing on the surge in interest following the release of chatbot technologies like ChatGPT. New research by Netcraft reports on the increasing use of .ai domain names where criminals use malicious websites around AI to draw in victims. more

The IoT Cyber Seal Fog

For four days in Southern France, cybersecurity experts from a broad array of different countries and sectors gathered for the annual ETSI Security Conference. The event undertaken by one of the world's major industry information-communication (ICT) standards organisations was intended to take stock of the state of cybersecurity and trends. more

Mitigating DNS Abuse and Safeguarding the Internet

The internet is a beacon of global connectivity and information, but it has also become a battleground where malicious actors exploit vulnerabilities for various immoral purposes. Domain Name System (DNS) abuse stands has proven a constant in the internet threat landscape, posing risk to the overall digital trust. more

Notes from NANOG 89: Trust and Network Infrastructure

Trust is such a difficult concept in any context, and certainly, computer networks are no exception. How can you be assured that your network infrastructure is running on authentic platforms, both hardware and software and its operation has not been compromised in any way? more