Cybersecurity

Internet Domain Shutdowns: Ineffective and Risky, Experts Warn

Efforts to curb illegal online content through domain shutdowns are proving ineffective and carry significant risks, according to a new report by eco and its topDNS initiative. more

Cybercrime Costs German Companies €267 Billion, Organised Crime and Foreign Nations Blamed

German companies have suffered substantial financial losses due to cybercrime and sabotage, totaling approximately €267 billion ($298 billion) over the past year. This represents a 29% increase compared to the previous year, according to a survey released on Wednesday by the industry association Bitkom. more

Rising Ransomware Threats and a Record-Breaking $75M Payout

A recent report has revealed an alarming trend in ransomware attacks and a staggering $75 million ransom payout. The report by Zscaler ThreatLabz team indicates a 17.8% increase in ransomware attacks. more

Phishers Exploit the Cybercrime Supply Chain Despite the Availability of Effective Countermeasures

Interisle Consulting Group today released its fourth annual Phishing Landscape report investigating where and how cybercriminals acquire naming and hosting resources for phishing. Our study shows that cybercriminals evolved their tactics for obtaining attack resources, including sharply increasing their exploitation of subdomain and gateway providers. more

An Unnatural .Bond: A Study of a ‘Megacluster’ of Malware Domains

A recent news story, following research from security provider Infoblox, highlighted the case of the 'Revolver Rabbit' cybercriminal gang, who have registered more than half-a-million domains to be used for the distribution of information-stealing malware. The gang make use of automated algorithms to register their domains, but unlike the long, pseudo-random ('high entropy') domain names frequently associated with such tools, the Revolver Rabbit domains instead tend to consist of hyphen-separated dictionary words (presumably so as to obfuscate their true purpose), with a string of digits at the end. more

Analysis of the Global IT Breakdown Caused by Microsoft-CrowdStrike

The Optus outage in Australia from last year was immediately on my mind when on Friday afternoon a similar event swept, this time, across the world. Also, in this case it was a software update that caused the problem. This time from global security software provider CrowdStrike. The culprit appears to be an update to the CrowdStrike Falcon platform, a security monitoring tool widely deployed by businesses and organisations on Microsoft desktop computers and notebooks. more

Kaspersky Lab to Shut Down U.S. Operations Amid Federal Ban

Russian cybersecurity firm Kaspersky Lab has announced the closure of its U.S. division, resulting in layoffs for its U.S.-based employees. The decision follows a recent U.S. Commerce Department ban on the sale of Kaspersky software, effective from July 20, due to national security concerns. more

Security Lapses Lead to Squarespace Domain Hijacks

At least a dozen organizations experienced domain hijacks through the domain registrar Squarespace last week. The incidents, occurring between July 9 and July 12, primarily affected cryptocurrency businesses such as Celer Network, Compound Finance, Pendle Finance, and Unstoppable Domains. more

Biden Administration Probes Chinese Telecom Firms Over U.S. Data Security Concerns

The Biden administration is investigating China Mobile, China Telecom, and China Unicom over concerns that these companies could potentially exploit their access to U.S. data through their cloud and internet services, potentially sharing this data with the Chinese government. more

Biden Administration Bans Kaspersky Software Over National Security Concerns

The Biden administration is set to prohibit the sale of Kaspersky Lab's antivirus software in the U.S., citing national security risks due to the company's ties to the Russian government. more

Researchers Expose Privacy Risks in Apple and Starlink’s Geo-Location Data, Uncovering Military and Civilian Tracking

Researchers from the University of Maryland have revealed significant privacy and security concerns related to the way Apple and Starlink geo-locate devices. Their study found that Apple's Wi-Fi Positioning System (WPS) collects and publicly shares precise locations of Wi-Fi access points. more

UK First Country to Implement Cybersecurity Laws for Smart Devices, Including Banning Easily Guessable Default Passwords

Today UK's new consumer protection laws against hacking and cyber-attacks officially take effect. This legislation, a global first, mandates that all internet-connected smart devices - from smartphones and game consoles to connected refrigerators - meet stringent security standards. more

The xz liblzma Vulnerability

On 29 March 2024, an announcement was posted notifying the world that the Open-Source Software (OSS) package "xz-utils," which includes the xz data compression program and a library of software routines called "liblzma" and which is present in most Linux distributions, had been compromised. The insertion of the compromised code was done by "Jia Tan", the official maintainer of the xz-utils package. more

Biden Administration Alerts Governors to Rising Cyber Threats on U.S. Water Systems

The Biden administration has issued a stark warning to the nation's governors about the increasing threat of cyberattacks on the United States' water and wastewater systems. more

Global Law Enforcement Strikes Major Blow Against LockBit Ransomware Operation

In a significant global operation, law enforcement agencies from 10 countries have severely disrupted the LockBit ransomware group, recognized as the most prolific and harmful cyber threat worldwide. more