Threat Intelligence

 Sponsored
by

Noteworthy

WHOIS History API: Powering Domain Investigations

WhoisXML API
A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider May 22, 2019 |   Read More |   13,445

Domain Research and Monitoring: Keeping an Eye on the Web for You

WhoisXML API
A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider May 24, 2019 |   Read More |   14,092

Reverse WHOIS: A Powerful Process in Cybersecurity

WhoisXML API
A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider Jun 14, 2019 |   Read More |   14,743

Threat Intelligence / Featured Blogs

The Challenge of DNS Security

Aug 19, 2013

When the domain name system (DNS) was first designed, security was an afterthought. Threats simply weren't a consideration at a time when merely carrying out a function - routing Internet users to websites - was the core objective. As the weaknesses of the protocol became evident, engineers began to apply a patchwork of fixes. After several decades, it is now apparent that this reactive approach to DNS security has caused some unintended consequences and challenges.

ICANN Bans Dotless Domains

Aug 16, 2013

Any new top level domain approved for the Internet will have to be more than just a single label. ICANN's new gTLD program committee (NGPC) has decided to ban the use of "dotless domains". TLD operators that had planned to use their new suffix as a keyword, i.e. just the string and nothing else, will now have to reconsider.

New gTLD SSR-2: Exploratory Consumer Impact Analysis (Part 5 of 5)

Aug 07, 2013

Throughout this series of blog posts we've discussed a number of issues related to security, stability, and resilience of the DNS ecosystem, particularly as we approach the rollout of new gTLDs. Additionally, we highlighted a number of issues that we believe are outstanding and need to be resolved before the safe introduction of new gTLDs can occur - and we tried to provide some context as to why, all the while continuously highlighting that nearly all of these unresolved recommendations came from parties in addition to Verisign over the last several years.

Network Security: How Attackers Gain Access from Inside

Aug 05, 2013

Most people - mistakenly - believe that they are perfectly safe behind a firewall, network address translation (NAT) device or proxy. The fact is quite the opposite: if you can get out of your network, someone else can get in. Attackers often seek to compromise the weakest link in a network and then use that access to attack the network from the inside, commonly known as a "pivot-and-attack."

The World of Internet Threats Is Constantly Changing

Aug 01, 2013

The world of Internet threats has changed continually over the years. From the time that a "worm" first showed up in the wild, or whenever someone penetrated a system without authorization for the first time, various forms of attacks and malware have presented dangers to the system and those who use it. Different vectors have received varied focus over the years... Many parts of the Internet community have been involved in addressing relevant issues and fostering efforts to combat them.

Polish CERT Polska and NASK Pull the Plug On .pl TLD On Malicious Registrar, Domain Silver

Jul 31, 2013

Today we publish an overview of domains registered through Domain Silver, Inc, a registrar operating in the .pl domain. This Registrar started operating in May 2012. Since that time, the CERT Polska team started to observe a large increase in the amount of malicious domains registered in .pl and to receive many complaints concerning domains registered through Domain Silver.

NXDOMAINS, SSAC’s SAC045, and New gTLDs (Part 4 of 5)

Jul 31, 2013

In 2010, ICANN's Security and Stability Advisory Committee (SSAC) published SAC045 [PDF], a report calling attention to particular problems that may arise should a new gTLD applicant use a string that has been seen with measureable (and meaningful) frequency in queries for resolution by the root system. The queries to which they referred involved invalid Top-Level Domain (TLD) queries (i.e., non-delegated strings) at the root level of DNS, queries which elicit responses commonly referred to as Name Error, or NXDomain, responses from root name servers.

Tactics for Responding to Cyber Attacks - Squeezing Your Cyber Response-Curve: Part 2

Jul 31, 2013

In part one of this post we introduced the cyber response curve. In this post, we have outlined some observations which illustrate how different level of maturity and approaches can affect your cyber response curve.

Can We Create a Secure Caller ID For VoIP?

Jul 29, 2013

Can we create a "secure Caller ID" for IP-based communications, a.k.a. voice-over-IP (VoIP)? And specifically for VoIP based on the Session Initiation Protocol (SIP)? Can we create a way to securely identify the origin of a call that can be used to combat robocalling, phishing and telephony denial-of-service (TDOS) attacks? That is the challenge to be undertaken by the "Secure Telephone Identity Revisited (STIR)" group meeting tomorrow morning, July 30, 2013, at 9:00 am in Berlin, Germany, as part of the 87th meeting of the Internet Engineering Task Force (IETF).

INET DC, Weds, July 24: Surveillance, Cybersecurity and the Internet’s Future (Livestream available)

Jul 23, 2013

Are you concerned about the recent reports about government surveillance programs? Are you concerned about security and privacy online? If so, you may want to attend (in person or remotely) the INET Washington DC event happening on Wednesday, July 24, from 2:00 - 6:00 pm US Eastern time at George Washington University. Sponsored by the Internet Society and GWU's Cyber Security Policy and Research Institute, the event is free and open to the public and will also be streamed live on the Internet for those who cannot attend in person.

Industry Updates

New RomCom Variant Spotted: A Comparative and Expansion Analysis of IoCs

Global Domain Activity Trends Seen in Q3 2024

A DNS Investigation into Mamba, the Latest AitM Phishing Player

A DNS Investigation of the 32 Doppelganger Websites Seized by the U.S. Government

Investigating the Proliferation of Deepfake Scams

Examining the DNS Underbelly of the Voldemort Campaign

2024 Domain Intelligence Study of 6 APT Groups Notorious for Targeting Europe

Stripping Down the BlackSuit Ransomware Network Aided by DNS Data

A DNS Deep Dive into the NetSupport RAT Campaign

Tracking the DNS Footprint of the Polyfill Supply Chain Attackers

Study by WhoisXML API Explores IDNs, Native-Language Characters, and Homograph Attacks

The Extended Reach of the Extension Trojan Campaign in the DNS

Inspecting Konfety’s Evil Twin Apps through the DNS Lens

Hunting for U.S. Presidential Election-Related Domain Threats in the DNS

A Closer Look at the Meduza Stealer through a DNS Deep Dive

View More