Threat Intelligence

 Sponsored
by

Noteworthy

Reverse WHOIS: A Powerful Process in Cybersecurity

WhoisXML API
A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider Jun 14, 2019 |   Read More |   14,746

WHOIS History API: Powering Domain Investigations

WhoisXML API
A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider May 22, 2019 |   Read More |   13,447

Domain Research and Monitoring: Keeping an Eye on the Web for You

WhoisXML API
A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider May 24, 2019 |   Read More |   14,095

Threat Intelligence / Featured Blogs

Pentagon Reveals Largest Ever Loss of Defense Data in Cyberattack

Jul 15, 2011

The Associated Press published an article today that the Pentagon revealed that earlier this year, they suffered one of its largest ever loss of sensitive data to a foreign government by a cyberattack. ... It's hard to say what's right and what's wrong. On the one hand, the Secretary of Defense says that the cyberwar is very real. On the other hand, the cyberczar Howard Schmidt said that there is no cyberwar and instead government needs to focus its efforts to fight online crime and espionage...

Why Private Support of Cyber Security Initiatives May Not Work

Jul 08, 2011

A fledgling international cyber security alliance is continuing to gather backing from private business, according to a recent article published on ComputerWeekly.com. The International Cyber Security Protection Alliance (ICSPA) aims to support law enforcement agencies in countries that lack the resources to fight cybercrime. Commercial security organizations such as McAfee and Trend Micro are supporting the alliance.

Independence and Security Online Have Not Yet Been Won

Jul 04, 2011

As we, here in the United States celebrate our independence this Fourth of July, we are reminded that the liberties and freedoms that come with that independence have yet to be won online. As citizens of this country we are blessed with safety and security from threats both foreign and domestic, but those guarantees have not yet extended to our citizenship in the global Internet community. This is true not just for American citizens, but for all Internet users throughout the world.

New gTLDs: Floodgates for Spammers?

Jun 24, 2011

Ever since I heard of the new generic Top-Level Domains (gTLDs), I wondered whether they would be prone to abuse. For example, Microsoft might want to register www.microsoft.microsoft, or Sony might want to register www.sony. But isn't this opening up the floodgates for spammers to register their own domains and squat on them? Why couldn't a spammer register www.cit.ibank? They could then send phishing messages and fool people into clicking very legitimate looking domains. But I don't think this will be a problem.

Aged Security Flaw Renews Open/Closed-Source Debate

Jun 22, 2011

The recent announcement of a 13-year old security flaw found in an Open Source security library has renewed the debate between open source and closed source software. The library, crypt_blowfish, allows for fast two-way password encryption. The flaw introduces the potential for passwords to be easily compromised and affects PHP and a number of Linux distributions that include the crypt_blowfish library.

Searching Under Lampposts with DKIM

Jun 21, 2011

Email is a complex service and email abuse adds confusing deceptions. Worse, like postal mail and even telephone service, Internet mail is inherently open, flexible and even anonymous, making things much easier for abusers. Bad actors hide their true identity and their true purpose. Most other communication tools for users also are also quite open, and problems with email are being replicated elsewhere, such as instant messaging and social media.

Patient Care Suffers When Data Security is a Budgetary Concern

Jun 14, 2011

According to a recent Homeland Security News Wire article, nearly 8 million patient medical records were compromised over the course of the previous two years due to data security breaches. As more hospitals and patient care providers move to store patient data electronically -- primarily as a cost savings effort -- the risk and exposure of our private medical information increases while our individual control over this information diminishes.

Response Policy Zones (RPZs): Use as a Blocklisting Process

Jun 13, 2011

Gradually it seems the word is spreading about a new blocking methodology to interrupt the ability of end users to click and visit phishing sites - thereby having their personal information/credentials at risk. This is the DNS Response Policy Zones. DNS RPZs allows companies that run recursive resolvers to create a zone that will not resolve specific domains.

8 Security Considerations for IPv6 Deployment

Jun 09, 2011

Feb. 3, 2011, came and went without much fanfare, but it was a milestone for Internet stakeholders, whether they knew it or not. On that Thursday, the last available IPv4 addresses were allocated by the Internet Assigned Numbers Authority (IANA). Though some Regional Internet Registries (RIRs) have a reasonable inventory of IP addresses that could last another year or two, the days of "new" IPv4 address allocations are largely over.

Using Domain Filtering To Effect IP Address Filtering

Jun 09, 2011

In Taking Back The DNS I described new technology in ISC BIND as of Version 9.8.0 that allows a recursive server operator to import DNS filtering rules in what ISC hopes will become the standard interchange format for DNS policy information. Later I had to decry the possible use of this technology for mandated content blocking such as might soon be the law of the land in my country. I'm a guest at MAAWG this week in San Francisco and one of the most useful hallway discussions I've been in so far was about the Spamhaus DROP list.

Industry Updates

New RomCom Variant Spotted: A Comparative and Expansion Analysis of IoCs

Global Domain Activity Trends Seen in Q3 2024

A DNS Investigation into Mamba, the Latest AitM Phishing Player

A DNS Investigation of the 32 Doppelganger Websites Seized by the U.S. Government

Investigating the Proliferation of Deepfake Scams

Examining the DNS Underbelly of the Voldemort Campaign

2024 Domain Intelligence Study of 6 APT Groups Notorious for Targeting Europe

Stripping Down the BlackSuit Ransomware Network Aided by DNS Data

A DNS Deep Dive into the NetSupport RAT Campaign

Tracking the DNS Footprint of the Polyfill Supply Chain Attackers

Study by WhoisXML API Explores IDNs, Native-Language Characters, and Homograph Attacks

The Extended Reach of the Extension Trojan Campaign in the DNS

Inspecting Konfety’s Evil Twin Apps through the DNS Lens

Hunting for U.S. Presidential Election-Related Domain Threats in the DNS

A Closer Look at the Meduza Stealer through a DNS Deep Dive

View More