Threat Intelligence |
Sponsored by |
|
A new report published by the insurance giant, AIG, claims phishing attacks via email, often targeted at senior executives, has overtaken ransomware. more
A new report on 5G and geopolitics by Oxford Information Labs details the complex landscape of 5G security. Importantly, it draws out how a variety of proven technical concerns around the quality of Huawei security practices and equipment are drowned out by the US' Twitter diplomacy. Critical international dialogue on genuine cybersecurity concerns relating to 5G and Huawei are being lost in the noise of the US-China trade war. more
As part of a larger effort to make the internet more private, the IETF defined two protocols to encrypt DNS queries between clients (stub resolvers) and resolvers: DNS over TLS in RFC 7858 (DoT) and DNS over HTTPS in RFC 8484 (DoH). As with all new internet protocols, DoT and DoH will continue to evolve as deployment experience is gained, and they're applied to more use cases. more
In the business world, there are two main paths a company can take with cybersecurity -- the reactive and the proactive approach. The problem with a purely reactive attitude is that it can easily put companies in constant firefighting mode. And for small companies with limited resources, this can turn out to be an increasingly uncomfortable place to be in.
With that in mind, experts today suggest proactive cybersecurity by monitoring suspicious activity and identifying risks before they turn into full-blown attacks. more
Does threat intelligence (TI) work? I looked into that question last year, exploring the reasons why it actually doesn't and what can be done to remediate the situation. Since then, more companies have incorporated TI into their security processes, and many are still not getting the benefits they expect. What's causing the dissatisfaction? Interestingly, pretty much the same aspects... more
DNSSEC is increasingly adopted by organizations to protect DNS data and prevent DNS attacks like DNS spoofing and DNS cache poisoning. At the same time, more DNS deployments are using proprietary DNS features like geo-routing or load balancing, which require special configuration to support using DNSSEC. When these requirements intersect with multiple DNS providers, the system breaks down. more
Routing security is vital to the future and stability of the Internet, but it's under constant threat. Mutually Agreed Norms for Routing Security (MANRS) is a global initiative, driven by the networking community and supported by the Internet Society, aiming to reduce the most common threats to the Internet's routing system through technical and collaborative action. more
A long time ago, I worked in a secure facility. I won't disclose the facility; I'm certain it no longer exists, and the people who designed the system I'm about to describe are probably long retired. Soon after being transferred into this organization, someone noted I needed to be trained on how to change the cipher door locks. We gathered up a ladder, placed the ladder just outside the door to the secure facility, popped open one of the tiles on the drop ceiling, and opened a small metal box with a standard, low-security key. more
With companies realizing the threat of hefty fines, lawsuits, and executive resignations that can follow security breaches, companies are scrambling to scoop up scarce security experts. more
Privacy problems are an area of wide concern for individual users of the Internet -- but what about network operators? Geoff Huston wrote an article earlier this year concerning privacy in DNS and the various attempts to make DNS private on the part of the IETF -- the result can be summarized with this long, but entertaining, quote. more
There has long been pressure from governments to provide back doors in encryption systems. Of course, if the endpoints are insecure it doesn't matter much if the transmission is encrypted; indeed, a few years ago, I and some colleagues even suggested lawful hacking as an alternative. Crucially, we said that this should be done by taking advantage of existing security holes rather than be creating new ones. more
Between December 2, 2018 and May 4, 2019, 197,524 phishing domains were discovered, 66% of which directly targeted consumers according to the latest State of the Internet report by Akamai. more
Major US bank Capital One Financial Corporation confirmed Monday evening that unauthorized access was made by an outside individual who obtained "certain types of personal information" on credit card products and Capital One credit card customers. more
A significant rise has been detected in the use of malware aimed at harvesting consumer data, known as password stealers. more
Equifax has announced a comprehensive resolution for its 2017 cybersecurity incident that includes a fund of up to $425 consumer fund. more
A World-Renowned Source for Internet Developments. Serving Since 2002.
