Threat Intelligence |
Sponsored by |
|
The cybersecurity reports, which represent only a slice of all cyber attacks on the Fed, were obtained by Reuters through a Freedom of Information Act request. more
Data solutions provider Return Path has released a new report highlighting 20 visionary ideas for brands to "futureproof" their email program. Among various insights, the report warns brands that adoption of IPv6 will result in rising dependency on domain-based reputation. more
One of the most interesting and important changes to the internet's domain name system (DNS) has been the introduction of the DNS Security Extensions (DNSSEC). These protocol extensions are designed to provide origin authentication for DNS data. In other words, when DNS data is digitally signed using DNSSEC, authenticity can be validated and any modifications detected. more
The latest discovery came while researchers at a security firm found a young Russian hacker bragging in an online forum that he had collected and was ready to give away a far larger number of stolen credentials that ended up totalling 1.17 billion records, Reuters reports. more
Cybercriminals are continuing to exploit human nature and relying on familiar attack patterns such as phishing, and increase their reliance on ransomware, where data is encrypted and a ransom is demanded, according to Verizon 2016 Data Breach Investigations Report released today. more
The 24th DNS-OARC meeting was held last week in Buenos Aires -- a two-day DNS workshop with amazingly good, consistent content. The programme committee are to be congratulated on maintaining a high quality of presentations. Here are my picks of the workshop. They fall into three groups, covering themes I found interesting... These presentations related to the ongoing problem of DNS as a source of reflection attacks, or a victim of attempted DDoS... more
This week, the RightsCon Silicon Valley 2016 conference is taking place in San Francisco. Since the use of encryption in general and the Apple/FBI case in particular are likely to be debated, I want to share a perspective on system security. My phone as a system The Apple/FBI case resolves around a phone. Think of your own phone now. When I look at my own phone I have rather sensitive information on it. more
As you probably know, the FBI has gotten into Syed Farook's iPhone. Many people have asked the obvious questions: how did the FBI do it, will they tell Apple, did they find anything useful, etc.? I think there are deeper questions that really get to the full import of the break. How expensive is the attack? Security - and by extension, insecurity - are not absolutes. Rather, they're only meaningful concepts if they include some notion of the cost of an attack. more
How do we make DNSSEC even more secure through the use of elliptic curve cryptography? What are the advantages of algorithms based on elliptic curves? And what steps need to happen to make this a reality? What challenges lie in the way? Over the past few months we've been discussing these questions within the community of people implementing DNSSEC, with an aim of increasing both the security and performance of DNSSEC. more
The apparent cyber heist of of $81 million from the Bangladesh central bank's U.S. account may cause some people to question the security of online banking. While the online theft prompted SWIFT - a cooperative owned by 3,000 financial institutions around the world -- to make sure banks are following recommended security practices, the incident also could have ramifications for banking customers worldwide. more
Google launched today a new effort to track the progress of encryption efforts - both at Google and on other popular websites. Google hopes the project will hold the company and others accountable to encrypt so as to enhance web safety and security. more
Bangladesh's central bank governor has resigned today amidst theft of $81 million from the bank's U.S. account, as details emerged in the Philippines that $30 million of the money was delivered in cash to a casino junket operator in Manila. more
The other day, I planned to take my 15-year-old son to the movie theatre to see "Hateful Eight" in 70mm film format. The theatre would not allow him in. Under article 240a of the Dutch penal code, it is a felony to show a movie to a minor when that movie is rated 16 or above. Even though I think I am responsible for what my son gets to see, I understand that the rating agency put a 16-year stamp on this politically-incorrect-gun-slinging-gore-and-curse-intense-comedy feature. more
Earlier this week, I came across a working paper from Professor Peter Swire - a highly respected attorney, professor, and policy expert. Swire's paper, entitled "Online Privacy and ISPs", argues that ISPs have limited capability to monitor users' online activity. The paper argues that ISPs have limited visibility into users' online activity for three reasons: (1) users are increasingly using many devices and connections, so any single ISP is the conduit of only a fraction of a typical user's activity; (2) end-to-end encryption is becoming more pervasive, which limits ISPs' ability to glean information about user activity; and (3) users are increasingly shifting to VPNs to send traffic. more
During Q4, repeat DDoS attacks were the norm, with an average of 24 attacks per targeted customer in Q4, reports Akamai in its newly released Q4 2015 State of the Internet - Security Report. more
A World-Renowned Source for Internet Developments. Serving Since 2002.
