Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
The United States Computer Emergency Readiness Team (US-CERT) has acknowledged that they are aware of the publicly available exploit code for a cache poisoning vulnerability in common DNS implementations. US-CERT is re-emphasizing the urgency of patching vulnerable DNS systems. more
WannaCry, or WannaCrypt, is one of the many names of the piece of ransomware that impacted the Internet last week, and will likely continue to make the rounds this week. There are a number of takeaways and lessons to learn from the far-reaching attack that we witnessed. Let me tie those to voluntary cooperation and collaboration which together represent the foundation for the Internet's development. more
A report from the U.K.'s National Cyber Security Centre blames hostile foreign states for the majority of the 1,167 attacks dealt with in the past two years. more
Most engineers focus on purely technical mechanisms for defending against various kinds of cyber attacks, including "the old magic bullet," the firewall. The game of cannons and walls is over, however, and the cannons have won; those who depend on walls are in for a shocking future. What is the proper response, then? What defenses are there The reality is that just like in physical warfare, the defenses will take some time to develop and articulate. more
Data breaches are the oil spills of the digital economy. Over 429 million people were affected by reported data breaches in 2015 -- and that number is certain to grow even higher in 2016. These large-scale data breaches along with uncertainties about the use of our data, cybercrime, surveillance and other online threats are eroding trust on the Internet. more
Number of malware threats that receive instructions from attackers through DNS is expected to increase, and most companies are not currently scanning for such activity on their networks, security experts said at the RSA Conference 2012 on Tuesday. While most malware-generated traffic passing through most channels used for communicating with botnets (such as TCP, IRC, HTTP or Twitter feeds and Facebook walls) can be detected and blocked, it's not the case for DNS (Domain Name System) and attackers are taking advantage of that, said Ed Skoudis, founder of Counter Hack Challenges and SANS fellow. more
During a presentation today at the eCrime Researchers Summit in Atlanta, Georgia, security researchers revealed that average lifetime of malicious websites are often longer than they should be due to lack of communication and cooperation between security vendors. According to results, website lifetimes are extended by about 5 days when "take-down" companies -- often hired by Banks -- are unaware of the site. "On other occasions, the company learns about the site some time after it is first detected by someone else; and this extends the lifetimes by an average of 2 days," says Richard Clayton. more
The long-waited cybersecurity executive order expected to launch sweeping reviews of the federal government's digital vulnerabilities, was signed today by President Trump. more
Worldwide enterprise security spending to total $96.3 billion in 2018, an increase of 8 percent from 2017, Gartner forecasts. more
New research from the Anti-Phishing Working Group (APWG) has found that up to 81% of domain names used for phishing are legitimate domains that have been hacked. More specifically, out of the 30,454 phishing domains under observation, only 5,591 domain names (18.5%) were registered by phishers according to APWG. The remaining small percentage of the domains used in phishing belonged to subdomain resellers such as ISPs and other web-based services. more
FBI today announced six Estonian nationals have been arrested and charged with running a sophisticated Internet fraud ring that infected millions of computers worldwide with a virus and enabled the thieves to manipulate the multi-billion-dollar Internet advertising industry. Users of infected machines were unaware that their computers had been compromised -- or that the malicious software rendered their machines vulnerable to a host of other viruses. more
As you probably know, the FBI has gotten into Syed Farook's iPhone. Many people have asked the obvious questions: how did the FBI do it, will they tell Apple, did they find anything useful, etc.? I think there are deeper questions that really get to the full import of the break. How expensive is the attack? Security - and by extension, insecurity - are not absolutes. Rather, they're only meaningful concepts if they include some notion of the cost of an attack. more
In a big open office 30 feet from me, a team of US Veterans speak intently on the phone to businesses large and small, issuing urgent warnings of specific cyber security threats. They call to get stubborn, confused people to take down hidden ransomware distribution sites. They call with bad news that a specific computer at the business has malware that steals login credentials. more
M3AAWG is a trade association that brings together ISPs, hosting providers, bulk mailers, and a lot of infrastructure vendors to discuss messaging abuse, malware, and mobile abuse. (Those comprise the M3.) One of the things they do is publish best practice documents for network and mail operators, including two recently published, one on Password Recommendations for Account Providers, and another on Password Managers Usage Recommendations. more
WikiLeaks shook the internet again on March 7, 2017, by posting several thousand documents containing information about the tools the CIA allegedly used to hack, among others, Android and iOS devices. These classified files were obtained from the CIA's Center for Cyber Intelligence, although they haven't yet been verified and a CIA official declined to comment on this incident. This isn't the first time that the U.S. government agencies were accused of crossing the line and undermining online security and civil liberties, as it's been only a year since the infamous FBI-Apple encryption dispute. It's like "1984" all over again. more
A World-Renowned Source for Internet Developments. Serving Since 2002.