Threat Intelligence |
Sponsored by |
|
While the March report from ICANN's Domain Abuse Activity Reporting system show a general reduction in second-level gTLD domain names identified as being used in phishing, malware distribution, and botnet command and control, it has been widely reported that criminals are taking advantage of the global COVID-19 pandemic by launching malicious online campaigns. There have also been numerous reports of spikes in the use of COVID-19-related domain names for DNS Abuse. more
Michela Menting, Research Director at ABI Research sharing a cybersecurity perspective amidst Brexit aftermath: "It is likely that the UK will continue in a similar direction as the rest of the EU with regards to cybersecurity and cybercrime. However, there may be a dampening impact on the country with regards to the skills pool." more
The United States and India signed a Memorandum of Understanding (MOU) today to promote closer cooperation and the timely exchange of information between the organizations of their respective governments responsible for cybersecurity, according to U.S. Department of Homeland Security. "The MOU was signed in New Delhi by Jane Holl Lute, Deputy Secretary for the U.S. Department of Homeland Security (DHS) and R. Chandrashekhar, Secretary, India Department of Information Technology." more
During a conference, "Internet of Things," in France, the U.S. Department of Commerce made the announcement that it will hold a public consultation on the different proposals to cryptographically sign the DNS root zone file, and determine who will hold the root zone trust anchor for global DNSSEC implementation, says Milton Mueller on the Internet Governance Forum blog. The blog, titled "Commerce Department asks the world to comment on its plans to retain control of the root," continues... more
An Internet Bill of Rights may or may not be a good idea. The point here is that, besides highly commendable topics such as net neutrality and privacy, some of them seem to mandate cybersecurity. Approved in Brazil last May, the Marco Civil includes the principle of preservation of stability, security and functionality of the network, via technical measures consistent with international standards. more
Straightforward out-of-court domain name proceeding can provide efficient relief against fraudulent websites and email. Google has seen a steep rise amid the Coronavirus pandemic in new websites set up to engage in phishing (i.e. fraudulent attempts to obtain sensitive information such as usernames, passwords and financial details). Companies in all industries - not just the financial sector - are at risk from this nefarious practice. But one relatively simple out-of-court proceeding may provide relief. more
Think your organization is exempt from in-house network abuse? Think again. A CFCA Global Fraud Survey of communication service providers found that dealer fraud was one of the top five methods of fraud, costing $US 3.35 billion annually. In this scenario, customer service representatives (CSRs) or administrators with access to account information may upgrade friends or family to a premium service package or even provide free access to services. more
The 24th DNS-OARC meeting was held last week in Buenos Aires -- a two-day DNS workshop with amazingly good, consistent content. The programme committee are to be congratulated on maintaining a high quality of presentations. Here are my picks of the workshop. They fall into three groups, covering themes I found interesting... These presentations related to the ongoing problem of DNS as a source of reflection attacks, or a victim of attempted DDoS... more
In a post on a developers’ forum, software engineer on the Google Chrome team Ryan Sleevi has announced Google’s plan to start gradually distrust all existing Symantec-issued certificates. more
The Australian Bureau of Statistics reports deliberate and "malicious" attacks from offshore, designed to sabotage nation's first online 2016 Census. more
Despite headlines now at least a couple of years old, the InfoSec world is still (largely) playing lip-service to the lack of security talent and the growing skills gap. The community is apt to quote and brandish the dire figures, but unless you're actually a hiring manager striving to fill low to mid-level security positions, you're not feeling the pain -- in fact, there's a high probability many see problem as a net positive in terms of their own employment potential and compensation. more
Security expert and malware analyst, Lenny Zeltser has examined a creative malware distribution method in the real world where fliers placed on windshield of cars scare drivers into visiting a malicious website. Zeltser writes: "Several days ago, yellow fliers were placed on the cards in Grand Forks, ND. They stated: 'PARKING VIOLATION This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to website-redacted' ... If you went to the website, you'd see several photos of cars on parking lots in that specific town..." more
With the COVID-19 health crisis evolving so quickly, it's hard to predict the extent of the long-term impact on business and the economy. While every business sector is facing different considerations, it's safe to say all are handling challenges from supply chain interruptions, rapid shifts to remote work, and massive changes in consumer spending and communication habits. more
Russian government hackers are reported to be behind latest cyber-intrusions into the business systems of U.S. nuclear power and other energy companies with efforts to assess networks. more
Sophie Curtis of eWeek reports: "Researchers have discovered a hole in the secure sockets layer (SSL) protocol, enabling man-in-the-middle attackers to hack into secure applications despite traffic encryption. According to security researcher Chris Paget, hackers can exploit this flaw by breaking into shared hosting environments, mail servers and databases, and inserting text into encrypted traffic as it passes between two end users. This could lead to fragmentation of SSL transactions, giving hackers the opportunity to inject false commands such as password resets into communications which are otherwise encrypted." more
A World-Renowned Source for Internet Developments. Serving Since 2002.
