Cyberattack

Blogs

A Cynic's View of 2015 Security Predictions - Part 2

Every year those in the security industry are bombarded with various cyber security predictions. There's the good, the bad and the ugly. Some predictions are fairly ground breaking, while others are just recycled from previous years -- that's allowed of course if the threats still stand. In part one of my predictions I looked at the malware threats, so let's take a look at big data and the cloud for part two. more»

A Cynic's View of 2015 Security Predictions - Part 1

Cyber security was a hot topic in 2014. It seemed not a week went by without details of a high profile data breach hitting the headlines. To recap, the Sony breach was one of the most notable, as was the Home Depot hack, while details of widespread security vulnerabilities such as Heartbleed, Shellshock and Poodle were also revealed. But what will 2015 bring? Will it be more of the same, or have cyber criminals got some new tricks up their sleeves? more»

A Cancerous Computer Fraud and Misuse Act

As I read through multiple postings covering the proposed Computer Fraud and Misuse Act, such as the ever-insightful writing of Rob Graham in his Obama's War on Hackers or the EFF's analysis, and the deluge of Facebook discussion threads where dozens of my security-minded friends shriek at the damage passing such an act would bring to our industry, I can't but help myself think that surely it's an early April Fools joke. more»

Software Insecurity: The Problem with the White House Cybersecurity Proposals

The White House has announced a new proposal to fix cybersecurity. Unfortunately, the positive effects will be minor at best; the real issue is not addressed. This is a serious missed opportunity by the Obama adminstration; it will expend a lot of political capital, to no real effect... The proposals focus on two things: improvements to the Computer Fraud and Abuse Act and provisions intended to encourage information sharing. At most, these will help at the margins; they'll do little to fix the underlying problems. more»

Mega Hacks and the Employees That Lost

When a business gets hacked and its corporate information is dumped on the Internet for all and sundry to see (albeit illegally), the effects of that breach are obviously devastating for all concerned. In many ways it's like the day after a fierce storm has driven a super-cargo container ship aground and beachcombers from far and wide have descended upon the ruptured carcass of metal to cart away anything they think has value or can be sold by the side of road. more»

CircleID's Top 10 Posts of 2014

Here we are with CircleID's annual roundup of top ten most popular posts featured during 2014 (based on overall readership). Congratulations to all the participants whose posts reached top readership and best wishes for 2015. more»

Spamhaus Tells Us That Botnets Are Getting Worse

The Spamhaus Project just published a long article about the botnets they've been watching during 2014. As this chart shows, we're not making any progress. They also note that the goals of botnets have changed. While in the past they were mostly used to send spam, now they're stealing banking and financial information, engaging in click fraud, and used for DDoS and other malicious mischief. more»

We Are All Sony

"Nobody knows anything," screenwriter William Goldman (think "Butch Cassidy and the Sundance Kid" and "The Princess Bride") said famously of Hollywood. The same may be said of enterprise security. Word now comes that the Sony hack for which the FBI has fingered North Korea may, in fact, be the work of some laid-off and disgruntled Sony staff. But that's not clear, either. more»

Did the DPRK Hack Sony?

My Twitter feed has exploded with lots of theorizing about whether or not North Korea really hacked Sony. Most commentators are saying "no", pointing to the rather flimsy public evidence. They may be right -- but they may not be. Worse yet, we may never know the truth. One thing is quite certain, though: the "leaks" to the press about the NSA having concluded it was North Korea were not unauthorized leaks; rather, they were an official statement released without a name attached. more»

Can Big Companies Stop Being Hacked?

The recent huge security breach at Sony caps a bad year for big companies, with breaches at Target, Apple, Home Depot, P.F.Changs, Neiman Marcus, and no doubt other companies who haven't admitted it yet. Is this the new normal? Is there any hope for our private data? I'm not sure, but here are three observations... This week Brian Krebs reported on several thousand Hypercom credit card terminals that all stopped working last Sunday. Had they all been hacked? more»

One Year Later: Lessons Learned from the Target Breach

As the autumn leaves fall from naked trees to be trampled or encased in the winter snow, it reminds us of another year quickly gone by. Yet, for organisations that were breached and publicly scrutinised for their security lapses, it's been a long and arduous year. It was about this time last year that the news broke of Target's mega breach. Every news outlet was following the story and drip feeding readers with details, speculation and "expert opinion" on what happened, why it happened and who did it. more»

Why OIRA Needs to Coordinate Federal Cyber Security Regulation

Two quick facts about American industry's resilience against cyber-attack, (1) our critical infrastructure is inadequately protected and (2) federal regulation will be required to fix the problem, reliance on market forces alone will not be sufficient irrespective of whether or not Sony Pictures survives. Although regulation is needed, it needs to be coordinated and, above all, cost-effective. Which agency is charge of regulating cybersecurity? Right now, it's a free for all with agencies staking out turf and claims of authority. more»

Which Domains Stand the Strongest Against Phishing Attacks?

The latest Anti-Phishing Working Group (APWG) Global Phishing Survey, which analyzed over 100,000 phishing attacks in the first half of 2014, examines the progress that top level domains (TLDs) are making in responding to phishing attacks that use their TLDs. The report finds the .INFO domain has the lowest average phishing uptimes as compared to other TLDs, such as .COM and .NET. more»

Nameserver Operators Need the Ability to "Disavow" Domains

Yesterday's DDoS attack against DNSimple brought to light a longstanding need for DNS nameserver operators to have an ability to unilaterally repudiate domains from their nameservers. The domains under attack started off on DNSMadeEasy, migrated off to DNSimple and took up residence there for about 12 hours, causing a lot of grief to DNSimple and their downstream customers. more»

If It Doesn't Exist, It Can't Be Abused

A number of outlets have reported that the U.S. Post Service was hacked, apparently by the Chinese government. The big question, of course, is why. It probably isn't for ordinary criminal reasons: The intrusion was carried out by "a sophisticated actor that appears not to be interested in identity theft or credit card fraud," USPS spokesman David Partenheimer said. ... But no customer credit card information from post offices or online purchases at usps.com was breached, they said. more»

News Briefs

UK Power Grid Under Minute-by-Minute Cyberattack

South Korea Receives Nuclear Plan Cyberattack Threats, Takes Emergency Measures

ICANN Targeted in Spear Phishing Attack

DNS Based DDoS Attacks Using White House Press Releases

Former DHS Chief Teaming Up With Insurance Giant Lloyd's of London to Sell Cyber Insurance

TCP Stealth Aims to Keep Servers Safe from Mass Port-Scanning Tools

DDoS Attacks Shutdown Several World Cup Websites

Popular RSS Reader Feedly Suffers Back to Back DDoS Attacks, Held for Ransom

Paul Vixie on How the Openness of the Internet Is Poisoning Us

European Standardization Organizations Discuss Role of Standards for EU Cybersecurity Strategy

Widespread Compromised Routers Discovered With Altered DNS Configurations

Significant Uptick Reported in Targeted Internet Traffic Misdirection

Israeli Tunnel Hit by Cyberattack Causing Massive Congestion

US Government Releases Cybersecurity Framework Proposal

Google Launches 'Project Shield': Anti-DDoS Service to Protect Free Expression Online

DDoS Awareness Day - Oct 23, Register Today for Live Virtual Event

UK Teams Up With Defence and Telecom Companies to Counter Cyber Attacks

Arrest Made in Connection to Spamhaus DDoS Case

China and the United States Agree on Forming Joint Cybersecurity Working Group

U.S. CERT Issues Alert on DNS Amplification Attacks

Most Viewed

Most Commented

Industry Updates

Participants – Random Selection