Cyberattack

Cyberattack / Most Viewed

US-CERT Says They Are Aware of DNS Exploit Code, Emphasizes Urgent Patching

The United States Computer Emergency Readiness Team (US-CERT) has acknowledged that they are aware of the publicly available exploit code for a cache poisoning vulnerability in common DNS implementations. US-CERT is re-emphasizing the urgency of patching vulnerable DNS systems. more»

DDoS Mitigation: A Blend of Art and Science

As DDoS attacks become larger, more frequent and complex, being able to stop them is a must. While doing this is part science, a matter of deploying technology, there is also an art to repelling sophisticated attacks. Arbor Networks, Citrix and others make great gear, but there's no magic box that will solve all your problems for you. Human expertise will always be a crucial ingredient. more»

Report to US Congress: China "Hijacked" 15% of Global Internet Traffic for 18 Minutes

Heidi Blake reporting in the Telegraph: "China 'hijacked' 15 per cent of the world's internet traffic for 18 minutes earlier this year, including highly sensitive email exchanges between senior US government and military figures, a report to the US Congress said. The incident has raised fears that China may have harvested highly-sensitive information from re-routed emails." more»

Google Blames DNS for Website Defacements in Uganda, Morocco and Kenya This Week

Domain Name System (DNS) insecurity caused the defacing of Google Web sites in Uganda and Morocco, according to a Google spokesperson. Earlier this week, both Google Uganda and Google Morocco were redirecting traffic to different sites... more»

Obama to Introduce Cybersecurity Proposal

Declan McCullagh reports in CNet News: "The White House today sent Congress a proposed cybersecurity law designed to force companies to do more to fend off cyberattacks, a threat that has been reinforced by recent reports about vulnerabilities in systems used in power and water utilities. This proposal seems designed to prod the legislative branch to enact some variety of cybersecurity legislation..." more»

The Economics of Magic

Arthur C. Clarke said any sufficiently advanced technology is indistinguishable from magic. Milton Friedman said there's no such thing as a free lunch. The validity of the former statement does not invalidate the later. From this we can see that even magic has a price. Hence, its application is subject to cost-benefit analysis. There are many developing technologies that may eventually qualify as magic. more»

14 ISPs in Netherlands Serving 98% of Consumers Form Anti-Botnet Treaty

Last month 14 ISPs in Netherlands serving 98 percent of the consumer market initiated a joint effort to fight against malware-infected computers and botnets. The effort includes: Exchange of information within the coalition; Quarantine of infected computers; and notification of end-users by their ISP. Gadi Evron over at Dark Reading reports: "In recent years, bot-infected computers have been a growing problem for end-user ISPs as more and more resources are being wasted, and not paid for. And the growing global threat of DDoS attacks and other security concerns have shown ISPs that in order to get help in case of DDoS attack, they need to be a more friendly and reputable service themselves." more»

US, India Sign Cybersecurity Agreement

The United States and India signed a Memorandum of Understanding (MOU) today to promote closer cooperation and the timely exchange of information between the organizations of their respective governments responsible for cybersecurity, according to U.S. Department of Homeland Security. "The MOU was signed in New Delhi by Jane Holl Lute, Deputy Secretary for the U.S. Department of Homeland Security (DHS) and R. Chandrashekhar, Secretary, India Department of Information Technology." more»

Can Big Companies Stop Being Hacked?

The recent huge security breach at Sony caps a bad year for big companies, with breaches at Target, Apple, Home Depot, P.F.Changs, Neiman Marcus, and no doubt other companies who haven't admitted it yet. Is this the new normal? Is there any hope for our private data? I'm not sure, but here are three observations... This week Brian Krebs reported on several thousand Hypercom credit card terminals that all stopped working last Sunday. Had they all been hacked? more»

Former DHS Chief Teaming Up With Insurance Giant Lloyd's of London to Sell Cyber Insurance

Cyberattacks like the ones that hit JPMorgan Chase, Home Depot and Target only seem to be getting worse, and former Homeland Security Secretary Tom Ridge has one way for companies to protect themselves. more»

Multi-Layer Security Architecture - Importance of DNS Firewalls

In today's world with botnets, viruses and other nefarious applications that use DNS to further their harmful activities, outbound DNS security has been largely overlooked. As a part of multi-layer security architecture, a DNS Firewall should not be ignored. After serving as a consultant for multiple organizations, I have encountered many companies that allow all internal devices to send outbound DNS queries to external DNS servers - a practice that can lead to myriad problems. more»

Hosters: Is Your Platform Being Used to Launch DDoS Attacks?

As anyone who's been in the DDoS attack trenches knows, large multi-gigabit attacks have become more prevalent over the last few years. For many organizations, it's become economically unfeasible to provision enough bandwidth to combat this threat. How are attackers themselves sourcing so much bandwidth? more»

ICANN Website Breached, Passwords Obtained by an Unauthorized Person

Usernames/email addresses and encrypted passwords for profile accounts created on the ICANN.org public website have been obtained by an unauthorized person, the Internet Corporation for Assigned Names and Numbers announced Wednesday night. more»

Password Leaks

The technical press is full of reports about the leak of a hashed password file from LinkedIn. Worse yet, we hear, the hashes weren't salted. The situation is probably both better and worse than it would appear; in any event, it's more complicated. more»

White House Announces Agenda for Game-Changing Cybersecurity R&D

The United States White House Office of Science and Technology Policy (OSTP) has released a new report titled, Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program, specifying an agenda for "game-changing" cybersecurity R&D according to an official announcement today. The report is described as "a roadmap to ensuring long-term reliability and trustworthiness of the digital communications network that is increasingly at the heart of American economic growth and global competitiveness." more»

Industry Updates