Cybercrime |
Sponsored by |
|
The risks of fraud and disinformation in the U.S. election process have been hiding in plain sight. CSC's new research finds that a large majority of web domains closely linked to the campaign websites for Joe Biden and Donald Trump lack basic domain security protocols and are prone to domain spoofing tactics. This makes them a potential target for hackers looking to spread disinformation ahead of the election, and criminals who want to take advantage of voter intentions... more
How much phishing is there? Where is it occurring, and why? How can it be reduced? I and my colleagues at Interisle Consulting have just published a new study called Phishing Landscape 2020, designed to answer those questions. We assembled a deep set of data from four different, respected threat intelligence providers and enriched it with additional DNS data and investigation. The result is a look at phishing attacks that occurred in May through July 2020. more
In the coming days, the Internet Governance Forum Dynamic Coalition on Internet Standards, Security and Safety will be announced on the IGF website. The following is an invitation to participate, share ideas and best practices, the willingness to take on a new approach towards mass deployment of internet standards and ICT best practices. Feel free to reach out to us and start working towards a kick-off meeting at the global, virtual Internet Governance Forum in November. more
Either because of laxness on the part domain name holders or cunning on the part of thieves, registrars have been duped into transferring domain names to fraudsters' accounts. I discussed the matter last year in Recovering Domain Names Lost to Fraudulent Transfer. These cases are mostly filed in the Eastern District of Virginia, Alexandria Division, for the good reason that the registry for dot com is located in that jurisdiction and they are mostly recovered. more
Has your organization recently received an email claiming to be from NABP's Internet Drug Outlet Identification Program (IDOI)? If so, it is possible that someone is trying to trick you. The NABP IDOI team's email account has recently been illegally "spoofed" by unaffiliated persons or organizations. Email spoofing involves the forgery of an email header so that the email appears to have originated from someone other than the actual source. more
We're in an interregnum where society has paused, and there's no telling how things may turn. In such times of crisis, we are the explorer; exploring the uncharted waters of change, where dangers and opportunities lie. How the pandemic caused this greater societal change may not be something that an individual can alter, we may, however, take the helm and navigate. more
ICANN's founding promise and mandate are optimistic -- ensure a stable and secure internet that benefits the internet community as a whole. Recent months, however, have highlighted the uncomfortable truth that ICANN's and the industry's approach to DNS abuse is actually moving backward, ignoring growing problems, abdicating on important policy issues, and making excuses for not acting. Further, the impending failure of ICANN's new WHOIS policy to address cybersecurity concerns will add fuel to the fire, resulting in accelerating DNS abuse that harms internet users across the globe. more
If you read this blog, you've probably heard by now about the massive Twitter hack. Briefly, many high-profile accounts were taken over and used to tweet scam requests to send Bitcoins to a particular wallet, with the promise of double your money back. Because some of the parties hit are sophisticated and security-aware, it seems unlikely that the attack was a straightforward one directly on these accounts. more
The outbreak of COVID-19 has caused worldwide disruption -- for whole nations and their economies. Unfortunately, there will be some side effects for businesses. A number of brands will disappear from the streets and shelves, as businesses that fail to weather the storm will have to fold. Companies that do survive will likely focus more on their core markets, pulling brands out of higher risk, less profitable markets... more
At the 44th Session of the Human Rights Council, we heard how 1 billion children in 2019 who were subjected to various forms of violence and the need for more action to protect children according to the Special Rapporteur. The United Nations Committee on the Rights of the Child released Guidelines on the implementation of the international treaty that bans child pornography, proposing to expand its interpretation to include bans on drawings and stories that sexually depict minors. more
The Internet is a catalyst for what has revolutionised and transformed human societies in giving extraordinary access to information that has catapulted development and economic growth. It also comes with threats of exploitation by those who wish to do harm. In Part 1 of these series, we looked at how Twitter banned Graham Linehan for his tweet where we saw that to an extent, it was justifiable under Californian law but that a Judge in the Fiji courts would disagree with. more
Trending news and global events impact domain registration behaviors. We observed a slew of coronavirus-themed domain name registrations, for example, as early as January. George Floyd's death, which sparked several Black Lives Matter movements, is no different. Three days after George Floyd died, our data feed started detecting George Floyd-themed domain names... We retrieved all domain names that contain the strings "eorge," and "lackliv" from 28 May to 7 June and found 402. more
Surveillance capitalism monetizes private data that it collects without consent of the individuals concerned, data to analyze and sell to advertisers and opinion-makers. There was always an intricate relationship between governments and surveillance capitalists. Governments have the duty to protect their citizens from the excesses of surveillance capitalism. On the other hand, governments use that data, and surveillance capitalism's services and techniques. more
Like measuring COVID's impact, so too measuring the impact of COVID-related abuse on the Internet is difficult, there are those that would foolishly dismiss the danger entirely, others over-state the problem, perhaps to prompt sales of tools and services. The amount and type of abuse varies from network to network, and to declare everything is fine based on one world-view you believe to be ubiquitous, or that the sky is falling based upon another, extrapolated to 'everybody else' is simply poor analysis. more
Just as we started the new year, the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency's (CISA) issued an alert. On January 6, 2020 , they warned of domain name system (DNS) hijacking and other cyber threats that may be used by nation-state threat actors to disrupt business activity and take control of vital internet assets. A familiar refrain heard in 2019 now repeating in 2020. more
Google Reports 18 Million Daily COVID-19 Related Malware, Phishing Emails Per Day
Cyber Risk Now on Top of Corporate Risk Agendas, Cyber Insurance Expanding
Close to 200K Phishing Domains Discovered in a 5-Month Span, 66% Targetted Consumers, Akamai Reports
A Seattle Woman Charged With Capital One Data Theft Affecting 106 Million People
A 60% Rise Reported on Malware Designed to Harvest Consumers' Digital Data, aka Password Stealers
Florida Cities Are Paying Hundreds of Thousands of Dollars in Ransom to Get Their Data BackOrganizations that don't have a dedicated pool of cybersecurity experts often hire managed security service providers (MSSPs) to help them ward off attempts and attacks. Yet in today's ever-dangerous cyber threat landscape, even the best service providers may fall for cybercriminals' traps. more
The threat landscape is ever-changing. As time goes by, threat campaigns use new and more sophisticated technologies than seen before. Still, some reuse tried-and-tested methods while adding a few other functionalities, as in the case of FTCODE ransomware operators. more
For 16 months, PayMyTab, a third-party payment provider, leaked the private data of customers who dined in a U.S. restaurant when it failed to follow a simple yet essential security protocol. more
John Paul Revesz (also known as "Armada"), the Canadian behind the Orcus RAT (a software that been used in various malware attacks), has been charged under Section 342.1 of the Criminal Code on November 8. The specific section is for the unauthorized use of a computer, and at its core, this is what Revesz's Orcus software does. more
What was supposed to be an exciting week after the launch of Disney+, a subscription-based video-on-demand (VOD) streaming service of Walt Disney Company, turned into a nightmare for thousands of users. more
Highly publicized ransomware attacks are never short of golden nuggets of wisdom for the cybersecurity industry. They first teach us that attackers control the rules of the game once infiltration is complete. Second, large enterprises that use cloud-based technologies to store sensitive financial information continue to be at risk. more
NordVPN admitted last month that its data center located in Finland was hacked on March 5, 2018. While the virtual private network (VPN) service provider claimed it learned of the incident as early as April 13, 2019, it only confirmed the compromise last month after reports that its expired Transport Layer Security (TLS) certificate and its private key were leaked. more
A World-Renowned Source for Internet Developments. Serving Since 2002.
| Service Partners: |
DNS Management by Constellix |
|
Managed Hosting by Hostway |
|
