Cybercrime

Sponsored
by

Noteworthy

WHOIS History API: Powering Domain Investigations

Reverse WHOIS: A Powerful Process in Cybersecurity

Domain Research and Monitoring: Keeping an Eye on the Web for You

Cybercrime / Featured Blogs

Crypto Back Doors Are Still a Bad Idea

In the always interesting Lawfare blog, former FBI counsel Jim Baker in a piece called Rethinking Encryption reiterates his take on the encryption debates. There's a certain amount that makes me want to bang my head against the wall... But it's worth reading to remind us of what the other side is thinking, even with a lot of motivated reasoning that makes him conclude that Congress can pass some laws and the going dark problem will be solved. more

Cybercriminals Benefitting from Stalled Privacy/Proxy Policy

We've seen alarmingly BIG increases in multiple abusive behaviors – like phishing, hacking and malware – that often leverage the domain name system (DNS) and privacy/proxy services. Cybercriminals capitalize on gaps in DNS security measures, and ICANN is holding the door open for them by failing to implement their privacy/proxy policy. If you are ever targeted, you are not alone. more

Cybercriminals Weaponize Bulk-Registered Domain Names

Domain names that can be rapidly acquired, used in an attack, and abandoned before they can be traced are a critical resource for cybercriminals. Some attacks, including spam and ransomware campaigns and criminal infrastructure operation (e.g., "botnets"), benefit particularly from the ability to rapidly and cheaply acquire very large numbers of domain names – a tactic known as bulk registration. more

Encryption and Child Sexual Abuse Prevention

Just over one week ago, the New York Times published a major investigation into the intractable problem of illegal sexual images of minors being exchanged online. Despite flaws in the story and its companion pieces, the main take-away that Internet companies have failed to adequately address the problem has resonated widely. Prostasia Foundation too has been critical of some of the Internet platforms called out in the article. But at the same time, we need to be realistic about how much responsibility we can (or should) place on tech firms to solve this problem. more

IGF Best Practice Forums, an Opportunity to Bring Your Experience to the Policy Debate

In the run-up to the 14th Internet Governance Forum in Berlin, Germany, 25 to 29 November, different groups are discussing best practices pertaining to specific internet governance policy questions. These groups are open and thrive on your input and experiences. Their findings will be presented at the IGF and published shortly after. The IGF Best Practice Forums intend to inform internet governance policy debates by drawing on the immense and diverse range of experience and expertise... more

How Domain Data Helps Thwart BEC Fraud

It's true, domain data has many practical uses that individuals and organizations may or may not know about. But most would likely be interested in how it can help combat cyber threats, which have been identified as the greatest risks businesses will face this year. Dubbed as the greatest bane of most organizations today, cybersecurity can actually be enhanced with the help of domain data. How? more

Business Email Compromised (BEC) Scams Explode Under the GDPR Implementation

Business email compromised (BEC) attacks targeting American companies are exploding, with an increase of over 476% in incidents between Q4 2017 and Q4 2018. Up as well is email fraud with companies experiencing an increase of over 226%. These highly targeted attacks use social engineering to identify specific company employees, usually in the finance department and then convince these employees to wire large sums of money to third-party banking accounts owned by the attackers. more

Proactive Cybersecurity: What Small Businesses Can Actually Do

In the business world, there are two main paths a company can take with cybersecurity -- the reactive and the proactive approach. The problem with a purely reactive attitude is that it can easily put companies in constant firefighting mode. And for small companies with limited resources, this can turn out to be an increasingly uncomfortable place to be in.
With that in mind, experts today suggest proactive cybersecurity by monitoring suspicious activity and identifying risks before they turn into full-blown attacks. more

GDPR Fine Enough or More Disclosure?

The UK cares about its citizens' privacy to the tune of a $229 million (US) fine of British Airways for a breach that disclosed information of approximately half a million customers. It's exciting -- a significant fine for a significant loss of data. I think GDPR will lead to improved security of information systems as companies scramble to avoid onerous fines and start to demand more from those who provide information security services and products. more

WHOIS Database Download: Proactive Defense Against the Rising Tide of BEC Fraud

How many times have you heard that humans are the weakest link in cybersecurity? The headlines have proven that over and over again. In particular, business email compromise or BEC (also known as email account compromise or EAC) scams, which typically target an employee with access to the financial resources of his company -- this could be a C-level executive or any high-ranking officer -- for fraud are still on a constant uphill trend. more

Industry Updates

The Web.com Data Breach: A Quick Investigation with Domain Reputation Lookup

Mobile Apps and Malware: Shielding Your Brand from Unseen Cyber Threats

Being Cybersecure Is Not Enough, Become Cyber-Resilient Instead

Can Security Analytics Combat Digital Fraud with IP and Domain Name Monitoring?

Alleviating the Constant Clash Between DevSecOps and DevOps Teams

Moving from the Castle-and-Moat to the Zero-Trust Model

Why IT Security and DevOps Teams Are Often at Odds

Mitigation and Remediation: Where Threat Intelligence Fits In

4 Cybersecurity Jobs Created in Response to Evolving Threats

Cloud and IaaS DLP Woes: Is Additional Threat Intelligence a Solution?

Carpet-Bombing Attacks: A Rising Threat to ISPs

How Threat Intelligence Prevents Nameserver Takeovers and Their Far-Reaching Damage

Can Network and Threat Data Correlation Improve SIEM Solutions?

Information Rights Management or User Access Management, Which One Is Better?

Can Security Operations Centers (SOC) Benefit from Third-Party Threat Intelligence?