Last week the Alliance for Safe Online Pharmacies (ASOP Global; www.BuySafeRx.pharmacy) presented its inaugural Internet Pharmacy Safety E-Commerce Leadership Award to two organizations during the Generic Names Supporting Organization (GNSO) Joint Meeting of the Registries and Registrars Stakeholder Groups at ICANN58 in Copenhagen, Denmark, it was announced on Tuesday. more
Brian Krebs reporting in Krebs on Security: "Half of all 'rogue' online pharmacies -- sites that sell prescription drugs without requiring a prescription -- got their Web site names from just two domain name registrars, a study released today found. The findings illustrate the challenges facing Internet policymakers in an industry that is largely self-regulated and rewards companies who market their services as safe havens for shadowy businesses." more
A web domain name is the foundational piece of internet property allowing its owner (registrant) to construct and host an associated website. On a domain, the owner is also able to construct whatever subdomains they wish -- a process that is technically achieved via the configuration of records on the authoritative domain name system (DNS) server. more
In a big open office 30 feet from me, a team of US Veterans speak intently on the phone to businesses large and small, issuing urgent warnings of specific cyber security threats. They call to get stubborn, confused people to take down hidden ransomware distribution sites. They call with bad news that a specific computer at the business has malware that steals login credentials. more
Cybercrime losses may be erroneously overestimated as most information available on cybercrime losses are derived from surveys, argue two researchers in a recent paper titled, "Sex, Lies and Cybercrime Surveys". Dinei Florencio and Cormac Herley from Microsoft Research examine some of the difficulties of forming an accurate cybercrime estimate by survey. more
New research from the Anti-Phishing Working Group (APWG) has found that up to 81% of domain names used for phishing are legitimate domains that have been hacked. More specifically, out of the 30,454 phishing domains under observation, only 5,591 domain names (18.5%) were registered by phishers according to APWG. The remaining small percentage of the domains used in phishing belonged to subdomain resellers such as ISPs and other web-based services. more
FBI today announced six Estonian nationals have been arrested and charged with running a sophisticated Internet fraud ring that infected millions of computers worldwide with a virus and enabled the thieves to manipulate the multi-billion-dollar Internet advertising industry. Users of infected machines were unaware that their computers had been compromised -- or that the malicious software rendered their machines vulnerable to a host of other viruses. more
The United States Computer Emergency Readiness Team (US-CERT) has acknowledged that they are aware of the publicly available exploit code for a cache poisoning vulnerability in common DNS implementations. US-CERT is re-emphasizing the urgency of patching vulnerable DNS systems. more
In a 52 page security report released by Cisco, the company has confirmed what has been consistently been observed through out this year: "the Internet-based attacks are becoming increasingly sophisticated and specialized as profit-driven criminals continue to hone their approach to stealing data from businesses, employees and consumers." The 2008 edition of the report has specified the year's top security threats and offers recommendations for protecting networks against attacks that are propagating more rapidly, becoming increasingly difficult to detect, and exploiting technological and human vulnerabilities. more
The nonprofit Alliance for Safe Online Pharmacies (ASOP Global) presented its annual Internet Pharmacy Safety E-Commerce Leadership Award to .DK Hostmaster at the 2018 ICANN63 today in Barcelona, Spain. The domain name administrator for Denmark, DK Hostmaster, was selected for the award based on their commitment to ensuring citizen safety by maintaining transparent WHOIS data, proactively enforcing identity accuracy policies to increase consumer trust and safety online. more
The RBNexploit blog states that the website 'president.gov.ge' was under DDoS attack since Thursday. That site is now hosted out of Atlanta, Georgia (don't you love coincidence?) by Tulip Systems who is prominently displaying an AP story... "Speaking via cell phone from Georgia, Doijashvili said the attacks, traced to Moscow and St. Petersburg, are continuing on the U.S. servers." Rusisan military surrogates in the form of the criminal Russian Business Network are engaged in attacks against servers on US soil. This point should be brought up as the Group of 8-1 discusses appropriate responses to Russia's attack on Georgia. more
In the past 24 months, distributed denial of service (DDoS) attacks have changed profoundly. Gone are the days when attackers worked under the radar, when machines were infected by botnet code unknowingly and attacks were disguised leaving very little to trace the exact origin. ... The other game-changer: It's easier than ever to execute attacks. The tools are so widely available that anyone with basic skills and a high-speed connection can become a "hacktivist." more
Hackers breached a Kansas Department of Commerce data system used across multiple states and gained access to more than 5.5 million Social Security Numbers, according to local news sources. more
President-elect Donald J. Trump has named Thomas P. Bossert, a top national security aide under President George W. Bush, to be his homeland security adviser, the Trump transition team announced Tuesday morning," Michael D. Shear reporting in the New York Times. more
For our final blog in this series, looking at the online risks associated with COVID-19, we focus on social media. The popularity of social media channels means that they are extremely susceptible to exploitation by cybercriminals and other infringers, particularly during the coronavirus crisis. In an earlier post in this series, we discussed the use of social media for the distribution of phishing-related content, but CSC has also noted marked activity relating to the creation of fake accounts. more
A World-Renowned Source for Internet Developments. Serving Since 2002.