Cybersecurity

Sponsored
by

Blogs

COVID Domain Registrations Surged in March

The Internet and the domain name system (DNS) have become the mainstay of the new COVID sheltered world. Afilias looked at registrations in the unrestricted domain name space, with a special focus on the popular .INFO, .PRO, .MOBI and .IO domain name extensions. The data shows that the number of website and domain registrations related to COVID and Coronavirus in these extensions is flattening after a surge in March. more

What COVID-19 Means for Network Security

The COVID-19 Pandemic is causing huge social and financial shifts, but so far, its impact on network security has gone under-reported. Yet with thousands of companies worldwide requiring millions of employees to work remotely, network administrators are seeing unprecedented changes in the ways that clients are using their networks and new threats that seek to leverage the current crisis. more

3 Reasons It's Crucial to Review Your Domain Lock Portfolio Now

Just as we started the new year, the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency's (CISA) issued an alert. On January 6, 2020 , they warned of domain name system (DNS) hijacking and other cyber threats that may be used by nation-state threat actors to disrupt business activity and take control of vital internet assets. A familiar refrain heard in 2019 now repeating in 2020. more

Coronavirus Online Threats Going Viral, Part 5: Social Media

For our final blog in this series, looking at the online risks associated with COVID-19, we focus on social media. The popularity of social media channels means that they are extremely susceptible to exploitation by cybercriminals and other infringers, particularly during the coronavirus crisis. In an earlier post in this series, we discussed the use of social media for the distribution of phishing-related content, but CSC has also noted marked activity relating to the creation of fake accounts. more

Coronavirus Online Threats Going Viral, Part 4: Phishing

In part four of this series of posts looking at emerging internet content relating to coronavirus, we explore phishing. In times of crisis, cyber criminals invariably take advantage of the growing concerns of the public. In the case of the coronavirus, they have done so by sending phishing emails that play on the fears surrounding the spread of the illness. A number of reports have emerged of emails purporting to provide advice or assistance relating to COVID-19... more

ICANN Org's Multifaceted Response to DNS Abuse

While the March report from ICANN's Domain Abuse Activity Reporting system show a general reduction in second-level gTLD domain names identified as being used in phishing, malware distribution, and botnet command and control, it has been widely reported that criminals are taking advantage of the global COVID-19 pandemic by launching malicious online campaigns. There have also been numerous reports of spikes in the use of COVID-19-related domain names for DNS Abuse. more

Remote Work Demands Encryption

Now that we are all working from home (WFH), the need for encryption must also increase in priority and awareness. Zoom's popular video conferencing solution got in hot water because they promised "end-to-end" encryption but didn't deliver on it - prompting some organizations to ban it from use altogether. Encryption protects confidential information from being exposed in transmission, providing a secure way for the intended recipient to get the information without snooping by others. more

Predictions for a Post-COVID-19 World

While it might still be too early to make predictions, there are dozens of articles on the web predicting how the COVID-19 pandemic might change our long-term behavior. Here are some of the more interesting predictions I've seen that involve broadband and telecom... Millions of people were sent home for work or school to homes that didn't have good broadband. These folks have been telling the world for years that they don't have good broadband... more

5G Security – Metrics of the Engaged

This past month on 03-06 March, the global industry sub-group that exists at the center of 5G security met virtually. It is known as SA3 within the 3GPP organization, and it met over a period of five days to deal with some of the most important 5G security requirements. 3GPP is a "partnership" created among all the world's major standards bodies, which over several decades has cooperatively developed and evolved by far the largest and most successful global electronic communications network. more

Coronavirus Online Threats Going Viral, Part 3: Mobile Apps

In part three of this series of posts looking at emerging internet content relating to coronavirus, we turn our attention to mobile apps - another digital content channel that can be used by criminals to take advantage of people's fears about the health emergency for their own gain.One of the most common attack vectors we have found in our analysis is the use of apps purporting to track global progression of COVID-19, or provide other information, but which instead incorporate malicious content. more

How to Secure Your Data During Coronavirus

Nobody loves a good crisis more than a hacker and, by anyone's definition, coronavirus is a big, fat stinking crisis that almost everyone on earth is sitting in the middle of. For most of us, a crisis brings out the best. First responders and the healthcare systems are replete with stories of superhuman sacrifice and commitment to others. Unfortunately, it is this commitment to the work at hand that puts cybersecurity on the back burner and increases the chance of a breach, break-in, or general mischief. more

Coronavirus Online Threats Going Viral, Part 2: Marketplaces

In the midst of the coronavirus crisis and the partial or total quarantines happening around the world, more people are turning to eCommerce for their purchases. This, combined with the increased demand for healthcare and healthcare-related products, is causing surges of activity on online marketplaces. Perhaps least surprising is the growth in the number of listings for cleaning and hygiene products (e.g., hand sanitizer), as well as facemasks... more

The True Effect of Corona on the DNS

In recent weeks we've seen a range of press articles, security blogposts and public statements addressing real or perceived issues with network capacity and the domain name system (DNS) in particular. These range from concerns about the resilience of the DNS with questions on the impact of the number of registrations to news indicating that a tidal wave of fraud and abuse is hitting the world. more

A Short History of Internet Protocol Intellectual Property

A little over 25 years ago, the Internet Society proposed that they assume responsibility for the DARPA Internet Protocol (IP) specifications Intellectual Property Rights (IPR) that were being evolved by the Internet Engineering Task Force (IETF) to facilitate their use by the mainstream network communication standards bodies and providers. Last week, the IETF, in an attempt to fend off alternative Internet Protocols emerging in the 5G ecosystem and create a standards monopoly, asserted... more

Is Zoom's Server Security Just as Vulnerable as the Client Side?

Zoom programmers made elementary security errors when coding, and did not use protective measures that compiler toolchains make available. It's not a great stretch to assume that similar flaws afflict their server implementations. While Mudge noted that Zoom's Windows and Mac clients are (possibly accidentally) somewhat safer than the Linux client, I suspect that their servers run on Linux.Were they written with similar lack of attention to security? more

News Briefs

Google Reports 18 Million Daily COVID-19 Related Malware, Phishing Emails Per Day

Zoom Faces Class-Action Lawsuit, Accused of Overstating Its Privacy Standards

Over 360 Security Experts Around the World From Group to Combat COVID-19 Hackers, Protect Hospitals

Firefox Starts the Roll Out of DNS Over HTTPS (DoH) by Default for US-Based Users

Israel's Entire Voter Registry Exposed, the Massive Data Leak Involves 6.5 Million Voters

Highly Sensitive Domain Corp.com Up for Sale by Original Owner, Calls It a 'Chemical Waste Dump'

Microsoft Takes Legal Action Against North Korean Cybercrime Group, Takes Down 50 Domains

U.N. Approves Resolution to Combat Cybercrime Despite Opposition From E.U., the U.S. and Others

Microsoft Announces Plans to Adopt DoH in Windows

Cybersecurity Workforce Needs to Grow 145% to Close Skills Gap Worldwide, Says New Study

Leading Domain Registries and Registrars Release Joint Document on Addressing 'DNS Abuse'

EU Member States Release Report on Coordinated Risk Assessment on Cybersecurity in 5G Networks

More Than 500 Schools in the U.S. Hit by Ransomware in 2019, Says Report

27 Countries Issue Joint Statement on 'Advancing Responsible State Behavior in Cyberspace'

Cyber Risk Now on Top of Corporate Risk Agendas, Cyber Insurance Expanding

The Insecurity of the IoT is Only Getting More Profound, Says Principal Researcher at F-Secure

Phishing Attacks Targeting Executives Now Top Cybersecurity Insurance Claims, Says AIG

There's a Full-On War for Cybersecurity Talent, CEOs Forking Millions to Fill Roles

Close to 200K Phishing Domains Discovered in a 5-Month Span, 66% Targetted Consumers, Akamai Reports

A Seattle Woman Charged With Capital One Data Theft Affecting 106 Million People

Most Viewed

Most Commented

Taking Back the DNS

Fake Bank Site, Fake Registrar

When Registrars Look the Other Way, Drug-Dealers Get Paid

Who Is Blocking WHOIS? Part 2

ICANN Complaint System Easily Gamed

Verisign Updates – Sponsor

Q2 2018 DDoS Trends Report: 52 Percent of Attacks Employed Multiple Attack Types

Verisign just released its Q2 2018 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of customers of Verisign DDoS Protection Services. more

Operational Update Regarding the KSK Rollover for Administrators of Recursive Name Servers

Currently scheduled for October 11, 2018, the Internet Corporation for Assigned Names and Numbers (ICANN) plans to change the cryptographic key that helps to secure the internet's Domain Name System (DNS) by performing a Root Zone Domain Name System Security Extensions (DNSSEC) key signing key (KSK) rollover. more

Q1 2018 DDoS Trends Report: 58 Percent of Attacks Employed Multiple Attack Types

Verisign has released its Q1 2018 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of Verisign DDoS Protection Services, and security research conducted by Verisign Security Services. more

DNS-Based Threats: Cache Poisoning

As DNS attacks grow in frequency and impact, organizations can no longer afford to overlook DNS security as part of their overall defense-in-depth strategy. As with IT security in general, no single tactic can address the entire DNS threat landscape or secure the complete DNS ecosystem. more

Q4 2017 DDoS Trends Report: Financial Sector Experienced 40 Percent of Attacks

Verisign has released its Q4 2017 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of Verisign DDoS Protection Services and security research conducted by Verisign Security Services. more

DNS-Based Threats: DNS Reflection and Amplification Attacks

Cybercriminals recognize the value of DNS availability and look for ways to compromise DNS uptime and the DNS servers that support it. As such, DNS becomes an important point of security enforcement and a potential point in the Cyber Kill Chain for many cyber-attacks. more

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Verisign has qualified for the Online Trust Alliance's (OTA) 2017 Honor Roll for showing a commitment to best practices in security, privacy and consumer protection. This is the fifth consecutive year that Verisign has received this honor. more

Industry Updates

How to Avoid Phishing Campaigns Targeting CARES Act Recipients

Newly Registered Domains Database Shows Threat Actors Exploit the Need for N95 Masks amid the Pandem

Domain and IP Intelligence Checks Following the Launch of the COVID-19 Solidarity Response Fund

Under the Hood of 3M- and 3M Mask-Themed Recently Registered Domains

Domain Intelligence Shows Cybercriminals May Abuse Video-Conferencing Services' Brand Names

How Cyber Threat Intelligence Feeds Can Support MSSPs

Digital Asset Security: Back to Basics

Addressing Business Email Compromise in the Time of Coronavirus with Email Validation

Brand Monitor and Typosquatting Data Feed: Two Assets to Support Spear-Phishing Prevention

Combating COVID-19 Cybercrime – What Internet Infrastructure Providers Like Afilias Are Doing

What Cyber Threat Intelligence Tools Can Reveal about a Targeted Attack

Looking Into a Possible Coronavirus-Themed Survey Scam Turning Out to Be a False Positive

Coronavirus: Cybersecurity Implications and Fraudulent Infection Maps

Threat Intelligence: The First Line of Defense Against Data-Stealing Ransomware

How to Maintain Your Website's Network Reachability with DNS Lookup Solutions

Participants – Random Selection