Cybersecurity

Sponsored
by

Cybersecurity / Featured Blogs

A Responsible Domain Industry Needs a Responsible Registrant Appeals Process

As the steward of .ORG, Public Interest Registry is committed to serving as an "exemplary registry" for the DNS. As part of that mission, PIR published our Anti-Abuse Principles last year that serve as our north star to address questions of abuse. As PIR has stated on many occasions, generally speaking, the DNS is not the appropriate place to address questions of website content abuse because of the blunt tool we as a registry have and the collateral damage that can be caused by suspending a domain name for a piece of content. more

Only Bad Actors Should Worry About the URS

With DNS abuse a topic of increased concern throughout the community, any controversy over adopting the Uniform Rapid Suspension System (URS) for all generic top-level domains (gTLDs) seems misplaced. The URS was designed as a narrow supplement to the Uniform Domain-Name Dispute Resolution Policy (UDRP), applicable only in certain tightly defined circumstances of clear-cut and incontrovertible trademark infringement involving the registration and use of a domain name. more

New CSC Research Finds Significant Lack of Redundancy for Enterprise DNS

As outlined in CSC's recent 2020 Domain Security Report: Forbes Global 2000 Companies, cybercriminals are disrupting organizations by attacking the protocol responsible for their online presence -- their domain name system (DNS). When a DNS is overwhelmed with traffic due to a distributed denial of service (DDoS) attack or configuration error, content and applications become inaccessible to users, affecting both revenue and reputation. more

The Countdown Has Started – Here Come One-Year Digital Certificate Life Cycles

Apple announced its decision to trust only one-year digital certificates on its Safari browser in February 2020. This decision created a domino effect, with Mozilla and Google following suit; certificate providers announced they would not issue two-year certificates after Aug. 19, 2020. We wrote an article in March to help brands to prepare for this change. more

Call for Participation – ICANN 69 DNSSEC and Security Workshop, October 2020

If you are interested in presenting at the ICANN 69 DNSSEC and Security Workshop during the week of 17-22 October 2020, please send a brief (1-2 sentence) description of your proposed presentation to dnssec-hamburg@isoc.org by 27 August 2020. We are open to a wide range of topics related to DNS, DNSSEC, DANE, routing security, and more. There are some ideas in the Call for Participation below, but other ideas are definitely welcome, too! more

A CENTR White Paper on Creating More Standardized and Streamlined Domain Registry Lock Services

CENTR has published a white paper separating registry lock services into two standardized models. This categorization and the included recommendations can help top-level domain registries (re)design their registry lock services. The aim of the paper is to reduce fragmentation in implementation between registries to explain the value of registry lock to domain holders more easily. more

How Digital Asset Management May Change Due to COVID-19

One of the "fathers of the internet," Vint Cerf, in a September 2019 article he published, said: "Today, hackers routinely break into online accounts and divert users to fake or compromised websites. We constantly need to create new security measures to address them. To date, much of the internet security innovation we've seen revolves around verifying and securing the identities of people and organizations online. more

Afilias to Protect TLDs Against Potential "Orphan Glue" Exploits

Afilias has informed registrars and registry clients that it is taking steps to remove orphan glue records from 200+ TLD zones in its care. This will eliminate the potential for a handful of domain names to be misused. "Glue records" enable websites and other uses of domain names to work on the internet. They are related to DNS domain name delegations and are necessary to guide iterative resolvers to delegated nameservers. more

How Brexit Raises Risks for Non-Compliant .EU Domain Names

On June 3, 2020, EURid, the registry for .EU domains, published its timeline and action plan to withdraw and delete .EU domains registered to entities and individuals located in the U.K. ... Following the .EU regulations that were published on March 29, 2019, registrations of .EU domain names may be held by EU citizens, citizens of Iceland, Liechtenstein, and Norway, independent of their place of residence -- as well as organizations that are established in the EU. more

What Trademark Owners Need to Know to Avoid Reverse Domain Name Hijacking

A cybersecurity company recently attempted reverse domain name hijacking for an exact match domain name of its brand, and in so doing, failed in both its bid to take ownership of the domain and potentially damaged their reputation by using this somewhat nefarious tactic and abusing the Uniform Domain Name Dispute Resolution Policy (UDRP) process. more

Industry Updates

Threat Intelligence Feeds in the Fight against Insurance-Themed Cyber Attacks

WHOIS History Footprint Tells Us More about the Man Behind the Biggest BLM Scam

The DNS Ecosystem, Its Vulnerabilities, and Threat Mitigations

100K+ List of Disposable Email Domains Under Security Analysis

Detecting Possible Domain Generation Algorithm-Related Threats Using Typosquatting Data Feed

Subdomain Lookup as Part of Cybersecurity Best Practices

Using WHOIS History and Other Intelligence Sources for Establishing Potential Attack Surfaces

Afilias Joins Global Encryption Coalition to Promote Internet Security

Use of IP Geolocation in Threat Intelligence and Cybersecurity

Hundreds of Election-Related Domain Names Seen as 2020 U.S. Elections Nears

Upward Trend Seen in "All Lives Matter," "BLM," and "Protest" Domain Registrations

Punycode Phishing: Internationalized Domain Names Remain a Threat in 2020

Domain Security Report – Forbes Global 2000 Companies

WhoisXML API Detects Hundreds of Microsoft-Inspired Typo Domains

Typosquatting Data Feed Can Enhance Lloyds Bank's Typosquatting Protection