Cybersecurity |
Sponsored by |
"Yahoo is expected to confirm a massive data breach, impacting hundreds of millions of users," reports Kara Swisher today in Recode. more
The United States Department of Justice has announced that it has neutralized a global network of computers compromised by malware called "Snake," which the U.S. government attributes to a unit within Center 16 of the Federal Security Service of the Russian Federation (FSB). more
"China Sets New Tone in Drafting Cybersecurity Rules," By Eva Dou in Beijing and Rachael King in San Francisco reporting in the Wall Street Journal. more
There's been a lot of discussion of whether the November 2016 U.S. election can be hacked. Should the U.S. Government designate all the states' and counties' election computers as "critical cyber infrastructure" and prioritize the "cyberdefense" of these systems? Will it make any difference to activate those buzzwords with less than 3 months until the election? First, let me explain what can and can't be hacked. Election administrators use computers in (at least) three ways... more
Kicking off the sixth annual National Cybersecurity Awareness Month this October, the Department of Homeland Security (DHS) has urged computer users to practice good "cyber hygiene". The campaign was given a boost Wednesday when the Senate passed resolution 285 to support its goal to make U.S. citizens more aware of how to secure the internet. DHS has also announced that is has been given new authority to recruit and hire up to 1,000 cybersecurity professionals across the department to fill roles such as: cyber risk and strategic analysis; cyber incident response; vulnerability detection and assessment; intelligence and investigation; and network and systems engineering. more
StopBadware.org and Consumer Reports WebWatch have announced today the full launch of BadwareBusters.org, a new online community for people looking for help preventing and countering viruses, spyware, and other "badware" on their computers and websites. Maxim Weinstein, manager of StopBadware.org at Harvard University's Berkman Center for Internet & Society, says the site is not only a useful destination, but also a piece of a bigger puzzle. "BadwareBusters.org is part of StopBadware's strategy to bring together the people, the organizations, and the data that allow us to fight back against the spread of badware," Weinstein said. "The collective wisdom of the BadwareBusters community will inform not only individuals, but the entire technology industry." more
As governments convene to discuss the UN Cybercrime Treaty, Google is urging caution, warning that the current draft could endanger online security and free expression. more
Pioneering cryptographer Whitfield 'Whit' Diffie has joined the Internet Corporation for Assigned Names and Numbers (ICANN) as Vice President for Information Security and Cryptography. Diffie will provide advice on general security matters related to ICANN's mandate, and to ICANN in the design, development and implementation of security methods for ICANN-managed networks. He will oversee the continuous improvement and 'best practices' process for information security and cryptography. more
This blog post and the associated report aim to provide an overview of DNS Abuse 1related issues the Governmental Advisory Committee (GAC), part of the ICANN multi-stakeholder model, has identified. We also summarize the relevant community activity taking place to address these areas of interest and highlight remaining gaps. From 2016 to June 2023, the GAC referenced four primary categories of activity related to DNS Abuse. more
The U.S. Securities and Exchange Commission (SEC) has introduced new regulations requiring companies to disclose substantial cybersecurity incidents. These rules also mandate yearly disclosure of key information regarding cybersecurity risk management, strategy, and governance. The mandate applies to foreign private issuers as well. more
The Canadian Security Intelligence Service (CSIS) is reported to have warned companies about an increasing risk of cyber espionage and attacks on pipelines, oil storage and shipment facilities. more
New security report has revealed at least 48 companies involved in research, development, manufacturing of chemicals and advanced materials have been victims of a coordinated cyberattack traced to a source in China. The purpose of the attacks, code named Nitro, appear to be industrial espionage, collecting intellectual property for competitive advantage, according to Symantec. more
According to a new security report released today by SANS Institute, TippingPoint and Qualys, the number of vulnerabilities found in applications in the last few years is far greater than the number of vulnerabilities discovered in operating systems. "On average, major organizations take at least twice as long to patch client-side vulnerabilities as they take to patch operating system vulnerabilities. In other words the highest priority risk is getting less attention than the lower priority risk." more
The U.S. Department of Justice and the FBI announced on Wednesday that they have taken actions to disable an international botnet of more than two million infected computers responsible for stealing corporate data including user names, passwords and financial information. more
According to a recent analysis, the cyber threat landscape has changed dramatically one year since the Russian invasion of Ukraine. Google TAG, Mandiant, and Trust & Safety have released a report titled, Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape, based on analysis from Google’s Threat Analysis Group (TAG), Mandiant, and Google Trust & Safety. more