Cybersecurity

Sponsored
by

Cybersecurity / Most Viewed

Threat Intelligence Platform in Action: Investigating Important Use Cases

As technology gets more and more sophisticated, tech-savvy cybercriminals are having a field day devising increasingly ingenious ways to steal confidential data from ill-prepared targets. What this means is that an equally sophisticated cybersecurity response is needed to keep attackers at bay. This would involve re-examining reactive cybersecurity practices and adopting a proactive approach towards an active search for risks and vulnerabilities with the help of threat intelligence (TI). more

Analysis Report Recommends Key Security Changes to ICANN's Pending Registry Proposals

A report released today ("DNS - A System in Crisis," commissioned by Network Solutions) has concluded that in proposals for the .com, .biz, .info and .org registries, the Internet Corporation for Assigned Names and Numbers (ICANN) has failed to ensure adequate security safeguards. The report, written by security technology expert Jerry Archer, recommends that oversight, planning and testing provisions be implemented in the proposals to run these registries before they are finalized. more

Bugs Found in DNS Software, Not Considered High-Risk

A number of flaws in the software that is used to administer the Internet's DNS (domain name system) has been discovered by researchers at Finland's University of Oulu.

The vulnerabilities could be exploited to "cause a variety of outcomes," including crashing the DNS server or possibly providing attackers with a way to run unauthorized software, according to an advisory posted Wednesday by the U.K.'s National Infrastructure Security Co-ordination Center. more

Software Security Hole Exposes Critical Utilities to Internet attack

Internet attackers could gain control of water treatment plants, natural gas pipelines and other critical utilities because of a vulnerability in the software that runs some of those facilities, security researchers reported Wednesday. Experts with Boston-based Core Security Technologies, who discovered the deficiency, said there's no evidence anyone else found or exploited the flaw. Citect Pty. Ltd., which makes the program called CitectSCADA, patched the hole last week, five months after Core Security first notified Citect of the problem. more

Cybersecurity Groups Start New Initiative to Combat Malware

Three of the world's leading cybersecurity groups today launched a new initiative to combat malicious software (malware) by establishing a "Chain of Trust" among all organizations and individuals that play a role in securing the Internet. Developed by the Anti-Spyware Coalition (ASC), National Cyber Security Alliance (NCSA) and StopBadware.org, the Chain of Trust Initiative will link together security vendors, researchers, government agencies, Internet companies, network providers, advocacy and education groups in a systemic effort to stem the rising tide of malware. more

Researchers Find Flaw in Conficker Worm to Help Find Infected Computers

Just days before the Conficker worm is set to contact its controllers for new instructions, security researchers have discovered a flaw in the worm that makes it much easier for users to detect infected PCs. Tillmann Werner and Felix Leder, members of the Honeynet Project, an all-volunteer organization that monitors Internet threats, have discovered that Conficker-infected PCs return unusual errors when sent specially crafted Remote Procedure Call (RPC) messages, according to preliminary information they have posted on the Web. more

Registrars Say No to Phishers? Watchdog Group Calls Issue 'Complex'

Unfortunately, it is not possible for a registrar to know a-priori whether a site is going to be used for phishing or not, says Dave Jevans, chairman of the Anti-Phishing Working Group. There are many "squatters" who may have every right to register domain names with other companies' trademarks in them, per ICANN policy... more

ICANN Names DNS Security Experts

The Internet Corp for Assigned Names and Numbers yesterday named the 25 domain name system security experts that will be responsible for deciding whether proposed domain registry services could cause internet security and stability problems. The 25 people, who hail from all over the world, would be selected in five-person panels to decide on a case-by-case basis whether services proposed by the likes of .com registry VeriSign Inc or .biz registry NeuStar Inc constitute a problem to the internet. more

Pro-Trump Russians Accused for Democratic National Committee Email Hack, FBI Investigating

"DNC Hack Prompts Allegations of Russian Involvement," Damian Paletta and Devlin Barrett reported in the Wall Street Journal today: "U.S. authorities said they are still investigating who perpetrated the hack, but cybersecurity experts said the email release resembled past examples of political interference that other countries have tied to Russia." more

The Real Pain Caused by Russian Cyberattacks on Georgia and Estonia

The popular concept of the cyber-attacks launched by Russia against Estonia and Georgia in recent years is that an army of volunteer hackers bombarded government computers in those target countries with disabling botnet attacks. But the reality is that most of the cyber-pain suffered by Estonia, for example, was caused when the U.S. and European banking system chose intentionally to cut off Estonia from the Internet-based financial clearing networks, because the networks couldn't distinguish bona fide transactions emanating from Estonia from botnet-induced bogus transactions. more

Hacker Sentenced to 30 Years in Prison in Turkish Court

A Turkish court has sentenced a hacker to 30 years in prison for his role in the theft of 45 million identities from credit card transactions by nine US retailers including TJX. Ukrainian Maksym Yastremskiy was among 11 people charged by US authorities in August 2008 in connection with the biggest identity theft to date. more

Consumer Reports: U.S. Consumers Lost Nearly $8.5 Billion to Viruses, Spyware, and Phishing

U.S. consumers lost almost $8.5 billion over the last two years to viruses, spyware, and phishing schemes according to latest projections from the Consumer Reports State of the Net survey. Additionally, report estimates that American consumers have replaced about 2.1 million computers over the past two years because of online threats. Survey has also reveals some hopeful signs such as declining chances of becoming a cybervictim -- consumers have 1 in 6 chance of becoming a cybervictim, down from 1 in 4 in 2007. more

Romanian Authorities Arrest Over 20 Cybercrime Suspects

Authorities have arrested more than 20 people in Romania who are suspected of running online fraud schemes, according to media reports. The Tuesday arrests were confirmed by the U.S. Federal Bureau of Investigation (FBI), which has been working with Romanian officials on cybercrime in recent months. The FBI would say only that the agency is aware of the arrests and because "this is an ongoing matter, we will have no further comment at this time." The losses caused by the cybercrime ring is estimated to reach millions of euros. more

Longevity of Phishing Websites Dropped by 25% Since Last Year, Study Finds

A new phishing survey released by the Anti-Phishing Work Group (APWG) reveals that the longevity of phishing Web sites dropped by 25 percent over the last year. The survey has also revealed that a single criminal syndicate dubbed "Avalanche" was responsible for nearly one quarter of all phishing attacks in the first half of 2009. Indications are that the gang is continuing to claim a larger proportion of all detected phishing attacks. more

Microsoft to License Netcraft's Phishing Site Feed

Microsoft has licensed Netcraft's Phishing Site Feed for use in its Microsoft Phishing Filter Service, providing users of Internet Explorer 7 protection against the latest phishing attacks reported by the Netcraft Toolbar Community.

Microsoft's inclusion of Netcraft data in the Microsoft Phishing Filter was announced by Microsoft chairman Bill Gates during his keynote speech at the RSA Conference in San Francisco. more

Industry Updates

How to Address Blended Threats with Domain Data

Website Categorization: Enhancing URL Filtering for MSSPs

Should Cybersecurity Teams Consider Next-Generation Firewalls?

How Website Categorization Technology Can Assist MDR Teams

101domain Expands Security Offering to Include Nearly Two Dozen New SSL Certificate Solutions

Can Website Categorization Support Fraud Monitoring?

How Domain Data Can Enrich an MSSP's Threat Intelligence

Using Domain Name Intelligence to Counter E-Commerce Platform Vulnerability Exploit Attacks

4 Cybersecurity Professionals That Can Benefit from Threat Intelligence

How Threat Intelligence Can Solve 3 Common SIEM Problems

The Growing Need for Managed Detection and Response Services

Fraud Protection Measures Against Malicious New Domains

How SIEM Vendors Can Reduce False Positives from Their Products

New Phishing Tools Can Now Bypass 2-Factor Authentication

DIY Threat Intelligence Gathering If Your Security Solutions Seem Lacking