Cybersecurity

Sponsored
by

Cybersecurity / Most Viewed

Cyberattacks Listed as High-Impact Threat to North American Electric Grid

In a report released today by The North American Electric Reliability Corporation (NERC) and the U.S. Department of Energy (DOE), cyber attacks are among the top high-impact risks -- "with potential to significantly affect the reliability of the North American bulk power system." Certain protections and mitigations are already in place to address these risks, and this study has been released to help public utility commissions, and the federal government to further prepare for these potential risks. more

Data on Nearly 200 Million Potential Voters in U.S. Found Fully Exposed

According to reports released today, databases containing information on close to 200 million potential U.S. voters were found unsecured and exposed to the Internet, allowing anyone to download it without a password. more

Security Against Election Hacking - Part 2: Cyberoffense Is Not the Best Cyberdefense!

State and county election officials across the country employ thousands of computers in election administration, most of them are connected (from time to time) to the internet (or exchange data cartridges with machines that are connected). In my previous post I explained how we must audit elections independently of the computers, so we can trust the results even if the computers are hacked. more

Google Chrome Found Vulnerable to Carpet-Bombing

Just hours after the launch of Google's new web browser, reports have surfaced about its security vulnerability to carpet-bombing that can expose Windows users to hacker attacks. If exploited, hackers could potentially run unauthorized software on a victim's computer and then used to execute web-based computer attacks. Researcher Aviv Raff has discovered that it is possible to combine this vulnerability (also at one point affecting Apple Safari which uses the same WebKit technology used by Google's Chrome browser) and a Java bug discussed at this year's Black Hat conference, to trick users into launching executables direct from the new browser. more

Economic Crisis Fueling New Cybercrime Wave, According to UK Cybercrime Report

The number of cybercrimes committed in the UK soared last year driven by a huge increase in online financial fraud, according to a report released by online identity firm Garlik. "Our annual UK cybercrime report in collaboration with leading criminologists indicates that online financial fraud grew significantly jumping nearly twenty percent to 250,000 incidents in 2007 compared with 207,000 in 2006." more

Google Releases a One-Stop Reference Source to Browser Security

Today via its Online Security Blog, Google announced the release of its Browser Security Handbook aimed at providing web application developers, browser engineers, and information security researchers a "one-stop reference" to critical security attributes of modern web browsers. "Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several classes of security vulnerabilities," says the introduction to the 60-page document. more

Survey Finds "Complexity" as Most Common Challenge in Deploying DNSSEC

According to a recent survey conducted by the European Network and Information Security Agency (ENISA), 78% of service providers in Europe have plans to deploy DNSSEC within the next 3 years. On the other hand, the study also found 22% have no plans to deploy DNSSEC in the next 3 years. more

Financially Based Cybercrime is Recession-Proof

According to experts, organized cybercrime is one "industry sector" that is not unhappy about the current global economic crisis. "One thing we've seen is financially based cybercrime is recession-proof," says Darren Mott, supervisory special agent for the FBI's Cyber Division. "With [this] changing economy, the only thing that changes is the way they go about obtaining their information." more

Tactics for Responding to Cyber Attacks - Squeezing Your Cyber Response-Curve: Part 2

In part one of this post we introduced the cyber response curve. In this post, we have outlined some observations which illustrate how different level of maturity and approaches can affect your cyber response curve. more

Escalating US, Chinese Silent War on the Internet

Jason Mick reporting in DailyTech: "In the definitive cyberpunk novel Neuromancer, published in 1984, author William Gibson prophetically envisioned that wars of the future would be fought over the internet -- a new construct at the time. Today that prediction appears on the verge of coming true as we stand on the threshold of a vast digital battle. Agents in China, believed to be working for, or endorsed by the Chinese federal government are carrying out a secret cyberwar against the U.S. government and U.S. businesses. And that war appears to be escalating." more

Majority of Active Malware Attacks Go Undetected, Says New Report

A recent test of leading anti-virus vendors over a thirty-day period has revealed that more than half of all malware threats on the Internet go undetected, according to a report issued today by cyber intelligence firm, Cyveillance. Data for the test was compiled from thousands of active malware threats that Cyveillance says it detects daily and was then fed through each of the vendors' anti-virus solutions in real-time. more

US Law-Enforcement Agencies Reported to be at Risk in Foreign-Owned Buildings

US law-enforcement agencies are at risk of being spied on and hacked because some of their field offices are located in foreign-owned buildings without even knowing it. more

Schneier: "Someone Is Learning How to Take down the Internet"

"Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet," wrote renowned security expert, Bruce Schneier, in a piece published in Lawfare. more

Australian Government Proposes ISPs Force Customers to Use Antivirus and Firewall

Josh Taylor reporting in ZDNet.com.au: Committee chair Belinda Neal said in her introduction to the 262-page report titled "Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime" that due to the exponential growth of malware and other forms of cybercrime in recent years, "the expectation that end users should or can bear the sole responsibility for their own personal online security is no longer a tenable proposition"... more

Fake Anti-Virus Peddlers Taking Aggressive Steps to Avoid Detection

Over at Krebs on Secrity blog, Brian Krebs reports: "Purveyors of fake anti-virus or 'scareware' programs have aggressively stepped up their game to evade detection by legitimate anti-virus programs, according to new data from Google. In a report being released today, Google said that between January 2009 and the end of January 2010, its malware detection infrastructure found some 11,000 malicious or hacked Web pages that attempted to foist fake anti-virus on visitors." more

Industry Updates

Attack Surface Reduction: Scrutiny of the Top Payment Processing Companies

Enriching IP Blacklists Using a Reverse IP/DNS Database

Mergers and Acquisitions: Taking Care of Digital Brands During Entity Consolidation

CSC's Research on Election-Related Domains Aligns with Recent FBI and CISA Warning

Beefing Up Third-Party Risk Management with Reverse DNS Search

Strengthening Brand Protection with Subdomain Lookups: A Short Study

Attack Surface Monitoring: Two Ways to Detect Phishing Subdomains

Not All VPN Users Are Worth Trusting, a Lesson for Cloud Service Providers

Gathering Context Around Emotet, Trickbot, and Dridex C&C Servers with Bulk IP Geolocation

Rise in Domain Name Registrations Highlights the Need for Continued Vigilance

Augmenting Digital Risk Protection with Threat Intelligence Sources

Threat Intelligence Feeds in the Fight against Insurance-Themed Cyber Attacks

WHOIS History Footprint Tells Us More about the Man Behind the Biggest BLM Scam

The DNS Ecosystem, Its Vulnerabilities, and Threat Mitigations

100K+ List of Disposable Email Domains Under Security Analysis