Cybersecurity

Sponsored
by

Cybersecurity / Most Viewed

UN Internet Governance Forum to Hold First Meeting

The UN's Internet Governance Forum will hold its first meeting Oct. 30 to discuss the future of the Internet, especially as it relates to access, security, diversity and emerging issues.

...Nitin Desai, who will chair the meeting, said the technology is young and people have not really sorted out how the Internet should be treated. He compared debates about the Internet to those about the chemical composition of ink and the design of the paper when the printer was invented, which missed the point. more

CENTR Has Released an Animated Video on ccTLDs and Their Technical Role Concerning Content

Due to increased legislative interest in this topic, CENTR says there is a pressing need for comprehensive educational material on the technical capabilities of the DNS, ccTLDs and their role in the internet ecosystem. more

Over Half of Critical Infrastructure Providers Report Politically Motivated Cyber Attacks

A recent study released today suggests 53 percent of critical infrastructure providers have experienced what they perceived as politically motivated cyber attacks. According to Symantec's 2010 Critical Information Infrastructure Protection (CIP) Survey, participants claimed to have experienced such an attack on an average of 10 times in the past five years, incurring an average cost of $850,000 during a period of five years to their businesses. more

Google Announces Experiment with Post-Quantum Cryptography

Google is experimenting with new cryptography to future-proof Internet communications against quantum computers. Matt Braithwaite, Google Software Engineer in a blog post on Thursday wrote: "Quantum computers are a fundamentally different sort of computer that take advantage of aspects of quantum physics to solve certain sorts of problems dramatically faster than conventional computers can." more

U.S. Congress Fears Cyberattack on Electric Power Grids

The potential for "cybersecurity" attacks on the United State's electric power grids has spurred politicians to consider legislation to broaden federal authority over electric companies.

Congress already has been consulting with federal agencies and industry associations over how to craft such legislation. On Thursday, legislators sought further input at a hearing before the House Energy and Commerce's subcommittee on energy and air quality. more

NYT: US Weighing Risks of Civilian Harm in Cyberwarfare

John Markoff and Thom Shanker reporting in the New York Times: "It would have been the most far-reaching case of computer sabotage in history. In 2003, the Pentagon and American intelligence agencies made plans for a cyberattack to freeze billions of dollars in the bank accounts of Saddam Hussein and cripple his government's financial system before the United States invaded Iraq. He would have no money for war supplies. No money to pay troops... But the attack never got the green light. Bush administration officials worried that the effects would not be limited to Iraq but would instead create worldwide financial havoc..." more

Reported Cyberattack Against Israel Only Ransomware to Regulatory Body, Electric Grid Not In Danger

Ransomware via a phishing attack was sent to Israel Electric Authority, not the power grid, as was heavily reported in mainstream media today. According to a cyber analyst in Israel (Eyal Sela) the media reporting so far is misleading with regards to the context around the incident, reports Robert M. Lee of SANS Institute. more

United States and Britain to Conduct Financial Cyber-Security Test

U.S. and Britain plan to conduct a test later this month to assess how regulators for the world's two biggest financial centers in New York and London would communicate in the event of a major cyberattack or broader IT problems, a spokesman for British government cybersecurity body CERT-UK said on Monday. more

US States Taking Increasingly Active Role Against Cybercrime

It's unclear whether cyber crime is increasing or simply being reported more often -- or a combination of the two. But as the number of cyber crime cases increase, state and local law enforcement agencies are taking an increasingly active role in investigating them. The number of complaints that individuals filed with the Internet Crime Complaint Center (IC3) jumped more than 30 percent from 2007 to 2008 and corporate cyber crimes continues to make headlines. The FBI, nonprofit National White Collar Crime Center and Bureau of Justice Assistance jointly operate the IC3... more

BIND9 DNS Vulnerability Warning Issued by CERT, ISC

The Internet Systems Consortium and United States Computer Emergency Readiness Team are warning about a vulnerability discovered in the Berkeley Internet Name Domain 9 Domain Name Server code that could be exploited to cause a system crash... "By sending a specially-crafted packet to a BIND9 Server, a remote unauthenticated attacker can cause a denial of service, causing BIND to crash," according to the US-CERT advisory. more

Security Experts Criticize Obama's New Cybersecurity Plan, Say It's Full of Holes

Despite being a respectable start, security experts call the report overheated and "clear as mud"... while many experts applaud this new focus as vital to protecting critical U.S. infrastructure and economic institutions, some analysts have noted that the report fails to answer many key questions, contains a number of inconsistencies and possible inaccuracies, and generally exaggerates the threat to the country. "It's a plan for a plan," said O. Sami Saydjari, chairman of the Professionals for Cyber Defense. "Given how bureaucracies work, they tend not to come up with bold plans in 60 days. The hard problems have yet to be grappled with." more

Experts Concerned Economic Downturn Getting in the Way of Patching Critical DNS Flaw

The discovery of a major DNS flaw in mid-2008 landed the technology in many headlines, but with economic concerns weighing on many in IT, industry watchers worry that revamping systems and security around domain name servers could be put on hold in 2009. The vulnerability discovered by director of penetration testing at IOActive Dan Kaminsky motivated numerous vendors to upgrade their products to protect enterprise networks against cache poisoning and other DNS attacks, such as distributed denial-of-service (DDoS). IT directors were encouraged to upgrade their DNS systems to guard against potential threats... more

U.S. Government Denying The Internet to Enemies

The new National Strategy for Homeland Security, issued earlier this week by the White House, places a greater emphasis on the "uninterrupted use of the Internet and the communications systems, data, monitoring, and control systems that comprise our cyberinfrastructure." more

ICANN67 Round-Up

This past meeting of the Internet Corporation for Assigned Names and Numbers (ICANN), ICANN67, was intended to be held in person in Cancun, Mexico, but was actually the first meeting to be held entirely online and virtually. It was a well-managed affair with fewer sessions than the in-person meetings and less opportunity for the community to convene and meet as individuals. The last-minute change from an in-person to a virtual meeting impacted ICANN's ability to provide translation services for the full set of UN-supported languages, Arabic, Chinese, English, French, Russian, and Spanish. more

U.S. Senate Modernizes Cyber-Crime Laws

The U.S. Senate has passed legislation to modernize the nation's computer crime laws and give prosecutors more leeway in pursuing cyber crooks, reports Brian Krebs of The Washington Post. "Under current federal cyber-crime laws prosecutors must show that the illegal activity caused at least $5,000 in damages before they can bring charges for unauthorized access to a computer. Under the bill approved today, that threshold would be eliminated." more

Industry Updates

Attack Surface Reduction: Scrutiny of the Top Payment Processing Companies

Enriching IP Blacklists Using a Reverse IP/DNS Database

Mergers and Acquisitions: Taking Care of Digital Brands During Entity Consolidation

CSC's Research on Election-Related Domains Aligns with Recent FBI and CISA Warning

Beefing Up Third-Party Risk Management with Reverse DNS Search

Strengthening Brand Protection with Subdomain Lookups: A Short Study

Attack Surface Monitoring: Two Ways to Detect Phishing Subdomains

Not All VPN Users Are Worth Trusting, a Lesson for Cloud Service Providers

Gathering Context Around Emotet, Trickbot, and Dridex C&C Servers with Bulk IP Geolocation

Rise in Domain Name Registrations Highlights the Need for Continued Vigilance

Augmenting Digital Risk Protection with Threat Intelligence Sources

Threat Intelligence Feeds in the Fight against Insurance-Themed Cyber Attacks

WHOIS History Footprint Tells Us More about the Man Behind the Biggest BLM Scam

The DNS Ecosystem, Its Vulnerabilities, and Threat Mitigations

100K+ List of Disposable Email Domains Under Security Analysis