Cybersecurity

Risk vs Benefit: The Impact of Shorter 90-Day SSL Certificate Life Cycles

In today's digital age, securing your website and ensuring your users' safety has never been more critical. Secure sockets layer (SSL) certificates are the go-to solution for securing websites by encrypting the data transmitted between web servers and browsers. Historically, SSL digital certificates could be valid for years, after which they had to be renewed or replaced.  more

Microsoft, Fortra, and Health-ISAC Take Legal Action Against the Abuse of Cobalt Strike to Combat Ransomware Attacks

A group of companies, including Microsoft, have collaborated to launch a major action to disrupt the use of cracked, legacy copies of the security tool Cobalt Strike which cybercriminals have abused to deploy ransomware. more

FBI Takes Down ‘Genesis Market’ Cybercrime Store: Dozens Arrested Worldwide

Today's FBI action against Genesis Market is the latest in a string of coordinated efforts to take down bot shops and other services that enable cybercrime. Earlier this year, the FBI seized Webstresser.org, a DDoS-for-hire service that was thought to be responsible for launching a massive attack against the City of Atlanta in 2018.  more

U.S. National Cybersecurity Strategy and Its Impact on Domain Security

Last month, the U.S. National Cybersecurity Strategy was launched, providing a new roadmap for stronger collaboration between those operating within the digital ecosystem. The strategy calls on software makers and American industry to take far greater responsibility to assure that their systems cannot be hacked while accelerating efforts by the Federal Bureau of Investigation and the Defense Department to disrupt the activities of hackers and ransomware groups around the world. more

German Authorities Seize Servers of Cybercriminal DDoS-for-Hire Service FlyHosting

FlyHosting had been open for business since November 2022 and was used for malicious activities such as hosting malware, botnet controllers, and carrying out DDoS attacks. more

India Seeks Alternatives to NSO Group Spyware Amid Global Snooping Scandals

The Indian government is seeking to acquire new spyware in an effort to replace the controversial Pegasus system, which has been blacklisted by the US government. more

‘Vulkan Files’ Leak Reveals Unique Insight Into Russian Cyber-War Plans

According to reports on Thursday, an anonymous person has Leaked confidential documents of NTC Vulkan, a Moscow-based defense contractor. It is believed that the documents are authentic and have been provided by an anonymous source who was greatly disturbed by Russia's attack on Ukraine.  more

Minimized DNS Resolution: Into the Penumbra

Over the past several years, domain name queries - a critical element of internet communication - have quietly become more secure, thanks, in large part, to a little-known set of technologies that are having a global impact. Verisign CTO Dr. Burt Kaliski covered these in a recent Internet Protocol Journal article, and I'm excited to share more about the role Verisign has performed in advancing this work and making one particular technology freely available worldwide. more

Processing Domain Data to Improve Business Continuity as a Domain Name Registry

In the fall of 2022, around 9,000 numeric domain names such as 0146.se, 0148.se, 0149.se, and so on were registered in the .SE zone. These domains were registered with two registrars, Register.eu and 1API. They had the same kind of SSL certificate, and there were other similarities among them that strongly suggested they were connected. All these domains were registered after September 1, 2022, but not on the same date... more

NCA Launches Campaign to Curb DDoS-for-Hire Website Use, Warns of Legal Risks

The United Kingdom's National Crime Agency (NCA) has been running a series of campaigns focused on reducing the use of DDoS-for-hire websites. These websites offer people the opportunity to purchase powerful tools to launch cyber-attacks, which can be used to knock websites or users offline. more

Microsoft Launches AI-driven’ Security Copilot’ to Help Companies Fight Hacking Attempts

Microsoft continues to integrate new artificial intelligence technology into its products and today announced a cybersecurity "copilot" to help companies track and defend against hacking attempts. This tool is part of Microsoft's attempt to dominate the fast-growing field of "generative" AI. more

Europol Warns on the Criminal Usage of ChatGPT and Its Implications for Law Enforcement

Europol's Innovation Lab released a Tech Watch Flash report on Monday, sounding the alarm on the potential misuse of large language models such as ChatGPT. Entitled 'ChatGPT - the Impact of Large Language Models on Law Enforcement,' the report provides an urgent overview of the implications of ChatGPT for criminals and law enforcement, as well as an outlook of what may still be to come. more

Biden Administration Bans Federal Agencies from Using Commercial Spyware

The Biden administration has announced an executive order that would ban U.S. federal agencies from using commercially developed spyware that poses threats to human rights and national security. more

OARC-40: Notes on the Recent DNS Operations, Analysis, and Research Centre Workshop

OARC held a 2-day meeting in February, with presentations on various DNS topics. Here are some observations I picked up from the presentations in that meeting... In a world where every DNS name is DNSSEC-signed, and every DNS client validates all received DNS responses, we wouldn't necessarily have the problem of DNS spoofing. Even if we concede that universal use of DNSSEC is a long time off ... more

Biden-Harris Administration Unveils National Cybersecurity Strategy

Today, the Biden Administration released the National Cybersecurity Strategy, which outlines the use of all available resources to protect the United States' security, safety, and economic prosperity. more