Cybersecurity

Sponsored
by

Blogs

Threat Intelligence Platform in Action: Investigating Important Use Cases

As technology gets more and more sophisticated, tech-savvy cybercriminals are having a field day devising increasingly ingenious ways to steal confidential data from ill-prepared targets. What this means is that an equally sophisticated cybersecurity response is needed to keep attackers at bay. This would involve re-examining reactive cybersecurity practices and adopting a proactive approach towards an active search for risks and vulnerabilities with the help of threat intelligence (TI). more

A Report on the ICANN DNS Symposium

By any metric, the queries and responses that take place in the DNS are highly informative of the Internet and its use. But perhaps the level of interdependencies in this space is richer than we might think. When the IETF considered a proposal to explicitly withhold certain top-level domains from delegation in the DNS the ensuing discussion highlighted the distinction between the domain name system as a structured space of names and the domain name system as a resolution space... more

Efficient Threat Intelligence: Learning the Secrets

How can our threat intelligence platform deliver more? This is a question many business professionals employing threat intelligence practices are asking themselves as their companies continue to fall short against the machinations of modern-day cybercriminals. The truth is that while threat intelligence is certainly not a silver bullet, organizations often make a mistake when they opt for a platform without considering several important factors that can help them evaluate the market better and deploy the practice more effectively. more

Greater Caribbean Cooperation Needed to Combat Cyber Crimes

The Caribbean is under virtual siege as incidents of cyber attacks and cyber crimes surge across the region. "The sophisticated use of technology by highly incentivised criminal organisations has created unprecedented opportunities for transnational crime elements that no one region, country or entity can fight on its own. More inter-regional cooperation and collaboration are needed to develop and implement smart and integrated approaches to fight new and emerging cyber threats." more

The Borg in Us All: Is Resistance Futile?

One of the main roles played by science fiction is to portray fundamental issues and questions that face humanity long before they actually become relevant to our daily lives. We cannot always be sure of where our reality ends, and fiction begins. Star Trek storylines including Borgs are a good example. In the storyline, Borgs are part organic, part artificial and created eons ago, yet they seem to presage the challenges in our contemporary personal reality and challenges in the Internet's cyberspace. more

Why Passive DNS Matters in Cybersecurity

Imagine a scenario. Your website analysis shows that your page has stopped receiving visitors, yet there are no complaints that your domain is unreachable. Strange, isn't it? You are certainly wondering: What's going on? Where are my customers? You see, what happened is that you are facing the consequences of the lack of domain name system (DNS) security. more

A Case for Regulating Social Media Platforms

There are some who see the regulation of social media platforms as an attack on the open internet and free speech and argue that the way to protect that is to let those platforms continue to self-regulate. While it is true that the open internet is the product of the same freedom to innovate that the platforms have sprung from, it is equally the product of the cooperative, multi-stakeholder organisations where common policy and norms are agreed. more

DNS Privacy at IETF 104

From time to time the IETF seriously grapples with its role with respect to technology relating to users' privacy. Should the IETF publish standard specifications of technologies that facilitate third-party eavesdropping on communications or should it refrain from working on such technologies? Should the IETF take further steps and publish standard specifications of technologies that directly impede various forms of third party eavesdropping on communications? more

Why More Registries Should Be Talking About DNS Security

I've been incredibly lucky in my time at Neustar to lead both the exceptional Registry and Security teams. While these divisions handle their own unique product and service offerings, it's clear that they have some obvious crossovers in their risks, opportunities and challenges. Having been closely involved in the strategy of both these teams, it strikes me that there is more we as Registry Operators and service providers can and should be doing to align the world of cybersecurity with that of domain names. more

Unexpected Effects of the 2018 Root Zone KSK Rollover

March 22, 2019, saw the completion of the final important step in the Key Signing Key (KSK) rollover - a process which began about a year and half ago. What may be less well known is that post rollover, and until just a couple days ago, Verisign was receiving a dramatically increasing number of root DNSKEY queries, to the tune of 75 times higher than previously observed, and accounting for ~7 percent of all transactions at the root servers we operate. more

A Dangerous, Norm-Destroying Attack

Kim Zetter has a new story out describing a very serious attack. In fact, the implications are about as bad as possible. The attack has been dubbed ShadowHammer by Kaspersky Lab, which discovered it. Briefly, some crew of attackers -- I suspect an intelligence agency; more on that below -- has managed to abuse ASUS' update channel and private signing key to distribute bogus patches. more

India’s Draft National E-Commerce Policy: A Bollywood Drama in Four Acts

India's recently published Draft National e-Commerce Policy, prepared by the Indian Commerce Ministry think-tank, can be read like the script of a four-act Bollywood drama... They were the dream couple: Princess India and Prince IT. She was full of cultural richness and diversity, with beauty, mystique and natural resources. She also a dark side. She harbored the world's largest number of impoverished people, with little infrastructure, and facing sparse economic prospects. more

A Short History of DNS Over HTTP (So Far)

The IETF is in the midst of a vigorous debate about DNS over HTTP or DNS over HTTPS, abbreviated as DoH. How did we get there, and where do we go from here? (This is somewhat simplified, but I think the essential chronology is right.) Javascript code running in a web browser can't do DNS lookups, other than with browser.dns.resolv() to fetch an A record, or implicitly by fetching a URL which looks up a DNS A or AAAA record for the domain in the URL. more

How to Track Online Malevolent Identities in the Act

Want to be a cybersleuth and track down hackers? It may sound ambitious considering that malevolent entities are extremely clever, and tracing them requires certain skills that may not be easy to build for the typical computer user. But then again, the best defense is offense. And learning the basics of sniffing out cybercriminals may not only be necessary nowadays, it has become essential for survival on the Web. So where can you begin? more

Putting Cyber Threats Into Perspective

As society uses more digital technologies we are increasingly also faced with its problems. Most of us will have some horror stories to tell about using computers, smartphones, and the internet. But this hasn't stopped us from using the technology more and more. I believe that most people would say that their lives would be worse without technology -- in developed countries but equally in the developing world. more

News Briefs

Two Years Later WannaCry Continues to Spread to Vulnerable Devices, Nearly 5M Devices Affected

Huawei Says They Are Willing to Sign No-Spy Agreements With Governments

UK Government Planning on New Laws for IoT Devices Including a Mandatory Security Labelling Scheme

Hackers in Possession of Over 312K Files, 516GB Financial Data of Some of World's Largest Companies

US Presidential Candidate John Delaney Wants to Create Department of Cybersecurity

FBI, Department of Homeland Security Issue Warning About a North Korean Trojan Malware Variant

Women Now Represent 24% of the Cybersecurity Workforce, Study Finds

Cybersecurity Continues to Be the US Securities and Exchange Commission's Top Priority for 2019

Unexpected Behaviour Observed With DNS Root Servers After Cryptographic Change

Phishers Increasingly Targeting SaaS and Webmail Services, APWG Reports

Russia Is Studying China's Legislative Experience in Fighting Internet Corruption, Cyber-Terrorism

Researchers Demonstrate Serious Privacy Attacks on 4G and 5G Protocols

ICANN Makes Urgent Call for Full Deployment of Domain Name System Security Extensions (DNSSEC)

Russia to Disconnect Entirely From the Internet as Part of Cyber-Defense Measure

Cryptominers Infected 10x More Organizations Than Ransomware in 2018

US Government and Businesses Need Collaborative Procedures Against Major Cyberattacks, Warns Report

ICANN Begins Publishing Monthly Reports on Generic Top-Level Domain Security Threats

China, Russia Posing More Aligned Cyberattack Threats to the US, Says Chief of National Intelligence

Volunteer-Based Project Succeeds in Taking Down 100,000 Malware Distribution Sites Within 10 Months

An Investigation Shows How Bomb Threat Scammers Hijacked Thousands of Big-Name Domains

Most Viewed

Most Commented

Taking Back the DNS

Fake Bank Site, Fake Registrar

When Registrars Look the Other Way, Drug-Dealers Get Paid

Who Is Blocking WHOIS? Part 2

ICANN Complaint System Easily Gamed

Verisign Updates – Sponsor

Q2 2018 DDoS Trends Report: 52 Percent of Attacks Employed Multiple Attack Types

Verisign just released its Q2 2018 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of customers of Verisign DDoS Protection Services. more

Operational Update Regarding the KSK Rollover for Administrators of Recursive Name Servers

Currently scheduled for October 11, 2018, the Internet Corporation for Assigned Names and Numbers (ICANN) plans to change the cryptographic key that helps to secure the internet's Domain Name System (DNS) by performing a Root Zone Domain Name System Security Extensions (DNSSEC) key signing key (KSK) rollover. more

Q1 2018 DDoS Trends Report: 58 Percent of Attacks Employed Multiple Attack Types

Verisign has released its Q1 2018 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of Verisign DDoS Protection Services, and security research conducted by Verisign Security Services. more

DNS-Based Threats: Cache Poisoning

As DNS attacks grow in frequency and impact, organizations can no longer afford to overlook DNS security as part of their overall defense-in-depth strategy. As with IT security in general, no single tactic can address the entire DNS threat landscape or secure the complete DNS ecosystem. more

Q4 2017 DDoS Trends Report: Financial Sector Experienced 40 Percent of Attacks

Verisign has released its Q4 2017 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of Verisign DDoS Protection Services and security research conducted by Verisign Security Services. more

DNS-Based Threats: DNS Reflection and Amplification Attacks

Cybercriminals recognize the value of DNS availability and look for ways to compromise DNS uptime and the DNS servers that support it. As such, DNS becomes an important point of security enforcement and a potential point in the Cyber Kill Chain for many cyber-attacks. more

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Verisign has qualified for the Online Trust Alliance's (OTA) 2017 Honor Roll for showing a commitment to best practices in security, privacy and consumer protection. This is the fifth consecutive year that Verisign has received this honor. more

Industry Updates

Participants – Random Selection