Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Google's lawsuit against the Lighthouse phishing syndicate exposes the industrial scale of cybercrime, highlighting how criminals exploit easy access to digital infrastructure to scam millions. The broader supply chain enabling such operations demands urgent reform.
Cybercriminals live by the tenet "If it ain't broke, don't fix it." They'll use the same tactics repeatedly until they no longer work, then switch things up. That's why CISOs and their security teams maintain constant vigilance. Underscoring this, recent analysis of global DNS activity found that new domains continue to be a major tactic for bad actors.
The international community has long struggled with the challenge of translating international law into actionable norms and practices in cyberspace. The conclusion of the United Nations Open-Ended Working Group (OEWG) on the security of and in the use of information and communications technologies 2021-2025 marks a vital milestone in that ongoing process.
Netscout recently released its latest Threat Intelligence Report that documents DDoS attacks in the second half of 2024. As has been the trend for many years, the largest target of DDoS attacks has been ISP networks. There were over 8.9 million DDoS attacks documented in the second half of last year, up 12.75% over the first half of the year.
It seems like there is more disturbing news every day about Chinese infiltration of our telecommunications networks. A recent headline said that nine large ISPs have now been infiltrated. Tom Wheeler, a previous Chairman of the FCC, recently wrote an article for the Brookings Institute that speculates that the ability of the Chinese to infiltrate our networks stems back to decisions made decades ago that have never been updated for the modern world of sophisticated hacking.
As if we didn't have a long enough list of problems to worry about, Lumen researchers at its Black Lotus Labs recently released a blog that said that it knows of three U.S. ISPs and one in India was hacked this summer. Lumen said the hackers took advantage of flaws in software provided by Versa Networks being used to manage wide-area networks.
On 29 March 2024, an announcement was posted notifying the world that the Open-Source Software (OSS) package "xz-utils," which includes the xz data compression program and a library of software routines called "liblzma" and which is present in most Linux distributions, had been compromised. The insertion of the compromised code was done by "Jia Tan", the official maintainer of the xz-utils package.
Satellites make it possible for governments to provide essential services, such as national defense, navigation, and weather forecasting. Private ventures use satellites to offer highly desired services that include video program distribution, telecommunications, and Internet access. The Russian launch of a satellite, with nuclear power and the likely ability to disable satellites, underscores how satellites are quite vulnerable to both natural and manmade ruin.
Last month, the Russian state-sponsored hacking group "Midnight Blizzard" gained access to the email accounts of Microsoft leadership, even exfiltrating documents and messages. The group reportedly used a simple brute-force style attack to access a forgotten test account and then exploited the permissions on that account to access the emails of employees in the cybersecurity and legal teams.
From the creation of DNSAI Compass ("Compass"), we knew that measuring DNS Abuse1 would be difficult and that it would be beneficial to anticipate the challenges we would encounter. With more than a year of published reports, we are sharing insights into one of the obstacles we have faced. One of our core principles is transparency and we've worked hard to provide this with our methodology.
The Uptime Institute (UI) is an IT industry research firm best known for certifying that data centers meet industry standards. UI issues an annual report that analyzes the cause of data center outages. The causes for data center outages are relevant to the broadband industry because the same kinds of issues shut down switching hubs and Network Operations Centers.
Unsuspecting website visitors are often unaware when they have landed on a spoofed page or are re-directed to malware-hosting web servers designed to steal their sensitive data and information. This attack is known as subdomain hijacking, or subdomain takeover. A web user's private information is then traded on the dark web, and cybercriminals profit, further fueling the expansion of identity theft in the online world.
In today's digital age, securing your website and ensuring your users' safety has never been more critical. Secure sockets layer (SSL) certificates are the go-to solution for securing websites by encrypting the data transmitted between web servers and browsers. Historically, SSL digital certificates could be valid for years, after which they had to be renewed or replaced.
OARC held a 2-day meeting in February, with presentations on various DNS topics. Here are some observations I picked up from the presentations in that meeting... In a world where every DNS name is DNSSEC-signed, and every DNS client validates all received DNS responses, we wouldn't necessarily have the problem of DNS spoofing. Even if we concede that universal use of DNSSEC is a long time off ...
Brand impersonation happens much more often than people realize. In CSC's latest Domain Security Report, we found that 75% of domains for the Global 2000 that contained more than six characters from the brand names were not actually owned by the brands themselves. The intent of these fake domain registrations is to leverage the trust placed on the targeted brands to launch phishing attacks, other forms of digital brand abuse, or IP infringement...
Microsoft Warns Extortion Drives Majority of Attacks Amid AI Escalation, Identity Collapse, and Global Fragmentation
Hyper-Volumetric DDoS Attack Sets New Benchmark at 22.2 Tbps
European Airports Still Reeling from Ransomware Attack as Software Fix Nears
Chinese APT Groups Exploit Global Domains in Sweeping Cyber Campaign
Cyberattacks Spur Boom in Insurance Demand Amid Rising Global Threats
Massive Iberian Power Outage Raises Cybersecurity Questions
Massive Cyber Assault on X: Musk Hints at Foreign Involvement
Chinese Hackers Exploit U.S. Telecom Systems, Eviction Efforts Lag
Chinese Hackers Had Access to Canadian Government Systems for Years, Report Reveals
Sudanese Nationals Charged in Global Cyberattack Campaign
Over 2 Million VPN Passwords Compromised by Malware Attacks
FBI Takes Down China-Backed Botnet, Facilitates Ransomware Negotiations
Mystery Malware Takes Down 600,000 Windstream Routers in Coordinated Attack
Biden Administration Alerts Governors to Rising Cyber Threats on U.S. Water Systems
Ransomware Crisis in U.S. Healthcare
Global Law Enforcement Strikes Major Blow Against LockBit Ransomware Operation
Millions of Smart Toothbrushes Hijacked in Cyberattack on Swiss FirmA World-Renowned Source for Internet Developments. Serving Since 2002.
