Cybersecurity

Sponsored
by

Blogs

UN Cyber Diplomacy II: Cybersecurity and Autonomous Weapon Systems

Cybersecurity and artificial intelligence were among the key topics at the 79th UN General Assembly (UNGA). UNGA's 1st Committee, responsible for disarmament and international security, concluded its negotiations in mid-November 2024. It discussed the 3rd Annual Progress Report (APR) of the Open-Ended Working Group (OEWG) and adopted a resolution that recommends, inter alia, the establishment of a new permanent cybersecurity mechanism within the UN system. Furthermore, it adopted two resolutions on autonomous weapon systems (AWS).

11 Information Economy Policy Reversals Coming to a Marketplace Near You!

In the wake of the election, sweeping policy shifts in the information economy are set to accelerate. Expect fast-tracked FCC reforms, Starlink subsidies, and AI-driven oversight to redefine media, tech, and regulatory landscapes. From relaxed antitrust to intensified media control, these eleven reversals signal a move toward deregulation and Chicago School libertarianism, with lasting impacts on U.S. markets and governance.

Enterprise Domain Stargazing: Understanding Your Company’s Galaxy of Domains

In CSC's recent insight paper, we address the trend that many business leaders today don't realize the extent to which their modern enterprise -- and its millions of digital assets -- rely on. It's a vast domain ecosystem that needs to be protected from online threats. Often, to better understand this need for domain security, we need to understand how critical and interconnected domains are within a business.

Project 2025: The Internet and Cybersecurity

As the saying goes, elections have consequences. The consequences are underscored in the recent U.S. Presidential election and the potential impact on the Internet, infrastructure and cybersecurity. In the context of the CircleID global community, it seems worth asking where things are headed? It does beg for an analysis of what is actually proposed in Presidential Transition Project 2025 related to things internet and cybersecurity.

How Dormant Domains Can Be Weaponized During Events Like the 2024 U.S. Election

As with any high-stakes event, elections have become a prime target for cybercriminals seeking to exploit public trust through impersonation, misinformation, and scams. CSC's comprehensive research about the 2024 U.S. Election reveals the alarming role of dormant domains, which have the potential to be exploited for launching cyber attacks against political campaigns, organizations, and constituents.

NIS2 Article 28 Guidance: A Positive Step Toward Reducing DNS Abuse Across Europe

The European Union (EU) has set a high bar by tackling domain name system (DNS) abuse head on via government regulation and seems to have successfully resisted attempts to water down DNS stewardship obligations. Recent guidance from a key European Commission cooperation group (the NIS Cooperation Group) handling sections of the Network and Information Security Directive (NIS2) intends for a robust implementation of Article 28, which will go a long way toward helping to mitigate some of the longstanding problems that persist in the DNS.

Has Your ISP Been Hacked? (Growing Concern Over AI-Driven Hacking)

As if we didn't have a long enough list of problems to worry about, Lumen researchers at its Black Lotus Labs recently released a blog that said that it knows of three U.S. ISPs and one in India was hacked this summer. Lumen said the hackers took advantage of flaws in software provided by Versa Networks being used to manage wide-area networks.

The “Pact for the Future”: A Bold Vision for Global Cooperation with Lingering Doubts on SDGs Progress

Global leaders gathered in New York at the Summit of the Future and adopted the "Pact for the Future" on Sunday 22nd September. This is a historic milestone as the Pact is the first international agreement aimed at securing a better digital future for all, grounded in human rights. The recent adoption of the "Pact for the Future" at the United Nations General Assembly marks a significant step toward revitalizing multilateral cooperation in an increasingly fragmented world.

UN Cyberdiplomcy I: PoC, Cybercrime and the Global Digital Compact

Despite global polarization, recent UN cyber diplomacy has achieved three significant agreements in 2024: a cyber attack reporting system, a convention against cybercrime, and a "Global Digital Compact." These successes show that consensus on global issues is possible, though the vague wording of agreements raises concerns about their long-term effectiveness in ensuring security and peace.

Today’s CISOs Are Contending With Oft-Changing Disclosure Standards

When it comes to breach disclosures, today's chief information security officers (CISOs) are struggling with an especially turbulent regulatory environment. Security teams are understaffed, and systems are more extensive, making them harder to monitor and defend, while threats are becoming more sophisticated, more frequent, and more varied. It's at precisely this difficult juncture that regulations and enforcement are rapidly changing, leaving CISOs feeling like they are running up the down escalator.

The Role of Chronic Radio Interoperability Impediments in the Butler, PA Assassination Attempt

There are many inconvenient truths about radio spectrum sharing and transceiver interoperability that require full ventilation and resolution. Spectrum users want exclusive access and - news flash - they do not like to share! Campaign events, like the Trump Bulter, PA rally, require short notice, forced cooperation between and among federal, state, and local law enforcement officers, as well as a variety of other government agencies.

Phishers Exploit the Cybercrime Supply Chain Despite the Availability of Effective Countermeasures

Interisle Consulting Group today released its fourth annual Phishing Landscape report investigating where and how cybercriminals acquire naming and hosting resources for phishing. Our study shows that cybercriminals evolved their tactics for obtaining attack resources, including sharply increasing their exploitation of subdomain and gateway providers.

An Unnatural .Bond: A Study of a ‘Megacluster’ of Malware Domains

A recent news story, following research from security provider Infoblox, highlighted the case of the 'Revolver Rabbit' cybercriminal gang, who have registered more than half-a-million domains to be used for the distribution of information-stealing malware. The gang make use of automated algorithms to register their domains, but unlike the long, pseudo-random ('high entropy') domain names frequently associated with such tools, the Revolver Rabbit domains instead tend to consist of hyphen-separated dictionary words (presumably so as to obfuscate their true purpose), with a string of digits at the end.

Analysis of the Global IT Breakdown Caused by Microsoft-CrowdStrike

The Optus outage in Australia from last year was immediately on my mind when on Friday afternoon a similar event swept, this time, across the world. Also, in this case it was a software update that caused the problem. This time from global security software provider CrowdStrike. The culprit appears to be an update to the CrowdStrike Falcon platform, a security monitoring tool widely deployed by businesses and organisations on Microsoft desktop computers and notebooks.

Alternative Insights on Article 28 of the NIS2 Directive

On June 9 CircleID published an insightful article by Thomas Rickert entitled "Demystifying Art 28 NIS2." In that piece Thomas set forth two alternative interpretations of Article 28(6) of NIS2, and argued that TLD registries should not be required to maintain a separate database of the registrant data under NIS2. In my view, Thomas' approach is inconsistent with the remainder of Article 28, and would not achieve the goals of NIS2 to improve cybersecurity across the EU member states.

News Briefs

Biden Administration to Back UN Cybercrime Treaty Amid Controversy

Security Shortfalls Exposed in End-to-End Encrypted Cloud Storage Providers

Senate Urges Domain Registrars to Combat Russian Election Interference

Sudanese Nationals Charged in Global Cyberattack Campaign

NordVPN Introduces Quantum-Resilient Encryption

Over 2 Million VPN Passwords Compromised by Malware Attacks

FBI Takes Down China-Backed Botnet, Facilitates Ransomware Negotiations

Internet Domain Shutdowns: Ineffective and Risky, Experts Warn

Cybercrime Costs German Companies €267 Billion, Organised Crime and Foreign Nations Blamed

Rising Ransomware Threats and a Record-Breaking $75M Payout

Kaspersky Lab to Shut Down U.S. Operations Amid Federal Ban

Security Lapses Lead to Squarespace Domain Hijacks

Biden Administration Probes Chinese Telecom Firms Over U.S. Data Security Concerns

Biden Administration Bans Kaspersky Software Over National Security Concerns

Researchers Expose Privacy Risks in Apple and Starlink’s Geo-Location Data, Uncovering Military and Civilian Tracking

UK First Country to Implement Cybersecurity Laws for Smart Devices, Including Banning Easily Guessable Default Passwords

Biden Administration Alerts Governors to Rising Cyber Threats on U.S. Water Systems

Global Law Enforcement Strikes Major Blow Against LockBit Ransomware Operation

UN Treaty Threatens Cybersecurity, Warns Google

Millions of Smart Toothbrushes Hijacked in Cyberattack on Swiss Firm

Most Viewed

Most Commented

Taking Back the DNS

Fake Bank Site, Fake Registrar

When Registrars Look the Other Way, Drug-Dealers Get Paid

Who Is Blocking WHOIS? Part 2

ICANN Complaint System Easily Gamed

Verisign Updates – Sponsor

Industry Insights: Verisign, ICANN and Industry Partners Collaborate to Combat Botnets

Addressing DNS abuse and maintaining a healthy DNS ecosystem are important components of Verisign's commitment to being a responsible steward of the internet. We continuously engage with the Internet Corporation for Assigned Names and Numbers (ICANN) and other industry partners to help ensure the secure, stable and resilient operation of the DNS. more

Q2 2018 DDoS Trends Report: 52 Percent of Attacks Employed Multiple Attack Types

Verisign just released its Q2 2018 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of customers of Verisign DDoS Protection Services. more

Operational Update Regarding the KSK Rollover for Administrators of Recursive Name Servers

Currently scheduled for October 11, 2018, the Internet Corporation for Assigned Names and Numbers (ICANN) plans to change the cryptographic key that helps to secure the internet's Domain Name System (DNS) by performing a Root Zone Domain Name System Security Extensions (DNSSEC) key signing key (KSK) rollover. more

Q1 2018 DDoS Trends Report: 58 Percent of Attacks Employed Multiple Attack Types

Verisign has released its Q1 2018 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of Verisign DDoS Protection Services, and security research conducted by Verisign Security Services. more

DNS-Based Threats: Cache Poisoning

As DNS attacks grow in frequency and impact, organizations can no longer afford to overlook DNS security as part of their overall defense-in-depth strategy. As with IT security in general, no single tactic can address the entire DNS threat landscape or secure the complete DNS ecosystem. more

Q4 2017 DDoS Trends Report: Financial Sector Experienced 40 Percent of Attacks

Verisign has released its Q4 2017 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of Verisign DDoS Protection Services and security research conducted by Verisign Security Services. more

DNS-Based Threats: DNS Reflection and Amplification Attacks

Cybercriminals recognize the value of DNS availability and look for ways to compromise DNS uptime and the DNS servers that support it. As such, DNS becomes an important point of security enforcement and a potential point in the Cyber Kill Chain for many cyber-attacks. more

Industry Updates

Participants – Random Selection