Collaborate Disseminate
Two separate groups of academics have recently released research papers based on research into the Domain Name System (DNS). One has found that the overwhelming majority of popular site operators haven’t learned from the 2016 Dyn/Mirai incident/a… Continue reading How prevalent is DNS spoofing? Could a repeat of the Dyn/Mirai DDoS attack have the same results?
A sweeping set of surveillance campaigns has hit Google Chrome users, leading to nearly 33 million downloads of malicious software in the last three months, researchers at California-based Awake Security said Thursday. The researchers believe the unidentified hackers used Chrome extensions and other malicious tools — along with domains issued by a single registrar — to spy on computer users in sectors such as oil and gas, finance and health care. The hackers “were very effective in reaching a large number of industries and subverting controls that were in place,” said Gary Golomb, Awake Security’s cofounder and chief scientist. U.S. government contractors were among those targeted, Golomb said. He declined to identify the victims. The discovery exposes another gap in web browser security despite pledges from Google and other vendors to proactively block malicious code from appearing in their official download stores. After being tipped off by Golomb’s team, Google removed […]
The post How hackers used malicious Chrome extensions in a mass spying campaign appeared first on CyberScoop.
Continue reading How hackers used malicious Chrome extensions in a mass spying campaign
Over the past few months there has been a battle waging in the world of domain names; the overseeing body ICANN had hatched a plan to transfer the entire .org registry to a private company, to significant opposition from .org domain holders, concerned citizens, and the Electronic Frontier Foundation. Part …read more
It doesn’t have regulatory authority, so it can’t do much, but the hundreds of registrars it authorizes can and should. Continue reading ICANN asks registrars to crack down on scam coronavirus websites
Cybercriminals were able to register malicious generic top-level domains (gTLDs) and subdomains imitating legitimate, prominent sites due to Verisign and several IaaS services allowing the use of specific characters that look very much like Latin lette… Continue reading Vulnerability allows attackers to register malicious lookalikes of legitimate web domains
Earlier this week, domain name registrar Namecheap sent out an email to all customers advising them of a secret deal that went down between ICANN and Verisign sometime late last year. It has the potential to change the prices of domain names drastically over time, and thus change the makeup …read more
2018 was a big year for data protection with the implementation of the General Data Protection Regulation (GDPR) last May — forcing CISOs and other professionals to rethink how the personal data of European consumers should be collected and processed. … Continue reading WHOIS after GDPR: A quick recap for CISOs
Google ditches passwords in latest Android devices, ICANN calls for wholesale DNSSEC deployment, Flaws in 4G and 5G allow snooping on calls, pinpointing device location, TurboTax Hit with credential stuffing attack, and much more! Security News Pla… Continue reading DNSSEC, TurboTax Hit, & DNS – Hack Naked News #209
DNS security is under serious threat from cyberattackers and domain overseer ICANN wants internet companies to do something about it. Continue reading ICANN demands DNSSEC to combat DNS hijacking
In light of the recent DNS hijacking attacks, the Internet Corporation for Assigned Names and Numbers (ICANN) is urging domain owners and DNS services to implement DNSSEC post-haste. “Although DNSSEC cannot solve all forms of attack against the D… Continue reading ICANN calls for wholesale DNSSEC deployment