It’s an interesting time for certificate authorities. On the one hand, interest has never been higher in Web encryption, privacy and transport security, thanks to Edward Snowden. But on the other hand, the last few years has seen a steady stream of compromises of CAs, mis-issued certificates and other problems. CAs hold the security and […]
Tag Archives: Critical Infrastructure
US-CERT Warns of Issues With DNS Zone Transfer Requests
The US-CERT is warning administrators and network operators that a misconfiguration issue with some DNS servers that has been known about for more than 15 years and can give attackers detailed information about DNS zones is coming back around thanks to new scans that show a high number of servers vulnerable to the issue. The problem […]
FBI Warns of Phony Sites Offering Government Services
The FBI has warned consumers about a rash of phony websites posing as government services.
GE Fixes Buffer Overflow Bug in DTM Library
GE has released a fix for a vulnerability in a library that’s used in several of its products deployed in critical infrastructure areas. The flaw in the HART Device Type Manager library could allow an attacker to crash affected applications or run arbitrary code. The vulnerability in the DTM library affects four of GE’s products, as […]
Obama Administration Seeks More Legal Power to Disrupt Botnets
The federal government is seeking more legal power to step in and shut down botnets through an amendment to the existing criminal law, which would allow the Department of Justice to obtain injunctions to disrupt these malicious networks. The Obama administration has proposed an amendment to existing United Stated federal law that would give it […]
Equation APT Group Attack Platform A Study in Stealth
The EquationDrug cyberespionage platform is a complicated system that is used selectively against only certain target machines, one that can be extended via a collection of 116 malware plug-ins, researchers at Kaspersky Lab said.
CloudFlare Aims to Defeat Massive DDoS Attacks with Virtual DNS
DDoS attacks have been a persistent problem for the the better part of 20 years, and as ISPs and enterprises have adjusted their defenses, attackers have adapted their tactics. One of the more effective tools in the attackers’ arsenal now is the use of botnets to generate massive numbers of DNS queries for a target […]
New Analytics Tool Defines Language Used By Malicious Domains
OpenDNS went public with a new analytics tool that can be used to detect malicious domains used in APT and cybercrime campaigns.
Gemalto Hack May Have Far-Reaching Effects
Security experts are still trying to assess the effects of the reported attack on SIM card manufacturer that resulted in the theft of millions of encryption keys for mobile phones around the world, but it’s safe to say that the operation has caused reverberations throughout the industry and governments in several countries. The attack, reported […]
New Cyber Threat Center May Face Challenges
In the wake of news-making attacks on Sony Pictures, Home Depot and many others, the federal government is establishing a new information integration center to focus on cyber threats.