Weekend Reads 020521

Despite WHOIS’s relevance, however, the dawn of new data regulations like the General Data Protection Regulation (GDPR) seemingly disconnected the ties that bind domains to their owners

Microsoft on Wednesday shared more specifics about the tactics, techniques, and procedures (TTPs) adopted by the attackers behind the SolarWinds hack to stay under the radar and avoid detection, as cybersecurity companies work towards getting a “clearer picture” of one of the most sophisticated attacks in recent history.

In this post, I’ll look at hash-based signatures, a family of post-quantum algorithms that could be a good match for DNSSEC from the perspective of infrastructure stability.

Although spoofing has been around for a long time, there has been no longitudinal study of how it is changing over time. Prior studies of DNS spoofing explored how it works, particularly the use of spoofing for censorship.

The number of data breaches declined by half last year — to less than 4,000 events — yet the number of leaked records more than doubled, as did the number of breaches that included a ransomware component, according to an annual analysis of breach events by Risk Based Security.

Starlink is satellite internet access from SpaceX, one of Elon Musk’s other companies. If it lives up to its hype, it will cure the problem of broadband availability in rural areas, although affordability will still be an issue.

DDoS-for-hire services are abusing the Microsoft Remote Desktop Protocol to increase the firepower of distributed denial-of-service attacks that paralyze websites and other online services, a security firm said this week.

The right vision is to operate the cloud with zero-carbon emission from power (scope 2). Not just offsetting through renewable energy purchases. Not just 24×7 matching. True zero carbon in electric power consumed, and with no increase as the cloud continues to grow.

Thus, GDPR was enacted to prevent a widespread and systemic abuse of personal data. At its core, GDPR declares the privacy and protection of personal data as a fundamental right. Accordingly, it grants new rights to people, and assigns companies that collect their personal data, new responsibilities.

Given our analysis, we believe there is a harsh reality lurking beneath the surface within many organizations. While they may be saying the right things in public to satisfy investors, underwriters, and customers, there is an apparent lack of urgency in promoting a truly resilient and secure organization.

Rather than archiving every single email you get, try deleting the ones you don’t care about. You’ll free up space, and you won’t have to pay to store useless emails.

A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise and expose any device in an internal network, according to the latest research.

But at the end of the year, news of a massive breach of IT monitoring software vendor SolarWinds introduced a new complication – the possibility of a wave of secondary data breaches and cyber-attacks. And because SolarWinds’ products have a presence in so many business networks, the size of the threat is massive.

In this final blog post, I’ll turn attention to another application that may appear at first to be the most natural, though as it turns out, may not always be the most necessary: DNS encryption.

The “pay or get breached” ransomware trend — also known as the “double extortion” scheme — took off in 2020, despite the prolific Maze Team’s Nov. 1 announcement that it would be discontinuing operations.