Weekend Reads 052821

The round trip time to the root servers is dependent on multiple factors, but particularly, the proximity of a root server instance and it being routed to in the most efficient way.

UMN computer science researchers who were interested in the ability to intrude bad code into the Linux kernel abused submission processes, faking supportive reviews, to insert code deep in the operating system codebase.

Security researchers Thursday disclosed a new critical vulnerability affecting Domain Name System (DNS) resolvers that could be exploited by adversaries to carry out reflection-based denial-of-service attacks against authoritative nameservers.

We are launching a new Privacy Breakdown of Mobile Phones “playlist” on Surveillance Self-Defense, EFF’s online guide to defending yourself and your friends from surveillance by using secure technology and developing careful practices.

This kind of email attack is called business email compromise (BEC)—a damaging form of phishing designed to gain access to critical business information or extract money through email-based fraud.

Email Campaign builders (marketers) are flying blind. I know ESPs are genuinely timely about rolling out new products for their marketers, but there is a colossal gap in adopting data science and MLops into the email campaign building workflow.

The web has evolved a lot over the years, and the applications of it today are almost unrecognizable from its most early days. The evolution of the web is often partitioned into three separate stages: Web 1.0, Web 2.0, and Web 3.0.

Criminals began to scan the Internet for vulnerable Microsoft Exchange Servers within five minutes of the disclosure of critical zero-day flaws patched in early March, researchers report.

Using a fictional nation, New San Joban, as the setting, the project maintains that the classes of cyber threats we know today — such as unauthorized access, data manipulation, denial of service — will not change but will pose a significantly different impact on a more pervasive and connected landscape.

Attackers turned the credential-stuffing knob to 11 in 2020, inundating websites with 193 billion failed attempts to gain access to targeted users’ accounts using stolen or reused credentials, according to Akamai’s new “State of the Internet” report.

In 2011, Chinese spies stole the crown jewels of cybersecurity—stripping protections from firms and government agencies worldwide. Here’s how it happened.

Web application attacks, phishing, and ransomware increased over the past year, emphasizing a shift as attackers took advantage of people working from home and spending more time online amid the COVID-19 pandemic. Most (85%) attacks seen in 2020 involved human interaction.

These attackers, whose identities are yet to be confirmed but whose initials probably rhyme with SVR, had compromised SolarWinds Orion to deliver trojanized updates to clients all across the globe.

Not to say that doing so is easy. The FBI and other law enforcement groups have long discouraged ransomware victims from paying digital extortion fees, but in practice many organizations resort to paying.

The NetForecast 2020 Internet Latency Benchmark Report scores and ranks Internet latency performance across major US cities and ISPs. Drawing on RIPE Atlas, the report provides a “user’s eye” perspective on performance in terms of latency, latency consistency, and near/far latency bias.

Covering developments in neuromorphic computing has been something of a piecemeal experience, as happens with all novel architectures. There are few companies with scalable devices and the research is often specific to one experimental architecture or use case.

It’s time we take a hard look at why we rely so much on end users to catch phishing scams that can jeopardize an entire company.

If you’re a security leader looking to improve your organization’s defensive posture, ask your human resources chief to have coffee. It worked for Steve Luczynski.

Business email compromise (BEC) and phishing attacks make up a big chunk of security issues plaguing today’s organizations, and they continue to prove a threat as attackers find new ways to blend into victims’ inboxes and manipulate them into sending funds.

In a Twitter discussion last week on ransomware attacks, KrebsOnSecurity noted that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed — such as Russian or Ukrainian.

Posture assessment is the process of evaluating organizational or system security by examining the respective components.

But just because passwords aren’t going anywhere anytime soon doesn’t mean that organizations don’t need to modernize their approach to password hygiene right now.

Fast forward two years, and now that I know what it’s all about, I am going to explain what the Document Object Model is in plain and simple English.

Increase in phishing and ransomware attacks – along with continued high numbers of Web Application Attacks – underscore a year of unprecedented security challenges.

The 2H2020 Threat Intelligence Report correctly predicted that 2020’s record-breaking distributed denial of service (DDoS) attack activity would follow the COVID-19 pandemic into 2021. While we generally love being right, this is not one of those times.