DNS, InfoSec and Risk - Cyber Security Informer

Why Governments Worldwide Recommend Protective DNS

Security Boulevard

AUGUST 7, 2024

HYAS Protect protective DNS uses advanced data analytics to proactively block cyber threats, a feature unavailable in legacy systems relying on static DNS filtering. AV-TEST , one of the cybersecurity industry’s most trusted evaluators, rates HYAS as the most effective protective DNS solution on the market. What Is HYAS Protect?

DNS

DNS Government Cyber threats IoT

Three Ways DNS is Weaponized and How to Mitigate the Risk

Threatpost

MARCH 13, 2019

Why are hackers using the DNS infrastructure against us? The answer is more complex than you might think.

DNS

DNS Risk InfoSec

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Troy Hunt

JANUARY 10, 2018

Just as in my post on NatWest last month , that entry point must be as secure as possible or else everything else behind there gets put at risk. By recognising this, they also must accept that the interception may occur on that first request - the insecure one - and that subsequently leaves a very real risk in their implementation.

Hacking

Hacking Government Encryption InfoSec

Quantum Computing: A Looming Threat to Organizations and Nation States

SecureWorld News

SEPTEMBER 7, 2023

The panel will tackle topics and questions, including: The potential risks quantum computing poses to current cryptographic methods. When will these risks come to fruition, and who are the main threat actors? Director of Information Security, State of Colorado Governor's Office of Information Technology; and Toby Zimmerer, Sr.

Encryption

Encryption Technology Risk Architecture

Fighting Fire with Fire: API Automation Risks

Threatpost

JANUARY 24, 2019

A look at API attack trends such as the current (and failing) architectural designs for addressing security of these API transactions.

Architecture

Architecture Risk DNS InfoSec

7 Best Attack Surface Management Software for 2024

eSecurity Planet

DECEMBER 20, 2023

Attack surface management aims to automate the process of discovering, assessing, and prioritizing vulnerabilities and third-party, digital supply chain, and cloud risks. It addresses both internal and external (EASM) risks. CAASM (cyber asset ASM) and DRPS (digital risk protection) are also related terms and elements of ASM.

Software

Software Risk Architecture Internet

Canadian Bacon – Zero to Hero when it comes to Zero-Trust

Cisco Security

MARCH 2, 2021

The premise of zero trust and its framework can provide a more consistent security approach that reduces risk and increases security posture and overall effectiveness. You accept the level of trust achieved for a period of time based on your risk profile. Do we trust the IP, DNS, Web, and Other based request coming from the asset?

DNS

DNS Authentication Risk Technology

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

ForAllSecure

OCTOBER 9, 2019

How exactly will artificial intelligence help bridge the infosec skills gap and what kinds of security work are still best left to humans? For example, they may think, "Hey, the user's going to give me an input and it's only going to be as long as maybe a DNS record." but they never actually checked that. David Brumley: Oh, no.

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

ForAllSecure

OCTOBER 9, 2019

How exactly will artificial intelligence help bridge the infosec skills gap and what kinds of security work are still best left to humans? For example, they may think, "Hey, the user's going to give me an input and it's only going to be as long as maybe a DNS record." but they never actually checked that. David Brumley: Oh, no.

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

SECURITY LEDGER PODCAST: SECURITY AUTOMATION IS (AND ISN'T) THE FUTURE OF INFOSEC

ForAllSecure

OCTOBER 9, 2019

How exactly will artificial intelligence help bridge the infosec skills gap and what kinds of security work are still best left to humans? For example, they may think, "Hey, the user's going to give me an input and it's only going to be as long as maybe a DNS record." but they never actually checked that. David Brumley: Oh, no.

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

Security Roundup January 2021

BH Consulting

JANUARY 12, 2021

In a neat segue from our previous story, the newly published Cisco Security Outcomes Study aims to guide security leaders in their investments and help them to manage risk. Six Open Source tools for your security team MORE Finding SUNBURST victims using passive DNS. Looking ahead: how to get better security outcomes. Links we liked.

Data privacy

Data privacy InfoSec DNS CISO

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

Perhaps even more significant was in 2008 when researcher Dan Kaminsky found a fundamental flaw in the Domain Name System (DNS) protocol, one that could lead to cache poisoning. My job as an IT manager is to minimize the risk and put out fires.” Shellshock, as a name, stuck and became the name going forward.

Software

Software Passwords Internet Internet

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

Perhaps even more significant was in 2008 when researcher Dan Kaminsky found a fundamental flaw in the Domain Name System (DNS) protocol, one that could lead to cache poisoning. My job as an IT manager is to minimize the risk and put out fires.” Shellshock, as a name, stuck and became the name going forward.

Software

Software Passwords Internet Internet

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

How to screen for natural infosec talent: Ask for a worst case scenario for any common situation. Haddix continues to provide his insights while serving as the Head of Security and Risk Management for Ubisoft. Street is an industry-respected speaker and analyst and currently is the VP of InfoSec for SphereNY.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

SANS Outlines Critical Infrastructure Security Steps as Russia, U.S. Trade Cyberthreats

eSecurity Planet

FEBRUARY 25, 2022

Inventory B2B VPNs and block all high-risk protocols (see slide below). Have contingency plans in place for disconnecting all B2B VPNs, especially high-risk ones. “If my boutique infosec consultancy has these resources…what does a state sponsored one have?” Plan for rapid containment.

B2B

B2B Cyber Attacks Firewall Cyber threats

The Hacker Mind Podcast: Tib3rius

ForAllSecure

JANUARY 11, 2023

If there's anything that particularly strikes me as potentially secure as security risk, you know, we're talking about fields that seem okay, yeah, they could potentially be SQL injectable or, you know, they're, they're using numeric IDs. I joined a Discord server called InfoSec prep. I could cause the server to do DNS requests.

DNS

DNS Hacking Penetration Testing InfoSec

Kaspersky Security Bulletin 2020-2021. EU statistics

SecureList

MAY 26, 2021

To evaluate and compare the risk of being infected by banking Trojans and ATM/POS malware, for each EU country we calculated the share of users of Kaspersky products who faced this threat during the reporting period as a percentage of all attacked users in that country. Countries where users faced the greatest risk of online infection.

Phishing

Phishing Malware Ransomware Adware

Generated Passwords, UX and Security Absolutism

Troy Hunt

DECEMBER 10, 2019

Whilst the storage and delivery of the password in plain text certainly smells bad, when it's a (pseudo) random string, the risk is very different to when the user chooses their own secret: After reading the original linked post and follow-ups, if they get compromised, the only usable information stolen is the email and nickname.

Passwords

Passwords Password Management Accountability Authentication

Cyber Security Informer

Why Governments Worldwide Recommend Protective DNS

Three Ways DNS is Weaponized and How to Mitigate the Risk

Trending Sources

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Quantum Computing: A Looming Threat to Organizations and Nation States

Fighting Fire with Fire: API Automation Risks

7 Best Attack Surface Management Software for 2024

Canadian Bacon – Zero to Hero when it comes to Zero-Trust

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

SECURITY LEDGER PODCAST: SECURITY AUTOMATION IS (AND ISN'T) THE FUTURE OF INFOSEC

Security Roundup January 2021

The Hacker Mind: Shellshock

The Hacker Mind: Shellshock

Top Cybersecurity Accounts to Follow on Twitter

SANS Outlines Critical Infrastructure Security Steps as Russia, U.S. Trade Cyberthreats

The Hacker Mind Podcast: Tib3rius

Kaspersky Security Bulletin 2020-2021. EU statistics

Generated Passwords, UX and Security Absolutism

Stay Connected