The foundational Domain Name System, essentially the phone book for the internet, used to be something nobody using the net much noticed, but lately it has become more of a target, and the cost of attacks against it are huge and growing.

Recent events have once again brought issues involving the DNS, as it’s called for short, to the forefront.

One reason has to do with the expansion of the internet. There are more targets, more bandwidth and more automated tools to launch attacks, making it easier for the bad guys to cast a wider net with more destructive power.

I explore the role of DNS, the collection of various attacks, and the role this protocol plays in my latest story for SiliconANGLE here.

Ransomware payouts are on track to make 2023 another banner year for criminals, netting more than $440 million since January, according to a recent analysis by Chainalysis. But there are ways for organizations to blunt the impact. Ransomware continues to be a growth business opportunity for criminals, whether or not victims pay up, because stolen data carries a certain value on the dark web, the shady corner of the internet reachable with special software.

For my latest post for SiliconANGLE, I put together a nine-stage model for how ransomware operates, to bring some clarity and be useful in figuring out how to detect an attack before it develops into a full-on multidimensional threat.

Hard to believe it has been 10 years since Snowden dropped his docs. My story for SiliconAngle describes what has happened, good and bad, for corporate security and individual privacy.

The E.U.-U.S. Data Privacy Framework was adopted today by the European Union. This follows their adoption by the U.S. Department of Commerce last week. The action also creates a new U.S.-based judicial body, called the Data Protection Review Court, which will review cases about EU privacy rights that fall under the framework’s jurisdiction. Some privacy analysts feel this isn’t enough protection, as I describe in my story for SiliconANGLE today.

Just about every cybersecurity provider has an artificial intelligence-related story to tell these days. Many of them are first iteration AI-enhanced tools and are just like anything else AI-related: enhancements. Some vendors like Nvidia have taken AI to the extreme, as this diagram shows.

My review of the tools and what they portend for our secure future here on SiliconANGLE today.

We’re finally inching closer to curing our addiction to passwords.

This week the FIDO Alliance put together an online event and posted a series of white papers to try to help businesses that want to move forward with passkeys — digital credentials that don’t require usernames and passwords — to host their first 12-step programs for ridding themselves of the scourge that results in huge holes in cloud cybersecurity protection.

“Passkeys are a superior password replacement,” said Tom Sheffield, senior director of cybersecurity for Target Corp. “And you shouldn’t wait to implement them in your business.” Read more of my analysis for SiliconANGLE here.

An old security technology that has gotten little attention is finally ready for a new closeup.

It goes by the name polymorphic code — or alternatively, automated moving target defense or AMTD — and it has been around for nearly a decade. It came into its own around 2017 when was popularized by both malware writers and defenders.

And once again, security professionals are playing another cat-and-mouse game, but this time the stakes are a lot higher thanks to better tools on both sides.

On the malware side, the term describes code that can adapt to conditions and change its behavior to try to avoid detection. It cuts across a wide swath of computing circumstances, including the ability to attack runtime memory, file systems, credentials, virtual machines, workloads, containers and network connections.

You can learn more about this technology and both its uses for good and evil in this post for SiliconANGLE.