SiliconANGLE: Attackers target the Domain Name System, the internet’s phone book. Here’s how to fight back

Posted on by
Reply

The foundational Domain Name System, essentially the phone book for the internet, used to be something nobody using the net much noticed, but lately it has become more of a target, and the cost of attacks against it are huge and growing.

Recent events have once again brought issues involving the DNS, as it’s called for short, to the forefront.

One reason has to do with the expansion of the internet. There are more targets, more bandwidth and more automated tools to launch attacks, making it easier for the bad guys to cast a wider net with more destructive power.

I explore the role of DNS, the collection of various attacks, and the role this protocol plays in my latest story for SiliconANGLE here.

 

SiliconANGLE: Understanding these nine ransomware stages can help harden cyber defenses

Posted on by
Reply

Ransomware payouts are on track to make 2023 another banner year for criminals, netting more than $440 million since January, according to a recent analysis by Chainalysis. But there are ways for organizations to blunt the impact. Ransomware continues to be a growth business opportunity for criminals, whether or not victims pay up, because stolen data carries a certain value on the dark web, the shady corner of the internet reachable with special software.

For my latest post for SiliconANGLE, I put together a nine-stage model for how ransomware operates, to bring some clarity and be useful in figuring out how to detect an attack before it develops into a full-on multidimensional threat.

SiliconANGLE: Managing supercloud authentication remains tricky – with no easy solution in sight

Posted on by
Reply
Authenticating people and apps in the cloud stretch SSO tools to the breaking point, not helped by sloppy access controls, continuous auth and rising MFA bypass hacks — read my analysis for SiliconANGLE here. The issues stemming from poorly provisioned containers, inconsistent access rights and over-privileged users will remain for the near future — all the more so as clouds become more pervasive and more complex.

Book review: Blind Fear

Posted on by
Reply

Blind Fear: A Thriller (The Finn Thrillers Book 3) by [Brandon Webb, John David Mann]This is the third in the series of “fear” books featuring ex-Navy SEAL Finn in another escapade, this time in Puerto Rico in the process of saving two children who get caught up in a series of unfortunate events. Finn is trying to find the kids, who have been abducted on a snorkel trip. Meanwhile, two federales are searching for Finn and land on the island and start tracking him down. The characters, as with the previous two novels, are well drawn, the situations ultra realistic, the conflicts seemingly vexing. You don’t have to read the other books to get involved here, and if you are fans of Lee Child’s Reacher or Brad Thor’s books you will find this novel enjoyable and the pace the usual madcap and mayhem.

SiliconANGLE: US-EU data privacy framework approved but still could be inadequate

Posted on by
Reply

The E.U.-U.S. Data Privacy Framework was adopted today by the European Union. This follows their adoption by the U.S. Department of Commerce last week. The action also creates a new U.S.-based judicial body, called the Data Protection Review Court, which will review cases about EU privacy rights that fall under the framework’s jurisdiction. Some privacy analysts feel this isn’t enough protection, as I describe in my story for SiliconANGLE today.

SiliconANGLE: State data privacy laws are changing fast – here’s what businesses need to know

Posted on by
Reply

With no federal data privacy law on the books, states are doubling down on new laws governing the protection of people’s data.

In the past year, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee and Texas have all enacted such laws, more than doubling the number states had them previously — those being California, Colorado, Connecticut, Utah and Virginia.

Although that represents progress, it’s also a challenge for companies doing business nationally to keep track of the subtle differences among the various laws. My analysis for SiliconANGLE here.

SiliconANGLE: How AI and large language models can help cybersecurity firms improve their services

Posted on by
Reply

Just about every cybersecurity provider has an artificial intelligence-related story to tell these days. Many of them are first iteration AI-enhanced tools and are just like anything else AI-related: enhancements. Some vendors like Nvidia have taken AI to the extreme, as this diagram shows.

My review of the tools and what they portend for our secure future here on SiliconANGLE today.

 

SiliconANGLE: Apps under attack: New federal report suggests ways to improve software code pipeline security

Posted on by
Reply

The National Security Agency and the Cybersecurity and Infrastructure Security Agency late last month issued an advisory memo to help improve defenses in application development software supply chains — and there’s a lot of room for improvement.

Called Defending Continuous Integration/Continuous Delivery (CI/CD) Pipelines, the joint memo describes the various deployment risks and ways attackers can leverage these pipelines. I describe their recommendations and the issues with defending these pipelines in my latest blog for SiliconANGLE.

SiliconANGLE: The WeChat app is anything but private

Posted on by
Reply

What if we had an app on our phones that combined the functions of Facebook Messenger, Venmo payments, MyPatientChart health records and WhatsApp for making voice calls, and also allowed us to download all sorts of mobile apps and games like Apple Inc.’s App Store?

Furthermore, what if such an app had absolutely no privacy controls, so the federal government could monitor, censor and track users, conversations and all activities?

Well, such an app exists. It’s called WeChat and it has 1.2 billion monthly active users. But it is a threat to our privacy, and I explain why in this post for SiliconANGLE.