Security researchers recently revealed that a previously unknown hacker group carried out a series of attacks on government agencies in 13 countries by redirecting agency computers to hacker-controlled servers. This happened through the manipulation of domain name system (DNS) infrastructure. 

And it followed a US Department of Homeland Security alert disclosing a global campaign, subsequently linked to Iran, to redirect internet traffic and steal sensitive information also by compromising DNS infrastructure. The DNS is an attractive target because it serves as a global address book, translating internet names we know into IP addresses that computers can recognize. The infrastructure supporting DNS is maintained by a number of core companies that administer internet domains, register new domain names, and host DNS “lookup” services which convert those domain names into IP addresses.

A company that claimed to use technology tools to help victims with ransomware cleanup was found to secretly be paying the ransom, while collecting a premium from their clients, according to an expose out this week. The situation brings the core dilemma of business-focused ransomware directly into the spotlight: To pay, or not to pay?

Customs and Border Protection (CBP) has been expanding its biometric programs with the use of facial recognition technology for inbound passengers, achieving early success both in identifying imposters attempting to enter the U.S. and improving the efficiency of the screening process itself.

Based on this success, the Department of Homeland Security (DHS) recently announced efforts to expand programs to those departing the U.S. with the goal of covering 97 percent of outbound international travelers in the next four years.

Rudy Giuliani's comment that there is "nothing wrong with taking information from Russians" has thrown a spotlight on an already raging debate in the United States about how far a candidate should go to win. While the Mueller report did not find that there was coordination between the Trump campaign and Russia, there is a wider issue of whether -- unwittingly -- candidates are helping malign foreign powers to achieve their goals.

We applaud the recent call by the EU Commissioner for Justice, Consumers and Gender Equality for greater coordination among the United States, Japan and Europe on policy for emerging IT technologies, particularly 5G cellular technologies and networks. Commissioner Věra Jourová told U.S. lawmakers on Thursday that it was critical for the United States and Japan to work with Europe on developing common policies and standards for 5G cellular technologies, artificial intelligence and digital privacy.

Any nation-state behind recent hijackings of Domain Name System (DNS) records should, in theory, be held responsible under the latest cyberwarfare norms agreement made by 20 countries at the UN in 2015, says America’s top cyber diplomat.

“One of the norms is disrupting physical infrastructure providing services to the public, and I think that fully encapsulates the internet’s DNS function,” Amb. Robert Strayer told CyberScoop Tuesday on the sidelines of the Atlantic Council’s International Conference on Cyber Engagement.

Researchers believe that in last month’s malware attack, dubbed Operation ShadowHammer, the network of Taiwanese technology giant ASUS was not the only company targeted by supply chain attacks. According to Kaspersky Lab, during the ShadowHammer hacking operation, there were at least six other organizations that the attackers infiltrated.

Central Americans will continue to flee to the U.S. if they do not have another viable alternative. We need to give them one.

While a leadership shake-up at the Department of Homeland Security may have spun last week's news cycles, solving humanitarian and border security challenges requires a deeper understanding of migration drivers and influences that contribute to mass immigration. We must look beyond the border region itself to understand where we can make strategic investments and find policy solutions that will garner permanent results. To that end, we must tackle the root causes at each stage of the migration journey.

In January of 2019, the Clemson Tigers and Alabama Crimson Tide competed at one of the largest sporting events in the country: The National Collegiate Athletic Association’s (NCAA) fifth National Championship game of the College Football Playoffs. There were 75,000 fans in attendance. 

Events like these are vulnerable to a host of security risks. In fact, the event was monitored by students from Norwich University’s Applied Research Institute (NUARI) who used artificial intelligence decision automation software (Norwich used Respond Software) to monitor, analyze and resolve more than 243,000 events and threats during the game. There were 200,097 threats that required deeper investigation; the team diagnosed 431 as malicious and mitigated 13 events that specifically targeted the stadium. The game seamlessly took place without trouble.

One only needs to open their favorite homepage or scan ubiquitous media feeds to know that security professionals face an increasingly complex and ever-changing risk landscape, filled with uncertainty and contingency. While zero-day vulnerabilities, ransomware and unpatched software continue to pose significant threats themselves, a new and potentially more dangerous threat continues to grow within the corporate environment – one’s own employees.  For example, an April 2018 Ponemon Institute survey of IT security professionals across 700 organizations reported that the average cost of a single breach due to employees or others with access was over $8.7 million