Since the release of BIND 9 in 2010, RPZ has proven a powerful technology for security and network management—allowing organizations to implement an additional DNS configuration layer. In fact, BIND is the most widely used Domain Name System software on the internet—making RPZ configuration options like integrating commercial feeds, blocklists, and URL databases like zveloDB™ all the more attractive. So let’s take a moment to revisit the advantages of RPZ.
Over the past decade, the use of “clickbait” ads has become the norm in order to entice viewers to click on the ad and drive traffic to a publisher. Web surfers have grown accustomed to seeing the same types of clickbait ads and sponsored stories like the ones shown below with sensational headlines about curing cancer, stopping aging, improving your sex life and more.
I was recently debugging a nasty issue in one of our backend services and needed to view the exact HTTP request & response being sent to an authentication server. Fortunately, Go’s standard library provides http.RoundTripper, httputil.DumpRequestOut & httputil.DumpResponse, which are great for dumping the exact out-bound request & the response. But since an authentication request contains credentials and a response contains a security token, it would have been insecure to record credentials & tokens in our logging systems. How could I securely exfiltrate the information I needed, while maintaining security and not requiring a whole lot of changes to my codebase or deployment environment?
Last week, we announced that we will be extending zveloDB™ URL categorization support to include eight (8) new categories. The new categories represent a number of emergent topics and threats including Cryptocurrency, Cryptocurrency Mining, Fake News, Terrorism, and more.
In an article on ITPro, Jeff Finn writes about how the state of IoT cybersecurity is reaching a tipping point, forcing IoT device manufacturers to work partners that excel at networking. “The writing on the wall for IoT device manufacturers is to get serious about security and develop fruitful channel partnerships with network technology providers.
Once you see this vulnerability in action, it’s easy to imagine how easily devices can be exploited. Simple vulnerability hacks and tactics such as this can be used in coordination with home routers, smart speakers, video surveillance equipment, and much more to create havoc.
Recently, Digiday published an article about the “winners and losers” of the new EU ePrivacy law. As suspected, behavioral targeting is a clear loser due to its reliance on cookie-based targeting. The only winners mentioned seemed to be those outside of the realm of digital advertising.
Like rabbits, ransomware seems to multiply at a prodigious rate. The newest strain causing widespread damage dubbed Bad Rabbit, due to the TOR hidden service it directs victims to visit, appears to be based on the Petya ransomware and its’ variants, according to Cisco Talos. The campaign seems to have largely targeted Russia and Eastern Europe.
What’s Reaper? Reaper (a.k.a IotTroop) is the latest botnet threat which is specifically targeting IoT vulnerabilities. With over 1.2 million devices already impacted, Reaper is the the largest IoT bot attack to date and continuing to grow rapidly. Using multiple C2’s, each with 10s of thousands of unique active IPs daily, Reaper is gaining momentum with each new device it exploits.
Network security company zvelo Monday unveiled an IoT security offering that uses artificial intelligence to automate the way enterprises discover and profile IoT devices on the network – and detect ones that are compromised.