Hacker News with Generative AI: Internet Security

Backdooring your backdoors – Another $20 domain, more governments (watchtowr.com)
After the excitement of our .MOBI research, we were left twiddling our thumbs. As you may recall, in 2024, we demonstrated the impact of an unregistered domain when we subverted the TLS/SSL CA process for verifying domain ownership to give ourselves the ability to issue valid and trusted TLS/SSL certificates for any .MOBI domain.

Security, Domains, Internet Security, Cybersecurity, Research

14 points by notmine1337 10 days ago | 2 comments

Phishers Love New TLDs Like .shop, .top and .xyz (krebsonsecurity.com)
Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as .shop, .top, .xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. Meanwhile, the nonprofit entity that oversees the domain name industry is moving forward with plans to introduce a slew of new gTLDs.

Cybersecurity, Phishing, Domain Names, Internet Security

170 points by todsacerdoti 46 days ago | 209 comments

2024 U.S. Election: Exploring the Surge in Cyber Activity and Cyber Attacks (cloudflare.com)
Elections are not just a matter of casting ballots. They depend on citizens being able to register to vote and accessing information about candidates and the election process, which in turn depend on the strength and security of the Internet. Despite the risks posed by potential cyberattacks aimed to disrupt democracy, Cloudflare did not observe any significant disruptions to campaigns or local government websites from cyberattack.

Cybersecurity, Elections, U.S. Politics, Internet Security

6 points by emot 72 days ago | 0 comments

The Alarming Prevalence of Zone Transfers (reconwave.com)
We found that 8% of all nameservers still have zone transfers enabled for all authorized zones, potentially exposing sensitive information to malicious actors.

Security, DNS, Internet Security

11 points by olamoskae 88 days ago | 6 comments

Cloudflare auto-mitigated world record 3.8 Tbps DDoS attack (cloudflare.com)
Cloudflare's DDoS protection systems have been combating a month-long campaign of hyper-volumetric L3/4 DDoS attacks.

Cybersecurity, DDoS Attacks, Cloudflare, Internet Security, Network Security

10 points by syck 108 days ago | 0 comments

Ephemeral IDs: a new tool for fraud detection (cloudflare.com)
In the early days of the Internet, a single IP address was a reliable indicator of a single user. However, today’s Internet is more complex. Shared IP addresses are now common, with users connecting via mobile IP address pools, VPNs, or behind CGNAT (Carrier Grade Network Address Translation). This makes relying on IP addresses alone a weak method to combat modern threats like automated attacks and fraudulent activity.

Fraud Detection, Security, Internet Security, IP Addresses

17 points by leiferik 117 days ago | 7 comments

White House Cyber Director Releases Roadmap to Enhance Internet Routing Security (whitehouse.gov)

Cybersecurity, Internet Security, Government, Technology, Policy

12 points by ChrisArchitect 136 days ago | 2 comments

White House's New Roadmap to Enhance Internet Routing Security [pdf] (whitehouse.gov)

Internet Security, Cybersecurity, Government, Policy

5 points by bobismyuncle 136 days ago | 2 comments

Malaysian ISPs Hijack Cloudflare/Google DNS Requests (torrentfreak.com)

Internet Security, DNS, Malaysia, ISPs

18 points by lcof 162 days ago | 1 comments

Phish-friendly domain registry ".top" put on notice (krebsonsecurity.com)