Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency (CISA) and a 2020 Wash100 Award recipient, is mandating agencies to update their Domain Name System-based (DNS) Windows servers following reports of new cyber threats.Read More »
Michael Duffy of the Department of Homeland Security said there are only “a handful” of agencies that still need to comply with the requirements of an emergency directive that DHS released in January to address Domain Name System tampering activities, FCW reported Friday. Duffy, acting deputy director of DHS’ federal network resilience division, said during a Thursday meeting of the Information Security and Privacy Advisory Board that those agencies deal with "external dependencies" on DNS providers that make the process challenging to adopt multifactor authentication.Read More »
Jeanette Manfra, an official with the Cybersecurity and Infrastructure Security Agency, has said that no evidence has so far been found to suggest that U.S. federal Domain Name System servers have been compromised by a global DNS hijacking campaign, FCW reported Friday. Initially reported in November last year, the hijacking campaign has affected numerous private companies and governments around the world.Read More »
Christopher Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, has explained the reason behind CISA’s move to release its first emergency directive about Domain Name System tampering activities. Reports from FireEye and Cisco Talos revealed that malicious actors gained access to accounts that regulated DNS records and “made them resolve to their own infrastructure before relaying it to the real address,” Krebs wrote in a blog post published Thursday.
The Department of Homeland Security has released an emergency directive to guide federal agencies how to address Domain Name System tampering activities. Attackers compromise DNS by targeting user credentials, altering DNS records and accessing valid encryption certificates that allow them to decrypt the redirected traffic, Christopher Krebs, director of DHS’ Cybersecurity and Infrastructure Security Agency, wrote in the directive released Tuesday.Read More »
U.S. authorities are investigating a distributed-denial-of-service attack that hit internet performance management company Dyn‘s managed domain name system infrastructure, USA Today reported Friday. Eli Blumenthal and Elizabeth Weise write that Amazon, Twitter, Spotify, Netflix and PayPal were among the websites hobbled by the DDoS attack on the Dyn service Friday. The report said security experts believe the source of attack …Read More »
The Government Accountability Office has suggested frameworks the National Telecommunications and Information Administration could use to evaluate a proposal that would facilitate the transfer of control over Internet domain names from NTIA to a global community of stakeholders. GAO said in an August report NTIA needs measures to review a transition …Read More »
Collaborating with colleagues throughout government and industry, the Department of Commerce is making significant progress in helping securing the Internet, Commerce Secretary Gary Locke said. Locke, who among other top officials attended a cybersecurity briefing held Wednesday at the White House, said while government cannot engineer precise technology solutions, it …Read More »