Tag Archives: Domain Name System

CISA’s Christopher Krebs Issues Emergency Directive on Windows Server Security Updates

Christopher Krebs

Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency (CISA) and a 2020 Wash100 Award recipient, is mandating agencies to update their Domain Name System-based (DNS) Windows servers following reports of new cyber threats.

Read More »

Michael Duffy on Agencies’ Compliance With DHS Directive on DNS Tampering Campaign

Michael Duffy of the Department of Homeland Security said there are only “a handful” of agencies that still need to comply with the requirements of an emergency directive that DHS released in January to address Domain Name System tampering activities, FCW reported Friday. Duffy, acting deputy director of DHS’ federal network resilience division, said during a Thursday meeting of the Information Security and Privacy Advisory Board that those agencies deal with "external dependencies" on DNS providers that make the process challenging to adopt multifactor authentication.

Read More »

DHS Finds No Evidence Pointing to Federal DNS Record Tampering

Jeanette Manfra, an official with the Cybersecurity and Infrastructure Security Agency, has said that no evidence has so far been found to suggest that U.S. federal Domain Name System servers have been compromised by a global DNS hijacking campaign, FCW reported Friday. Initially reported in November last year, the hijacking campaign has affected numerous private companies and governments around the world.

Read More »

Christopher Krebs Explains Rationale Behind CISA’s Directive on DNS Tampering Campaign

Christopher Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, has explained the reason behind CISA’s move to release its first emergency directive about Domain Name System tampering activities. Reports from FireEye and Cisco Talos revealed that malicious actors gained access to accounts that regulated DNS records and “made them resolve to their own infrastructure before relaying it to the real address,” Krebs wrote in a blog post published Thursday.
 

Read More »

DHS’ Christopher Krebs Issues Directive to Address Domain Name System Tampering Campaign

The Department of Homeland Security has released an emergency directive to guide federal agencies how to address Domain Name System tampering activities. Attackers compromise DNS by targeting user credentials, altering DNS records and accessing valid encryption certificates that allow them to decrypt the redirected traffic, Christopher Krebs, director of DHS’ Cybersecurity and Infrastructure Security Agency, wrote in the directive released Tuesday.

Read More »

Reports: US Authorities Examine Cyber Attack on DNS Provider Dyn

U.S. authorities are investigating a distributed-denial-of-service attack that hit internet performance management company Dyn‘s managed domain name system infrastructure, USA Today reported Friday. Eli Blumenthal and Elizabeth Weise write that Amazon, Twitter, Spotify, Netflix and PayPal were among the websites hobbled by the DDoS attack on the Dyn service Friday. The report said security experts believe the source of attack …

Read More »

Commerce Secretary Gary Locke: Cybersecurity ultimately is built on confidence

Collaborating with colleagues throughout government and industry, the Department of Commerce is making significant progress in helping securing the Internet, Commerce Secretary Gary Locke said. Locke, who among other top officials attended a cybersecurity briefing held Wednesday at the White House, said while government cannot engineer precise technology solutions, it …

Read More »