"If you think about Internet threats like phishing and botnets and malware -- all of those start with a DNS -- a domain name system. And so every kind of nefarious act leaves footprints and fingerprints in the DNS. That's something that cannot be faked," said Farsight Security COO Alexa Raad. For example, "a lot of the new domain names that are registered are typically registered with bad intent."

Hackers cracked into a wide array of voting equipment Def Con's Voting Village, an event held Friday at Caesar's Palace in Las Vegas, Nevada. Last year, conference goers hacked five machines and an e-poll book of registered voters. This year, in addition to voting machines, tabulators and smart card readers were available for hacking. Websites weren't off limits, either.

A computer virus over the weekend disrupted the operations of the Asian manufacturer that makes chips for the iPhone and other devices offered by top shelf high-tech companies. TSMC said that a virus outbreak Friday evening affected a number of computer systems and fab tools at its facilities in Taiwan. The incident likely will cause shipment delays and create additional costs.

DHS has announced the National Risk Management Center, part of a new effort to combat cyberthreats to the U.S. The new agency's mission will be to defend the critical infrastructure through greater cooperation between the public and private sectors. The center will bring together government experts and industry partners to work out ways that the government can support the partners.

Hundreds of U.S. utilities were penetrated by Russian hackers who could have disrupted the nation's power grid. The attacks were launched last year by threat actors sponsored by the Russian government, according to a report. The hackers used Black Hat tools such as phishing and waterhole traps to obtain credentials from legitimate users and leverage them to gain access to the utilities.

The Internet of Things may be in its infancy, but the U.S. government has been gearing up to determine what the proper federal role should be, both for encouraging and for regulating the use of IoT technology. Two recent developments have underscored the government's interest in IoT. On the regulatory front, the CPSC has launched an initiative to determine a framework for regulation.

A new feature in iOS 11.4.1, which Apple released earlier this week, is designed to protect against unwanted intrusions through the iPhone's Lightning Port. However, the protection may be weak at best. The feature, called "USB Restricted Mode," disables data transfer through the Lightning Port after an hour of inactivity. In some cases, the phone might not charge, according to Apple.

A popular fitness app provided a convenient map for anyone interested in shadowing government personnel who exercised in secret locations, including intelligence agencies, military bases and airfields, nuclear weapons storage sites, and embassies around the world. The fitness app, Polar Flow, publicized more data about its users in a more accessible way than comparable apps, investigators found.

There are times when looking at something narrowly can be more effective than taking a wider and more comprehensive view. If you don't believe me, consider the experience of looking at organisms in a microscope or watching a bird through binoculars. Distractions are minimized, allowing optimal evaluation and analysis of what's under investigation.

Retailers' biggest worry is increasing e-commerce fraud -- including data breaches, targeted attacks and card-not-present fraud -- according to a report from the Federal Reserve Bank of Minneapolis. Online fraud is one of the biggest challenges facing retailers, with CNP fraud being one of their top worries. CNP fraud will hit $71 billion over the next five years, Juniper Research has forecast.

Network devices with better security will be hitting the market this year, thanks to Wi-Fi Certified WPA3, which the Wi-Fi Alliance launched Tuesday. The announcement paves the way for the proliferation of devices that support the new, more secure protocol for WiFi communication, which is designed to replace the 14-year-old WPA2. The new protocol adds features to simplify WiFi security.

The healthcare industry has been moving toward medical equipment connectivity to speed up data entry and recording, as well as improve data accuracy. At the same time, there has been a shift toward incorporating consumer mobile devices, including wearables. "The demand for connected devices has increased rapidly in recent years," noted Leon Lerman, CEO of Cynerio.

Worldwide IoT spending will total nearly $773 billion this year, IDC has predicted. The IoT will sustain a compound annual growth rate of 14.4 percent, and spending will hit $1.1 trillion by 2021, according to the firm's forecast. Consumer IoT spending will total $62 billion this year, making it the fourth largest industry segment, after manufacturing, transportation and utilities.

Academics have been hard at work studying information security. Most fields aren't as replete with hackers as information security, though, and their contributions are felt much more strongly in the private sector than in academia. The differing motives and professional cultures of the two groups act as barriers to direct collaboration, noted CypherCon presenter Anita Nikolich.

Apple plans to equip iOS 12 with USB Restricted Mode, which requires users to unlock their iPhone with their passcode before USB accessories can connect if the phone last was unlocked more than an hour earlier. The company included this feature in the developer versions of iOS 11.4.1 and iOS 12. Apple will release USB Restricted Mode publicly in a future software update, it confirmed this week.

A significant percentage of IT systems are cloud-based, according to a recent survey. The cloud is a key enabler for emerging technology, suggests the CompTIA poll, which was conducted last month. Cloud computing was one of four trends respondents expected to feature heavily in IT conversations over the next 12 to 18 months, the survey found. Others were AI, the IoT and cybersecurity.

In spite of all the high-profile breaches that seem to sweep the headlines with greater frequency, companies slowly but surely have been getting a handle on internal security practices. At this point, it's hard to imagine any employee, in or out of the tech sector, who hasn't been run through antiphishing training. However, security is only as strong as its weakest link.

If you're a cybersecurity practitioner, chances are good that you've heard the term "zero trust" over the past few months. If you attend trade shows, keep current with the trade media headlines, or network with peers and other security pros, you've probably at least heard the term. Depending on whom you're talking to, you'll get a different answer about what it is and why it might be useful.

The FBI has disrupted a network of half a million routers compromised by the group of Russian hackers believed to have penetrated the DNC and the Hillary Clinton campaign during the 2016 elections, according to reports. The hacker group, known as "Fancy Bear," has been using a malware program called "VPN Filter" to compromise home and small office routers.

Okta has announced the Okta API Products One App, which lets engineering teams and developers implement multifactor authentication for any single website or application. Developers can use API Products for One App free if they display "Identity by Okta" on the login page of their app. Among Okta API Products for One App's features are authentication and directory services for Web or mobile apps.

Health services vendors have been partnering with various organizations to gain a foothold in the cloud and to test out their solutions. One of the cloud's major selling points is security -- but it is not as safe as it's made out to be. Google Cloud "recently announced a significant expansion in HIPAA compliance across our portfolio of cloud products," noted Google Cloud's Joe Corkery.

Several countries -- including the United States, France and Germany -- have pointed a finger at Russia for meddling in their elections. Russia used social media as a big part of that effort. Facebook has been scrambling to win back the public's trust since the Russia and Cambridge Analytica scandal. However, it's not clear what exactly hostile nation states have been up to on social media.

A newfound flaw in email clients that use PGP and S/MIME to encrypt messages can be exploited to expose the plain text of the missives, according to a new paper. By injecting malicious snippets of text into encrypted messages, attackers can use the flaw to make the email client exfiltrate decrypted copies of the emails, explained the authors, a team of researchers from three European universities.

"It's only a few times in the history of the U.S. and in specific domains do you have the opportunity to make decisions and have a lasting effect on that domain," said Circadence VP Keenan Skelly. "In terms of information cybersecurity, we're right in the middle of it right now. We're just figuring out what global norms should be."

Microsoft, Oracle and Facebook, along with 31 other companies, have signed the Cybersecurity Tech Accord, an agreement aimed at defending against cyberattacks, whether coming from rogue hackers or nation-states. The 34 tech firms committed to stronger defenses, no offensive attacks, capacity building and collective action. Security remains a major issue in the tech world.

The security skills gap has become a topic of acute interest among practitioners responsible for building security teams for their organizations -- and keeping them running smoothly. It impacts everything from how they staff, how they cultivate and develop their workforces, and how they train, to the operational controls they put in place, and potentially numerous other things.

A Web standards milestone could point to the end of the road for pesky passwords. The new standard, WebAuthn, has won near-final approval from the World Wide Web Consortium. WebAuthn defines a standard API that can be incorporated into browsers and Web infrastructure. It opens the door for new ways for users to authenticate themselves on the Internet that are more secure and convenient than passwords.

An alarming number of major U.S. retailers, industrial firms, government agencies and other organizations have been hit in a recent wave of cyberbreaches that may signal increasing vulnerability for consumers and businesses alike. The attacks have exposed millions of consumer payment cards to fraud. Cyberthieves have used a variety of methods to infiltrate corporate computer systems.

Nearly a week after it became the target of one of the largest ransomware attacks to date, the City of Atlanta has made progress toward recovery, but it is still far from business as usual. Hackers encrypted many of the city government's vital data and computer systems. Mayor Keisha Lance Bottoms characterized the ransomware attack as "a hostage situation."

The DoJ has charged nine Iranian nationals for engaging in a massive phishing campaign on behalf of the Iranian Revolutionary Guard. The allegations include the theft of $3.4 billion in research and intellectual property from 320 colleges and universities in the U.S. and abroad, as well as from 47 foreign and domestic companies, plus several federal agencies, state governments, and the UN.