|
DNS Analytics
DNS Analytics is the surveillance (collection and analysis) of DNS traffic within a computer network. Such analysis of DNS traffic has a significant application within information security and computer forensics, primarily when identifying insider threats, malware, cyberweapons, and ''advanced persistent threat'' (APT) campaigns within computer networks. Since DNS Analytics processes and interactions involve the communications between DNS clients and DNS servers during the resolution of DNS queries and updates, it may include tasks such as request logging, historical monitoring by node, tabulation of request count quantities, and calculations based on network traffic requests. While a primary driver for DNS Analytics is security described below, another motivation is understanding the traffic of a network so that it can be evaluated for improvements or optimization. For example, DNS Analytics can be used to gather data on a lab where a large number of related requests for PC softwa ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Surveillance
Surveillance is the monitoring of behavior, many activities, or information for the purpose of information gathering, influencing, managing or directing. This can include observation from a distance by means of electronic equipment, such as closed-circuit television (CCTV), or interception of electronically transmitted information like Internet traffic. It can also include simple technical methods, such as Human intelligence (intelligence gathering), human intelligence gathering and postal interception. Surveillance is used by citizens for protecting their neighborhoods. And by governments for intelligence gathering - including espionage, prevention of crime, the protection of a process, person, group or object, or the investigation of crime. It is also used by criminal organizations to plan and commit crimes, and by businesses to Industrial espionage, gather intelligence on criminals, their competitors, suppliers or customers. Religious organisations charged with detecting he ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
APT1
PLA Unit 61398 (also known as APT 1, Comment Crew, Comment Panda, GIF89a, and Byzantine Candor) (, Pinyin: 61398 ''bùduì'') is the Military Unit Cover Designator (MUCD) of a People's Liberation Army advanced persistent threat unit that has been alleged to be a source of Chinese computer hacking attacks. The unit is stationed in Pudong, Shanghai. History A 2020 report in DNA India stated that the unit was involved in espionage on the Military of India. 2014 indictment On 19 May 2014, the US Department of Justice announced that a Federal grand jury had returned an indictment of five 61398 officers on charges of theft of confidential business information and intellectual property from U.S. commercial firms and of planting malware on their computers. The five are Huang Zhenyu (黄振宇), Wen Xinyu (文新宇), Sun Kailiang (孙凯亮), Gu Chunhui (顾春晖), and Wang Dong (王东). Forensic evidence traces the base of operations to a 12-story building off Datong Road in a ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Flame (malware)
Flame, also known as Flamer, sKyWIper, and Skywiper, is modular computer malware discovered in 2012 that attacks computers running the Microsoft Windows operating system. The program is used for targeted cyber spying, cyber espionage in Middle Eastern countries. Its discovery was announced on 28 May 2012 by the MAHER Center of the Iranian National Computer Emergency Response Team (CERT), Kaspersky Lab and CrySyS Lab of the Budapest University of Technology and Economics. The last of these stated in its report that Flame "is certainly the most sophisticated malware we encountered during our practice; arguably, it is the most complex malware ever found." Flame can spread to other systems over a local network (LAN). It can record audio, screenshots, Keystroke logging, keyboard activity and Packet capture, network traffic. The program also records Skype conversations and can turn infected computers into Bluetooth beacons which attempt to download contact information from nearby Blu ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Stuxnet
Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition ( SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency. Stuxnet specifically targets programmable logic controllers (PLCs), which allow the automation of electromechanical processes such as those used to control machinery and industrial processes including gas centrifuges for separating nuclear material. Exploiting four zero-day flaws, Stuxnet functions by targeting machines using the Microsoft Windows o ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Mandiant
Mandiant is an American cybersecurity firm and a subsidiary of Google. It rose to prominence in February 2013 when it released a report directly implicating China in cyber espionage. In December 2013, Mandiant was acquired by FireEye for $1 billion, who eventually sold the FireEye product line, name, and its employees to Symphony Technology Group for $1.2 billion in June 2021. In March 2022, Google announced that it would acquire the company for $5.4billion and integrate it into its Google Cloud division, with the firm becoming fully incorporated in September 2022. Founding Kevin Mandia, a former United States Air Force officer who serves as the company's chief executive officer, founded Mandiant as Red Cliff Consulting in 2004 before rebranding to its current name in 2006. In 2011, Mandiant received funding from Kleiner Perkins Caufield & Byers and One Equity Partners to expand its staff and grow its business-to-business operations, providing incident response and general s ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Norman Safeground
Norman Safeground AS develops and sells data security software such as anti-virus, anti-spam, anti-spyware and backup with local support. The company headquarters is in Oslo, Norway. Norman Safeground has a global partner-network, and the main market is Europe. Norman competes in the antivirus industry against Avira, BullGuard, F-Secure, Frisk, Kaspersky, McAfee, Panda Security, Sophos, Symantec and Trend Micro among others. History Norman was founded on 1 October 1984 in Oslo. The company was a pioneer in proactive security software solutions and forensics malware tools, utilizing a patented sandbox technology. In 1995, Norman acquired 50 percent of IBAS AS, a Norwegian data recovery company. The company was listed on Oslo Stock Exchange on 11 August 1997. Norman ASA bought the remaining 50 percent stake in IBAS in 1999. In 2004, the two companies were de-merged and IBAS was listed as a separate entity on the Oslo Stock Exchange. Norman was de-listed from Oslo Stock Exc ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
McAfee
McAfee Corp. ( ), formerly known as McAfee Associates, Inc. from 1987 to 1997 and 2004 to 2014, Network Associates Inc. from 1997 to 2004, and Intel Security Group from 2014 to 2017, is an American global computer security software company headquartered in San Jose, California. The company was purchased by Intel in February 2011, and became part of the Intel Security division. In 2017, Intel had a strategic deal with TPG Capital and converted Intel Security into a joint venture between both companies called McAfee. Thoma Bravo took a minority stake in the new company, and Intel retained a 49% stake. The owners took McAfee public on the NASDAQ in 2020, and in 2022 an investor group led by Advent International Corporation took it private again. History 1987–1999 The company was founded in 1987 as McAfee Associates, named for its founder John McAfee, who resigned from the company in 1994. McAfee was incorporated in the state of Delaware in 1992. In 1993, McAfee stepped do ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
NortonLifeLock
Gen Digital Inc. (formerly Symantec Corporation and NortonLifeLock) is a multinational software company co-headquartered in Tempe, Arizona and Prague, Czech Republic. The company provides cybersecurity software and services. Gen is a Fortune 500 company and a member of the S&P 500 stock-market index. The company also has development centers in Pune, Chennai and Bangalore. Its portfolio includes Norton, Avast, LifeLock, Avira, AVG, ReputationDefender, and CCleaner. On October 9, 2014, Symantec declared it would split into two independent publicly traded companies by the end of 2015. One company would focus on security, the other on information management. On January 29, 2016, Symantec sold its information-management subsidiary, named Veritas Technologies, and which Symantec had acquired in 2004, to The Carlyle Group. On August 9, 2019, Broadcom Inc. announced they would be acquiring the Enterprise Security software division of Symantec for $10.7 billion, and the company became ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Kaspersky Lab
Kaspersky Lab (; Russian: Лаборатория Касперского, tr. ''Laboratoriya Kasperskogo'') is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky, and Alexey De-Monderik; Eugene Kaspersky is currently the CEO. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services. Kaspersky expanded abroad from 2005 to 2010 and grew to $704 million in annual revenues by 2020, up 8% from 2016, though annual revenues were down 8% in North America due to U.S. government security concerns. As of 2016, the software has about 400 million users and has the largest market-share of cybersecurity software vendors in Europe. Kaspersky Lab ranks fourth in the global ranking of antivirus vendors by revenue. It was the first Russian company ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Domain Name System
The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned to each of the associated entities. Most prominently, it translates readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. The Domain Name System has been an essential component of the functionality of the Internet since 1985. The Domain Name System delegates the responsibility of assigning domain names and mapping those names to Internet resources by designating authoritative name servers for each domain. Network administrators may delegate authority over sub-domains of their allocated name space to other name servers. This mechanism provides distributed and fault tolerance, fault-tolerant service and was designed to avoid a single ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Indicator Of Compromise
Indicator of compromise (IoC) in computer forensics is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Types of indication Typical IoCs are virus signatures and IP addresses, MD5 hashes of malware files, or URLs or domain names of botnet command and control servers. After IoCs have been identified via a process of incident response and computer forensics, they can be used for early detection of future attack attempts using intrusion detection systems and antivirus software. Automation There are initiatives to standardize the format of IoC descriptors for more efficient automated processing. Known indicators are usually exchanged within the industry, where the Traffic Light Protocol is being used. See also * AlienVault * Mandiant * Malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
