Subscribe: CircleID: News Briefs
http://www.circleid.com/rss/rss_news/
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
access  circleid twittermore  circleid  cybercrime  data  follow circleid  follow  internet  net neutrality  new  twittermore 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: CircleID: News Briefs

CircleID: News Briefs



Latest news postings on CircleID



Updated: 2018-02-21T21:30:00-08:00

 



Report Estimates Cybercrime Taking $600 Billion Toll on Global Economy

2018-02-21T13:30:00-08:00

Cybercrime is costing businesses close to $600 billion, or 0.8 percent of global GDP, according to a report released today by McAfee, in partnership with the Center for Strategic and International Studies (CSIS). The estimated number is up from a similar 2014 study that put global losses at about $445 billion. The report attributes this growth to cybercriminals quickly adopting new technologies, the ease of engaging in cybercrime — including an expanding number of cybercrime centers — and the growing financial sophistication of top-tier cybercriminals. Estimated daily cybercrime activitySource: McAfee / CSIS 2018 report— From the report: "Cybercrime operates at scale. The amount of malicious activity on the internet is staggering. One major internet service provider (ISP) reports that it sees 80 billion malicious scans a day, the result of automated efforts by cybercriminals to identify vulnerable targets. Many researchers track the quantity of new malware released, with estimates ranging from 300,000 to a million viruses and other malicious software products created every day. Most of these are automated scripts that search the web for vulnerable devices and networks. Phishing remains the most popular and easiest way to commit cybercrime, with the Anti-Phishing Working Group (APWG) recording more than 1.2 million attacks in 2016, many linked to ransomware. This number may be low since the FBI estimated there were 4,000 ransomware attacks every day in 2016. The Privacy Rights Clearing House estimates there were 4.8 billion records lost as a result of data breaches in 2016, with hacking responsible for about 60% of these." — Data on cybercrime remains poor: The authors suggest data on cybercrime remains poor because of governments around the world underreporting and being negligent in their efforts to collect data on cybercrime. — Recommendations: Although the report is mainly focused on cybercrime estimations, and not recommendations, it has offered the following as a matter of obvious steps based on their cost analysis: Uniform implementation of basic security measures such as regular updating, patching, open security architectures and investment in defensive technologies. Increased cooperation among international law enforcement agencies both with other nations' law enforcement agencies and with the private sector. Improved collection of data by national authorities Greater standardization and coordination of cybersecurity requirements particularly in key sectors like finance. Development of the Budapest Convention, a formal treaty on cybercrime which has made slow progress in the face of opposition from Russia and other countries. International pressure on state sanctuaries for cybercrime; imposing some kind of penalty or consequence on governments that fail to take action against cybercrime. Follow CircleID on TwitterMore under: Cyberattack, Cybercrime, Cybersecurity, DDoS, Internet Governance, Malware, Policy & Regulation [...]



ICANN Spearheading Launch of Virtual DNS Entrepreneurship Center of the Caribbean

2018-02-21T11:44:00-08:00

The Internet Corporation for Assigned Names and Numbers (ICANN) is spearheading an initiative to launch Virtual DNS Entrepreneurship Center of the Caribbean (VDECC). Gerard Best reporting in the Caribbean Journal: "VDECC aims to open up new money-making opportunities in the DNS industry for Internet businesses and entrepreneurs across the region, including Internet service providers, web hosting companies, top-level domain operators, domain name registrars and resellers, web developers, digital marketers, e-commerce startups and Internet legal experts." The initiative was launched in Port of Spain on Feb. 19.

Follow CircleID on Twitter

More under: DNS, ICANN




Vermont Governor 5th to Take a Stand Against Rollback of Net Neutrality Rules

2018-02-21T11:14:00-08:00

Vermont Gov. Phil Scott is the latest state governor to take a stand against the FCC's rollback of net neutrality rules. Ryan Johnston reporting in StateScoop: "Scott last week took executive action mandating that any internet service provider (ISP) holding or seeking a state contract must include net neutrality protections in its services for all subscribers. He becomes the fifth governor to use the tactic, which is intended to pressure ISPs to operate as if the FCC did not repeal the Obama-era rules."

Follow CircleID on Twitter

More under: Access Providers, Net Neutrality




Hackers Use Tesla's Amazon Cloud Account to Mine Cryptocurrency

2018-02-20T10:37:00-08:00

Tesla's cloud environment has been infiltrated by hackers and used to mine cryptocurrencies, researchers have discovered. Other victims include Aviva and Gemalto. According to reports, the incident was first discovered by security company RedLock a few months ago when its research team found hundreds of Kubernetes administration consoles accessible over the internet without any password protection.

Initially RedLock discovered instances belonging to Aviva, a British multinational insurance company, and Gemalto, the world's largest manufacturer of SIM cards. From the report: "Within these consoles, access credentials to these organizations' Amazon Web Services (AWS) and Microsoft Azure environments were exposed. Upon further investigation, the team determined that hackers had secretly infiltrated these organizations' public cloud environments and were using the compute instances to mine cryptocurrencies (refer to Cloud Security Trends - October 2017 report). Since then, a number of other cryptojacking incidents have been uncovered and there are notable differences in the attacks. ... latest victim of cryptojacking is Tesla. While the attack was similar to the ones at Aviva and Gemalto, there were some notable differences. The hackers had infiltrated Tesla's Kubernetes console which was not password protected. Within one Kubernetes pod, access credentials were exposed to Tesla's AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry."

Follow CircleID on Twitter

More under: Blockchain, Cloud Computing, Cyberattack, Cybersecurity




Botnets Shift Focus to Credential Abuse, Says Latest Akamai Report

2018-02-20T09:49:00-08:00

(image)

Akamai's Fourth Quarter, 2017 State of the Internet, was released today in which it states that the analysis of more than 7.3 trillion bot requests per month has found a sharp increase in the threat of credential abuse, with more than 40 percent of login attempts being malicious. Additionally, the report warns DDoS attacks remain a consistent threat and the Mirai botnet is still capable of strong bursts of activity.

14% Increase in DDoS: "Akamai's findings also confirmed that the total number of DDoS attacks last quarter (Q4 2017) increased 14 percent from the same time last year (Q4 2016). While previous reports from this year showed the intensity of the Mirai botnet fading, Akamai saw a spike of nearly 1 million unique IP addresses from the botnet scanning the Internet in late November, showing that it is still capable of explosive growth."

Cybercriminals are increasingly leveraging bot activity for malicious use: "Many of the botnets traditionally responsible for DDoS attacks are being used to abuse stolen login credentials. Of the 17 billion login requests tracked through the Akamai platform in November and December, almost half (43 percent) were used for credential abuse."

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, Cybersecurity, DDoS




US Congress Considering Legislation to Authorize Faster Access to International Electronic Data

2018-02-19T12:15:00-08:00

A legislation called, Clarifying Lawful Overseas Use of Data Act, or Cloud Act, was introduced on Monday by Congress aimed at creating a clearer framework for law enforcement to access data stored in cloud computing systems. Ali Breland reporting in The Hill: "[The] bill is aimed at making it easier for U.S. officials to create bilateral data sharing agreements that allow them to access data stored overseas and also for foreign law enforcement to access data stored on U.S. firms' servers. ... Federal law currently doesn't specify whether the government can demand that U.S. companies give it data they have stored abroad. The CLOUD Act would amend this, likely impacting Microsoft's pending Supreme Court case over data it has stored in Ireland."

Follow CircleID on Twitter

More under: Cloud Computing, Data Center, Law




U.S. Lawmakers Moving to Consider New Rules Imposing Stricter Federal Oversight on Cryptocurrencies

2018-02-19T12:00:00-08:00

Reuters reports today that several top lawmakers have revealed a "bipartisan momentum is growing in the Senate and House of Representatives for action to address the risks posed by virtual currencies to investors and the financial system." David Morgan
reports: "Even free-market Republican conservatives, normally wary of government red tape, said regulation could be needed if cryptocurrencies threaten the U.S. economy. ... Much of the concern on Capitol Hill is focused on speculative trading and investing in cryptocurrencies, leading some lawmakers to push for digital assets to be regulated as securities and subject to the SEC’s investor protection rules."

Follow CircleID on Twitter

More under: Blockchain, Law, Policy & Regulation




SpaceX Launching Two Experimental Internet Satellites This Weekend

2018-02-16T13:10:00-08:00

On Saturday, SpaceX will be launching two experimental mini-satellites that will pave the path for the first batch of what is planned to be a 4,000-satellite constellation providing low-cost internet around the earth. George Dvorsky reporting in Gizmodo: "Announced back in 2015, Starlink is designed to be a massive, space-based telecommunications network consisting of thousands of interlinked satellites and several geographically dispersed ground stations. ... The plan is to have a global internet service in place by the mid-2020s, and get a leg-up on potential competitors. ... Two prototypes, named Microsat 2a and 2b, are now packed and ready for launch atop a Falcon-9 v1.2 rocket."

Follow CircleID on Twitter

More under: Access Providers, Broadband, Wireless




A Brooklyn Bitcoin Mining Operation is Causing Interference to T-Mobile's Broadband Network

2018-02-16T10:53:00-08:00

(image) AntMiner S5 Bitcoin Miner by Bitmain released in 2014. S5 has since been surpassed by newer models.The Federal Communications Commission on Thursday sent a letter to an individual in Brooklyn, New York, alleging that a device in the individual's residence used to mine Bitcoin is generating spurious radiofrequency emissions, causing interference to a portion of T-Mobile's mobile telephone and broadband network. The letter states the FCC received a complaint from T-Mobile concerning interference to its 700 MHz LTE network in Brooklyn, New York. In response to the complaint, agents from the Enforcement Bureau's New York Office confirmed by using direction finding techniques that radio emissions in the 700 MHz band were, in fact, emanating from the user's residence in Brooklyn. "When the interfering device was turned off the interference ceased. ... The device was generating spurious emissions on frequencies assigned to T-Mobile's broadband network and causing harmful interference." FCC's warning letter further states that user's "Antminer s5 Bitcoin Miner" operation constitutes a violation of the Federal laws and could subject the operator to severe penalties including substantial monetary fines and arrest.

Jessica Rosenworcel, FCC Commissioner, in a tweet said: "Okay, this @FCC letter has it all: #bitcoin mining, computing power needed for #blockchain computation and #wireless #broadband interference. It all seems so very 2018."

Follow CircleID on Twitter

More under: Access Providers, Blockchain, Broadband, Telecom, Wireless




Hackers Earned Over $100K in 20 Days Through Hack the Air Force 2.0

2018-02-16T07:47:01-08:00

(image) The participating U.S. Airmen and hackers at the conclusion of h1-212 in New York City on Dec 9, 2017

HackerOne has announced the results of the second Hack the Air Force bug bounty challenge which invited trusted hackers from all over the world to participate in its second bug bounty challenge in less than a year. The 20-day bug bounty challenge was the most inclusive government program to-date, with 26 countries invited to participate. From the report: "Hack the Air Force 2.0 is part of the Department of Defense's (DoD) Hack the Pentagon crowd-sourced security initiative. Twenty-seven trusted hackers successfully participated in the Hack the Air Force bug bounty challenge — reporting 106 valid vulnerabilities and earning $103,883. Hackers from the U.S., Canada, United Kingdom, Sweden, Netherlands, Belgium, and Latvia participated in the challenge. The Air Force awarded hackers the highest single bounty award of any Federal program to-date, $12,500."

Follow CircleID on Twitter

More under: Cybersecurity




Donuts Acquires .TRAVEL TLD

2018-02-14T11:14:00-08:00

Donuts Inc. today announced it has acquired the .TRAVEL domain name from registry operator Tralliance Registry Management Company; the .TRAVEL domain becomes Donuts' 239th TLD. From the annoucement: "Since its launch in 2005, the .TRAVEL domain has been embraced by the travel industry. Domain names ending in .TRAVEL now identify tens of thousands of travel businesses and organizations on the Internet. The .TRAVEL domain is widely recognized as of the highest quality, and is used by leading travel businesses such as: visitloscabos.travel, adventures.travel, hongkongdisneyland.travel, goldman.travel, AARP.travel and tens of thousands of others."

Follow CircleID on Twitter

More under: Domain Names, Registry Services, New TLDs




UK's Government Websites Infected by Cryptocurrency Mining Malware

2018-02-12T12:57:00-08:00

Thousands of websites are reported to have been infected by malware over the weekend forcing visitors' computers to mine cryptocurrency while using the sites. The affected websites include UK's National Health Service (NHS), the Student Loans Company and several English councils. Patrick Greenfield reporting in the Guardian: "The cryptojacking script was inserted into website codes through BrowseAloud, a popular plugin that helps blind and partially-sighted people access the web. More than 5,000 websites have been flooded by the malware. Software known as Coinhive, which quietly uses the processing power of a user's device to mine open source cryptocurrency Monero, appears to have been injected into the compromised BrowseAloud plugin."

Follow CircleID on Twitter

More under: Blockchain, Cyberattack, Cybercrime, Malware




IDC Predicts Blockchain Spending in the Middle East and Africa to More than Double in 2018

2018-02-12T12:16:00-08:00

Spending on blockchain solutions in the Middle East and Africa (MEA) will more than double this year, according to the latest insights from International Data Corporation. Megha Kumar, IDC's research director for software in the Middle East, Africa, and Turkey: "There is clearly an immense amount of interest around distributed ledger technologies (DLT) in the region. This is being driven by the pressing need for organizations to improve their efficiency, agility, security, and integrity. In 2018, we expect more organizations across MEA to move beyond the evaluation and proof-of-concept phase to pilots and even deployments."

"IDC expects blockchain spending in MEA to reach $307 million in 2021, which represents a compound annual growth rate (CAGR) of 77.4% for the 2016-2021 period. While various industries are evaluating the use of blockchain, IDC research suggests the region's public sector (including government, education, and healthcare) will spend an estimated $120.8 million in this space in 2021, accounting for 39.2% share. It will be followed by the financial services sector at 35.5% and the distribution and services sector at 14.1%."

"From a technology perspective, IDC's forecast shows services (IT services and business services) accounting for 52.7% of MEA blockchain spending in 2021. Blockchain software platforms will be the biggest and fastest-growing category in the software space over the coming years, while cloud will be the fastest-growing component in terms of hardware."

(image)

Follow CircleID on Twitter

More under: Blockchain




Pyeongchang Olympics Organizers Investigating Possible Cyberattack on Opening Day

2018-02-10T09:45:00-08:00

Reports from various sources indicate Pyeongchang Olympics organizers were looking into a disruption of non-critical systems on the day of the opening ceremony but could not yet confirm if it was a cyberattack. Karolos Grohmann reporting in Reuters: "Some local media reported system problems, including the Games website and some television sets, were due to a cyberattack but [Games spokesman] Sung said it was still too early to determine whether hackers had attempted to damage them. ... There were some issues that affected some of our non-critical systems last night for a few hours ... Experts are watching to ensure and maintain any systems at expected service levels. We are currently investigating the cause of the issue. At this time we cannot confirm [a cyberattack]."

Follow CircleID on Twitter

More under: Cyberattack




The Internet Association Releases Letter Backing Senate Effort to Reinstate Net Neutrality Rules

2018-02-08T21:06:00-08:00

The Internet Association (IA) whose members include the likes of Google, Amazon and Facebook, on Thursday issued a letter addressed to Senate Majority Leader Mitch McConnell (R-Ky.) and Minority Leader Charles Schumer (D-N.Y.) in support of the reinstatement of FCC rules. From the letter: "The FCC's recent Restoring Internet Freedom Order (the "Order") represents the complete reversal of broad, bipartisan consensus in the operation of the internet, and leaves consumers with no meaningful protections to ensure their access to the entire internet. The current Order should not stand, and IA supports all efforts — including comprehensive bipartisan legislation — to restore strong, enforceable net neutrality protections at the federal level. To that end, IA supports the Senate Congressional Review Act resolution to invalidate the Federal Communications Commission's January 4, 2018, Restoring Internet Freedom Order. While the CRA will help alleviate immediate concerns, the internet industry urges Congress to legislate a permanent solution."

Follow CircleID on Twitter

More under: Access Providers, Broadband, Net Neutrality, Policy & Regulation




ICANN Cancels .CORP, .HOME, and .MAIL TLDs Indefintley Due to Collision Concerns

2018-02-08T20:30:00-08:00

ICANN has announced that it has indefinitely deferred the delegations of the new TLDs .CORP, .HOME, and .MAIL due to the high-risk nature of the strings. The domains name system overseer has determined the said TLDs can cause name collisions, the overlap of private and public namespaces which may result in unintended and harmful results. "The introduction of any new domain name into the DNS at any level creates the potential for name collision [however] the New gTLD Program has brought renewed attention to this issue of queries for undelegated TLDs at the root level of the DNS because certain applied-for new TLD strings could be identical to name labels used in private networks." ICANN says the applicants of the TLDs will be refunded the full application fee of $185,000.

Follow CircleID on Twitter

More under: DNS, ICANN, New TLDs




Cryptocurrency Mining Attacks for the First Time Detected on Industrial Control Systems

2018-02-07T19:35:00-08:00

A water utility in Europe was compromised by cryptocurrency malware mining attack; the attack is the first public discovery of an unauthorized cryptocurrency miner impacting industrial controls systems. Sean Michael Kerner from eWeek reports: "At this point, Radiflow's investigation indicates that the cryptocurrency mining malware was likely downloaded from a malicious advertising site. As such, the theory ... is that an operator at the water utility was able to open a web browser and clicked on an advertising link that led the mining code being installed on the system. ... Cryptocurrency mining software does not steal data from a network, rather it consumes compute cycles. [T]he impact on the utility was degraded system performance, though given the size of the overall network and where the HMI systems connected, it might not have been a degradation that operators would have noticed on their own."

Follow CircleID on Twitter

More under: Blockchain, Cyberattack




EFF Founder John Perry Barlow Has Died

2018-02-07T18:24:00-08:00

(image)

Electronic Frontier Foundation founder John Perry Barlow, has died at the age of 70, according to a statement issued by the Foundation. "Barlow was a poet, essayist, Internet pioneer and prominent cyber-libertarian. He co-founded the Electronic Frontier Foundation in 1990 after realizing that the government was ill-equipped to understand what he called the 'legal, technical, and metaphorical nature of datacrime.' He said believed that "everyone's liberties would become at risk. Barlow described the founding of the EFF after receiving a visit from an FBI agent in April 1990 seeking to find out whether he was a member of 'a dread band of info-terrorists.' Shortly thereafter, Barlow and Mitch Kapor, the creator of Lotus 1-2-3, organized a series of dinners with leaders of the computer industry for discussions that would lead to the creation of the EFF."

"We are creating a world that all may enter without privilege or prejudice accorded by race, economic power, military force, or station of birth. We are creating a world where anyone, anywhere may express his or her beliefs, no matter how singular, without fear of being coerced into silence or conformity."
A Declaration of the Independence of Cyberspace by John Perry Barlow

Follow CircleID on Twitter

More under: Internet Governance, Policy & Regulation




New Jersey Becomes Latest State to Implement Its Own Net Neutrality Rules

2018-02-05T17:41:00-08:00

New Jersey on Monday became the latest state to implement its own net neutrality rules following the FCC's Repeal, Harper Neidig reports in The Hill today. "While New Jersey cannot unilaterally regulate net neutrality back into law or cement it as a state regulation, we can exercise our power as a consumer to make our preferences known," says Gov. Phil Murphy. New Jersey is the latest state to follow the lead of his counterparts in New York and Montana, who are pushing back on the FCC order. "Gurbir Grewal, New Jersey's attorney general, also announced on Monday that the state would be the 22nd to join a lawsuit against the FCC."

Follow CircleID on Twitter

More under: Access Providers, Broadband, Net Neutrality, Policy & Regulation




Gold Dragon Helps Olympics Malware Attacks Gain Permanent Presence on Systems, Reports McAfee

2018-02-05T13:38:00-08:00

A report recently released by McAfee Advanced Threat Research (ATR) revealed a fileless attack targeting organizations involved with the Pyeongchang Olympics. It was known that the attack used a PowerShell implant to establish a channel to the attacker's server in order to gather basic system-level data. However what was not determined at that time was what occurred after the attacker gained access to the victim's system. Ryan Sherstobitoff and Jessica Saavedra-Morales from McAfee report: "[We] now discovered additional implants that are part of an operation to gain persistence for continued data exfiltration and for targeted access. We have named these implants, which appeared in December 2017, Gold Dragon, Brave Prince, Ghost419, and Running Rat, based on phrases in their code. ... We now believe this implant is the second-stage payload in the Olympics attack that ATR discovered January 6, 2018. The PowerShell implant [Gold Dragon] used in the Olympics campaign was a stager based on the PowerShell Empire framework that created an encrypted channel to the attacker's server."

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, Cybersecurity, Malware