Subscribe: CircleID: News Briefs
http://www.circleid.com/rss/rss_news/
Preview: CircleID: News Briefs

CircleID: News Briefs



Latest news postings on CircleID



Updated: 2017-11-23T19:56:00-08:00

 



Canadian Prime Minister Justin Trudeau Says FCC's Roll Back Plan on Net Neutrality Makes No Sense

2017-11-23T11:56:00-08:00

Canadian Prime Minister Justin Trudeau on Wednesday told reporters that President Donald Trump's plan to roll back net neutrality protections for the internet "does not make sense". He'll be looking into what he can do to defend net neutrality for the whole internet, Trudeau said. Trudeau's statements from Justin Ling's report in Motherboard: "I am very concerned about the attacks on net neutrality ... Net neutrality is something that is essential for small businesses, for consumers, and it is essential to keep the freedom associated with the internet alive. ... We need to continue to defend net neutrality. And I will." Trudeau did not comment directly on whether he would convey the message to Trump directly and is quoted saying: "We are just absorbing the position the president has taken and looking at the impact it's going to have in the United States and in Canada."

Follow CircleID on Twitter

More under: Access Providers, Net Neutrality, Policy & Regulation




FCC Plans to Order States Not to Impose Laws Regulating Broadband Service, Senior Officials Revealed

2017-11-22T12:56:00-08:00

In a phone briefing with reporters on Tuesday, Senior FCC officials revealed plans whereby state and local governments will not be able to impose local laws regulating broadband service. A development following FCC Chair's release of the draft on "Restoring Internet Freedom Order." Jon Brodkin reporting in Ars Technica: "FCC Chairman Ajit Pai's proposed order finds that state and local laws must be preempted if they conflict with the US government's policy of deregulating broadband Internet service, FCC officials said. ... It isn't clear yet exactly how extensive the preemption will be. ... but it could also prevent state laws related to the privacy of Internet users or other consumer protections."

Follow CircleID on Twitter

More under: Access Providers, Broadband, Net Neutrality, Policy & Regulation




FCC Chair Releases Draft to Abandon Net Neutrality, Says Gov't Must Stop Micromanaging the Internet

2017-11-21T09:35:00-08:00

Federal Communications Commission Chairman Ajit Pai today released a statement on his draft "Restoring Internet Freedom Order", circulated to Commissioners this morning and will be voted on at the FCC's Open Meeting on December 14. "Today, I have shared with my colleagues a draft order that would abandon this failed approach and return to the longstanding consensus that served consumers well for decades," says FCC Chairman Ajit Pai. "Under my proposal, the federal government will stop micromanaging the Internet. Instead, the FCC would simply require Internet service providers to be transparent about their practices so that consumers can buy the service plan that's best for them and entrepreneurs and other small businesses can have the technical information they need to innovate."

Former Democratic FCC chairman Tom Wheeler, who drafted the 2015 net neutrality rules has called Tuesday's move "tragic." Wheeler told the Washington Post: "The job of the FCC is to represent the consumer. If you like your cable company, you'll love what this does for the Internet, because it gives Internet service providers the same kind of control over content and price as cable operators have today."

Follow CircleID on Twitter

More under: Access Providers, Net Neutrality, Policy & Regulation




Berners-Lee Talks Net Neutrality in Washington, "ISPs Should be Treated More Like Utilities"

2017-11-17T12:34:00-08:00

Tim Berners-Lee is in Washington urging lawmakers to reconsider the rollback of net neutrality laws — while remaining optimistic, he sees a "nasty wind" blowing amid concerns. Olivia Solon reporting in The Guardian writes: "These powerful gatekeepers ... control access to the internet and pose a threat to innovation if they are allowed to pick winners and losers by throttling or blocking services. It makes sense, therefore, that ISPs should be treated more like utilities. ... 'Gas is a utility, so is clean water, and connectivity should be too,' said Berners-Lee. 'It's part of life and shouldn't have an attitude about what you use it for — just like water.'"

Follow CircleID on Twitter

More under: Access Providers, Net Neutrality, Policy & Regulation




U.S. Government Takes Steps Towards Increased Transparency for Vulnerabilities Equities Process

2017-11-16T18:47:00-08:00

The White House has released a charter offering more transparency into the Vulnerabilities Equities Process. Tom Spring from ThreatPost reports: "On Wednesday it released the 'Vulnerabilities Equities Policy and Process' [PDF] charter that outlines how the government will disclose cyber security flaws and when it will keep them secret. The release of the charter is viewed as a positive by critics and a step toward addressing private-sector concerns that the VEP's framework is to secretive."

Follow CircleID on Twitter

More under: Cybersecurity, Policy & Regulation




IBM Launches Quad9, a DNS-based Privacy and Security Service to Protect Users from Malicious Sites

2017-11-16T17:58:00-08:00

In a joint project, IBM Security along with Packet Clearing House (PCH) and The Global Cyber Alliance (GCA) today launched a free service designed to give consumers and businesses added online privacy and security protection. The new DNS service is called Quad9 in reference to the IP address 9.9.9.9 offered for the service. The group says the service is aimed at protecting users from accessing malicious websites known to steal personal information, infect users with ransomware and malware, or conduct fraudulent activity. Quad9 is said to provide these protections without compromising the speed of users' online experience. From the announcement: "Leveraging PCH's expertise and global assets around the world, Quad9 has points of presence in over 70 locations across 40 countries at launch. Over the next 18 months, Quad9 points of presence are expected to double, further improving the speed, performance, privacy and security for users globally. Telemetry data on blocked domains from Quad9 will be shared with threat intelligence partners for the improvement of their threat intelligence responses for their customers and Quad9." — The Genesis of Quad9: "Quad9 began as the brainchild of GCA. The intent was to provide security to end users on a global scale by leveraging the DNS service to deliver a comprehensive threat intelligence feed. This idea lead to the collaboration of the three entities: GCA: Provides system development capabilities and brought the threat intelligence community together; PCH: Provides Quad9's network infrastructure; and IBM: Provides IBM X-Force threat intelligence and the easily memorable IP address (9.9.9.9)." — Philip Reitinger, President and CEO of the Global Cyber Alliance: "Protecting against attacks by blocking them through DNS has been available for a long time, but has not been used widely. Sophisticated corporations can subscribe to dozens of threat feeds and block them through DNS, or pay a commercial provider for the service. However, small to medium-sized businesses and consumers have been left behind — they lack the resources, are not aware of what can be done with DNS, or are concerned about exposing their privacy and confidential information. Quad9 solves these problems. It is memorable, easy to use, relies on excellent and broad threat information, protects privacy, and security and is free." Follow CircleID on TwitterMore under: Cyberattack, Cybercrime, DNS, DNS Security, Malware, Privacy, Web [...]



Russia Targeted British Telecom, Media, Energy Sectors, Reveals UK National Cyber Security Centre

2017-11-15T12:14:00-08:00

Speaking at The Times Tech Summit in London, Ciaran Martin, chief of the National Cyber Security Centre (NCSC), warned Russia is seeking to undermine the international system. "I can't get into too much of the details of intelligence matters, but I can confirm that Russian interference, seen by the National Cyber Security Centre, has included attacks on the UK media, telecommunications and energy sectors. ... The government is prioritising cyber security because we care so much about the digital future of the country. We're doing it broadly on the themes that will come up today — defend networks, deter attackers and develop the skills base."

Follow CircleID on Twitter

More under: Cyberattack, Cybersecurity, Policy & Regulation




Airplanes Vulnerable to Hacking, Says U.S. Department of Homeland Security

2017-11-15T10:03:00-08:00

Researchers have been able to successfully demonstrate a commercial aircraft can be remotely hacked. Calvin Biesecker reporting in Avionics reports: "A team of government, industry and academic officials successfully demonstrated that a commercial aircraft could be remotely hacked in a non-laboratory setting last year, a U.S. Department of Homeland Security (DHS) official said Wednesday at the 2017 CyberSat Summit in Tysons Corner, Virginia. [U.S. Department of Homeland Security aviation program manager says] 'We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative, penetration ... [which] means I didn't have anybody touching the airplane, I didn't have an insider threat. I stood off using typical stuff that could get through security and we were able to establish a presence on the systems of the aircraft."

Follow CircleID on Twitter

More under: Cyberattack, Cybersecurity




Poland to Test a Cybersecurity Program for Aviation Sector

2017-11-08T13:08:00-08:00

During the two-day Cybersecurity in Civil Aviation conference, Poland announced an agreement to test a cybersecurity pilot program for the aviation sector as Europe's European Aviation Safety Agency (EASA) civil aviation authority face increasing threats posed by hackers to air traffic. "We want to have a single point in the air transport sector that will coordinate all cybersecurity activities… for airlines, airports, and air traffic," said Piotr Samson, head of Poland's ULC civil aviation authority. "Despite the assurances of experts in the field, computer systems failures triggered by hackers or accident have caused flight chaos in recent years. Poland's flagship carrier LOT was briefly forced to suspend operations in June 2015 after a hack attack." See full report.

Follow CircleID on Twitter

More under: Cyberattack, Cybersecurity




Former Yahoo CEO Marissa Mayer Apologizes for Data Breach, Blames Russian Agents

2017-11-08T10:52:00-08:00

Former Yahoo CEO Marissa Mayer apologized today at the Senate Commerce, Science and Transportation hearing regarding massive data breaches at the internet company, blaming Russian agents. David Shepardson [reporting](http://www.reuters.com/article/us-usa-databreaches/former-yahoo-ceo-apologizes-for-data-breach-blames-russians-idUSKBN1D825V) in Reuters: "Verizon [which] acquired most of Yahoo Inc's assets in June ... disclosed last month that a 2013 Yahoo data breach affected all 3 billion of its accounts, compared with an estimate of more than 1 billion disclosed in December. In March, federal prosecutors charged two Russian intelligence agents and two hackers with masterminding a 2014 theft of 500 million Yahoo accounts, the first time the U.S. government has criminally charged Russian spies for cyber crimes."

Follow CircleID on Twitter

More under: Cyberattack, Cybersecurity




ICANN Holding Its First North American Meeting Since 2014 in Puerto Rico

2017-11-07T15:39:00-08:00

style=“;margin:0 0 10px 0;" width="644" height="362" src="https://www.youtube.com/embed/l7ooF2Xwf04?rel=0" frameborder="0" gesture="media" allowfullscreen>

As ICANN wraps up its Annual General Meeting in Abu Dhabi, the organization is inviting participation in its 61st ICANN meeting in San Juan, Puerto Rico, from 10–15 March 2018. Vice President, Christopher Mondini writes: "In the wake of the recent hurricane season, the island remains resilient and determined to bounce back. Recovery efforts over the past months have demonstrated the profound strength and solidarity that run deep in the island’s cultural roots." The six-day meeting aims to focus on outreach, capacity building, and showcasing ICANN’s work to a broader global audience. The event is hosted by the Puerto Rico Top Level Domain (.pr)

Follow CircleID on Twitter

More under: ICANN




Cloudflare Uses Lava Lamps to Generate Encryption Keys

2017-11-07T13:37:00-08:00

The web performance and security company, Cloudflare has shared one of the methods it uses to ensure randomness when generating encryption keys. Rhett Jones reporting in Gizmodo: "Cloudflare provides security and domain name services for millions of the most prominent sites on the web. The company has built a solid reputation for its secure encryption and one of the key factors in its system is a wall of 100 lava lamps in the lobby of its San Francisco headquarters. ... The most simple explanation is that a lava lamp is a great way to generate randomness. Coding just isn't great at generating random numbers because, at its heart, code requires a system to mimic chaos."

Follow CircleID on Twitter

More under: Cybersecurity




US Department of Defense Getting Aggressive on Adoption of Cloud, Machine Learning

2017-11-07T12:57:00-08:00

The US Department of Defense is seeking private sector's help to "vault DOD" into the world of elastic computing, data management and analytics, cybersecurity, and machine learning. In an op-ed published in Defense One, Patrick Shanahan, U.S. Deputy Defense Secretary writes: "While the Department has made strides, our computing platforms are not keeping pace with private industry, or even international actors. To maintain advantage over increasingly capable and brazen adversaries, DOD must have a worldwide, secure, exponentially elastic, and resilient information environment that continually learns and adapts. We must adjust more rapidly than our opponents and deliver a superior understanding of the battlespace in order to deliver weapons on time and on target. We are aggressively pressing forward and invite the private sector to partner with us in this vital endeavor."

Follow CircleID on Twitter

More under: Cloud Computing, Cybersecurity, Data Center




Cyber Espionage Group, Snowbug Targets South American Foreign Policy

2017-11-07T11:22:00-08:00

Cyber espionage group targets South American and Southeast Asian governments using custom Felismus malware. Researchers at Symantec report: "Symantec has identified a previously unknown group called Sowbug that has been conducting highly targeted cyber attacks against organizations in South America and Southeast Asia and appears to be heavily focused on foreign policy institutions and diplomatic targets. Sowbug has been seen mounting classic espionage attacks by stealing documents from the organizations it infiltrates." So far Sowbug has mainly focused on government entities in South America and Southeast Asia and has infiltrated organizations in Argentina, Brazil, Ecuador, Peru, Brunei and Malaysia.

Follow CircleID on Twitter

More under: Cyberattack, Cybersecurity




Internet Goes Down for Parts of the US Due to a Misconfiguration

2017-11-06T20:58:00-08:00

Monday saw a nationwide series of outages due to a misconfiguration at Level 3, an internet backbone company. Lily Hay Newman reporting in Wired: "Network analysts say that the misconfiguration was a routing issue that created a ripple effect, causing problems for companies like Comcast, Spectrum, Verizon, Cox, and RCN across the country. ... The misconfiguration was a 'route leak,' according to Roland Dobbins, a principal engineer at the DDoS and network-security firm Arbor Networks, which monitors global internet operations."

Update Nov 7, 2017: Doug Madory, Director of Internet Analysis at Dyn, provides additional update and analysis on the incident. "At 17:47:05 UTC yesterday (6 November 2017), Level 3 (AS3356) began globally announcing thousands of BGP routes that had been learned from customers and peers and that were intended to stay internal to Level 3.  By doing so, internet traffic to large eyeball networks like Comcast and Bell Canada, as well as major content providers like Netflix, was mistakenly sent through Level 3’s misconfigured routers.  Traffic engineering is a delicate process, so sending a large amount of traffic down an unexpected path is a recipe for service degradation.  Unfortunately, many of these leaked routes stayed in circulation until 19:24 UTC leading to over 90 minutes of problems on the internet."

Follow CircleID on Twitter

More under: Access Providers




Researchers Find One-Third of IPv4 Address Space Under Some Type of DoS Attack

2017-11-05T12:50:00-08:00

For the first time, a large-scale analysis of victims of internet denial-of-service (DoS) attacks worldwide has resulted in discovery of millions of network addresses subjeted to denial-of-service attacks over a two-year period. The study was conducted by research scientists at CAIDA (Center for Applied Internet Data Analysis), based at the San Diego Supercomputer Center (SDSC) at the University of California San Diego. They report: "Our analysis leverages data from four independent global Internet measurement infrastructures over the last two years: backscatter traffic to a large network telescope; logs from amplification honeypots; a DNS measurement platform covering 60% of the current namespace; and a DNS-based data set focusing on DPS adoption. Our results reveal the massive scale of the DoS problem, including an eye-opening statistic that one-third of all /24 networks recently estimated to be active on the Internet have suffered at least one DoS attack over the last two years. We also discovered that often targets are simultaneously hit by different types of attacks. In our data, Web servers were the most prominent attack target; an average of 3% of the Web sites in .com, .net, and .org were involved with attacks, daily. Finally, we shed light on factors influencing migration to a DPS."

Follow CircleID on Twitter

More under: Cyberattack, Cybersecurity, DDoS, IP Addressing




Twitter Worker Who Disabled Trump Account Likely Violated Computer Fraud and Abuse Act, Says Lawyer

2017-11-05T11:41:00-08:00

A prominent attorney for cybersecurity issues says the unnamed Twitter worker who deactivated President Trump's Twitter account not to say anything and get a lawyer. Joe Uchill reporting in The Hill: "[W]hile the facts of the case are still unclear and the primary law used to prosecute hackers is murky and unevenly applied, there is a reasonable chance the Twitter worker violated the Computer Fraud and Abuse Act. ... The employee could be in a lot of trouble. This was not just unauthorized access, but damage ... noting that causing $5,000 worth of damage could carry a 10-year prison sentence. With the amount of traffic Trump's tweets garner for Twitter's business, that could be fairly easy to prove."

Follow CircleID on Twitter

More under: Law




Cloud Managed Services Market Expected to Reach $82.51 Billion by 2025

2017-11-03T13:08:00-08:00

(image) The global cloud managed services market is expected to reach USD 82.51 billion by 2025, according to market research and consulting company Grand View Research. From the report: "The need to focus on core business practices has increased the adoption of cloud managed services. The services include business services, network services, security services, data center services, and mobility services. ... In North America, the availability of advanced IT infrastructure is expected to drive the adoption of cloud managed services. The Asia Pacific and MEA regions are expected to witness considerable growth, as enterprises are shifting toward the cloud and prominent technology providers, such as IBM and Google, are making significant investments for the same."

Follow CircleID on Twitter

More under: Cloud Computing




EFF Warns ICANN Not to Engage in Censorship, Says It Should Stick to Technical Role

2017-11-02T08:52:00-08:00

A series of articles published by EFF, coinciding with ICANN's 60th meeting in Abu Dhabi this week, Jeremy Malcolm warns that domain name registrars, registries and ICANN can become "free speech week leaks" for online censorship. He writes: "ICANN appears to have voluntarily taken on further responsibility for addressing 'abuse involving' domain names through its appointment this year of a Consumer Safeguards Director with a background in law enforcement. EFF attended and reported on the first webinar held by the new Director, in which he downplayed the significance of his role, stating that it does not carry any enforcement powers. Yet a draft report of ICANN's Competition, Consumer Trust and Consumer Choice Review Team recommends that strict new enforcement and reporting obligations should be made compulsory for any new top-level domains that ICANN adopts in the future. ICANN's Non-Commercial Stakeholder Group (NCSG) has explained why many of these recommendations would be unnecessary and harmful." ICANN should maintain its current limited role in the technical administration of a secure and stable domain name system, Malcolm says. ICANN "should not pick up the censor's pen."

Follow CircleID on Twitter

More under: Censorship, Domain Management, DNS, Domain Names, ICANN, Intellectual Property, Registry Services




Security Researchers are Warning About a New IoT Botnet Storm Brewing

2017-10-31T11:43:00-08:00

(image) A brand new botnet, dubbed ‘IoTroop’, is discovered evolving and recruiting IoT devices at a far greater pace and with more potential damage than the Mirai botnet of 2016. Researchers at the security firm, Check Point, are warning that "a massive Botnet is forming to create a cyber-storm that could take down the internet. ... Our research suggests we are now experiencing the calm before an even more powerful storm. The next cyber hurricane is about to come."

A far more sophisticated campaign: "While some technical aspects lead us to suspect a possible connection to Mirai, this is an entirely new and far more sophisticated campaign that is rapidly spreading worldwide. It is too early to guess the intentions of the threat actors behind it, but with previous Botnet DDoS attacks essentially taking down the Internet, it is vital that organizations make proper preparations and defense mechanisms are put in place before an attack strikes."

Attack spreading by IoT devices: "With each passing day the malware was evolving to exploit an increasing number of vulnerabilities in Wireless IP Camera devices such as GoAhead, D-Link, TP-Link, AVTECH, NETGEAR, MikroTik, Linksys, Synology and others. It soon became apparent that the attempted attacks were coming from many different sources and a variety of IoT devices, meaning the attack was being spread by the IoT devices themselves."

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, Cybersecurity, Internet of Things, Malware