Subscribe: CircleID: News Briefs
http://www.circleid.com/rss/rss_news/
Preview: CircleID: News Briefs

CircleID: News Briefs



Latest news postings on CircleID



Updated: 2017-04-28T18:30:00-08:00

 



NSA to Stop Collecting American Emails To and From Overseas

2017-04-28T11:30:00-08:00

U.S. National Security Agency (NSA) will halt its controversial warrantless surveillance program which collects Americans' emails and texts sent to and from people overseas and that mention a foreigner under surveillance, according to a New York Times report today. Betsy Woodruff reporting in the Daily Beast writes: "The FISC ruling is expected to be publicized soon, and to indicate that the NSA has stopped using this surveillance tactic because it couldn't fully comply with procedures designed to protect Americans' constitutional rights. ... The surveillance tactic at issue is known as 'about' collection ... [that] lets the NSA store and read internet communications pertaining to foreign targets that move through American companies. 'About' collection is the process by which the NSA searches through those electronic communications it collects as they're in traffic in transit across the Internet backbone."

Follow CircleID on Twitter

More under: Privacy, Security




Over 800 Startups Send Letter to Pai: Focus Instead on Policies for Stronger Internet for Everyone

2017-04-27T09:30:00-08:00

The coalition led by Engine, Y Combinator, and Techstars, along with over 800 tech startups sent a letter to Federal Communications Commission (FCC) Chairman Ajit Pai urging him to focus "on policies that would promote a stronger Internet for everyone," rather than dismantling the existing net neutrality framework. On Wednesday, Pai gave a stern speech in Washington about his intent to reverse rules that boosted government regulatory powers over Internet service providers: "this is a fight that we intend to wage." The letter sent to Pai argues: “Without net neutrality, the incumbents who provide access to the Internet would be able to pick winners or losers in the market." ... "We are concerned by reports that you would replace this system with a set of minimum voluntary commitments, which would give a green light for Internet access providers to discriminate in unforeseen ways. Rather than dismantling regulations that allow the startup ecosystem to thrive, we urge you to focus instead on policies that would promote a stronger Internet for everyone." The full letter is posted on the Engine website.

Follow CircleID on Twitter

More under: Access Providers, Net Neutrality, Policy & Regulation




Fierce Political Battle Expected as FCC Chair Elaborated on Plan to Reverse 'Net Neutrality' Rules

2017-04-26T17:26:01-08:00

FCC Chairman Ajit Pai speaking in Washington today, said he wants to reverse rules that boosted government regulatory powers over Internet service providers. "Proponents who fought to get the rules passed said his proposal would set off a fierce political battle over the future of the Internet regulation," reports David Shepardson in Reuters. Ajit Pai ended his speech today stating: "When the FCC rammed through the Title II Order two years ago, I expressed hope that we would look back at that vote 'as an aberration, a temporary deviation from the bipartisan path that ha[d] served us so well.' And I voiced my confidence that the Title II Order's days were already numbered. At the FCC's next meeting on May 18, we will take a significant step towards making that prediction a reality. And later this year, I am confident that we will finish the job. Make no mistake about it: this is a fight that we intend to wage and it is a fight that we are going to win."

Follow CircleID on Twitter

More under: Access Providers, Net Neutrality, Policy & Regulation




Cuba Getting Faster YouTube Access in Next 24 Hours, Thanks to Deal Signed in December

2017-04-26T11:54:00-08:00

In the December of last, Cuba singed a deal with Google to enable faster access to content served via its popular platforms such Gmail and YouTube. Under the deal, Cuba would gain access to a network of local servers called Google Global Cache that would reduce access time for content served via Google-owned sources. Today, Doug Madory, Dyn's Director of Internet Analysis, emailed to report that Google’s (Google Global Cache) GGC nodes have finally gone active in the past 24hrs. "It is a milestone as this is the first time an outside internet company has hosted anything in Cuba. Also, this is the first tangible development from Google's involvement in the country since wiring Kcho’s art studio with free WiFi"

Also pointed out by Madory: If you drop this Cuban IP address [http://190.92.112.12] into your browser, it will redirect you to Google’s homepage. This is one of the IPs ETECSA is using for the GGC service.

Follow CircleID on Twitter

More under: Access Providers, Web




A Report on Cyber Espionage Activities of Pawn Storm Over the Past Two Years

2017-04-25T12:55:00-08:00

Security firm, Trend Micro, released a paper today detailing Pawn Storm's operations within the last two years. Pawn Storm, also known as Sednit, Fancy Bear, APT28, Sofacy, and STRONTIUM, is a cyber espionage organization operating for over a decade which has been particularly aggressive in the past few years. From the report: "Pawn Storm has become increasingly relevant over the past two years, particularly because the group has been found to be doing more than espionage alone. In 2016, Pawn Storm attempted to influence public opinion, influence elections, and attempted to sway the mainstream media with stolen data. Earlier, Pawn Storm may seem to have limited their activities to political, military, and domestic espionage. Today the impact can be felt by various industries and enterprises operating throughout the world. ... In 2016, the group not only attacked the Democratic National Convention (DNC), but also targeted the German political party Christian Democratic Union (CDU), the Turkish parliament, the parliament in Montenegro, and the World Doping Agency (WADA). ... We have compiled data on targets and campaigns conducted by the group, as well as details on the specific attacks used to compromise victims. Later sections cover the operational side of the group, from their facilitators to their attitude about organizational security."

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, Security




Denmark Says Russia Has Been Hacking Its Defense Ministry for Past Two Years

2017-04-24T19:37:00-08:00

According to a new report by the Danish government's Center for Cybersecurity, hackers have breached email accounts and servers at both the Defense Ministry and the Foreign Ministry in 2015 and 2016. Neil MacFarquhar from the New York Times reports: "Although the report, made public on Sunday, did not name Russia, Defense Minister Claus Hjort Frederiksen blamed Moscow in his remarks to the Danish news media. ... 'This is part of a continuing war from the Russian side in this field, where we are seeing a very aggressive Russia. The hacked emails don't contain military secrets, but it is of course serious.' ... The Kremlin on Monday denied accusations."

Follow CircleID on Twitter

More under: Cyberattack, Security




Walden Savings Bank to Switch from .com to a .bank TLD

2017-04-24T16:56:00-08:00

Walden Savings Bank will be the fifth bank in New York state to switch its domain name from a .com top-level domain (TLD) to the new .bank TLD in May of this year. Daniel Axelrod reporting in Times Herald-Record: "The change makes Walden an early adopter of a cyber-banking security measure that's gradually taking root mostly among community banks or those with less than $10 billion in assets and a local lending focus. ... Part of the delay for the domain’s implementation is a function of the cost and effort for banks to change computer systems, email addresses, business cards and marketing materials. Still, the .bank change is cheaper and easier than the alternate route some of America’s big banks are taking ... Large firms, like Citibank and Chase, are opting for self-named domains, such as .citi and .chase, which are great branding tools, but they require significant back-end effort to register."

Follow CircleID on Twitter

More under: Security, Top-Level Domains




Russia Hacker Sentenced to 27 Years in Prison by U.S. Federal District Court

2017-04-22T08:12:00-08:00

A 32-year-old Russia man was sentenced on Friday to 27 years in prison for computer hacking crimes that is reported to have caused over $169 million in damages to small businesses and financial institutions. Roman Valeryevich Seleznev, going by the name Track2, was convicted in August 2016, of 38 counts related to his scheme to hack into point-of-sale computers to steal credit card numbers and sell them on dark market websites. From the official release: "According to evidence presented at trial, between October 2009 and October 2013, Seleznev hacked into retail point-of-sale systems and installed malicious software (malware) that allowed him to steal millions of credit card numbers from more than 500 U.S. businesses and send the data to servers that he controlled in Russia, the Ukraine and McLean, Virginia. Seleznev then bundled the credit card information into groups called "bases" and sold the information on various criminal "carding" websites to buyers who used them for fraudulent purchases, according to evidence introduced during the trial of this case. Many of the businesses targeted by Seleznev were small businesses, and included restaurants and pizza parlors in Western Washington, including Broadway Grill in Seattle, which was forced into bankruptcy following the cyber assault. Testimony at trial revealed that Seleznev's scheme caused approximately 3,700 financial institutions more than $169 million in losses."

Follow CircleID on Twitter

More under: Cybercrime, Law




UK Government Reports Nearly Half of Businesses Identified Cyber Security Breaches in the Past Year

2017-04-21T09:37:00-08:00

The UK government has released the results of national cybersecurity survey revealing nearly seven in ten large companies in the country have identified a breach or attack in the past 12 months. The report also says that businesses holding electronic personal data on customers were much more likely to suffer cyber breaches than those that do not (51 per cent compared to 37 per cent). "The most common breaches or attacks were via fraudulent emails — for example coaxing staff into revealing passwords or financial information, or opening dangerous attachments — followed by viruses and malware, such as people impersonating the organization online and ransomware. ... Of the businesses which identified a breach or attack, almost a quarter had a temporary loss of files, a fifth had software or systems corrupted, one in ten lost access to third party systems they rely on, and one in ten had their website taken down or slowed."

(image)

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, Security




Canada's Telecom Regulator to Uphold and Strengthen Commitment to Net Neutrality

2017-04-20T19:23:00-08:00

The Canadian Radio-television and Telecommunications Commission (CRTC) today announced that it will strengthened its commitment to net neutrality. "Internet service providers should treat data traffic equally to foster consumer choice, innovation and the free exchange of ideas." CRTC is also publishing a new framework regarding differential pricing practices. The framework, the agency says, is intended to "supports a fair marketplace for services, cultural expression and ideas in which Internet service providers compete on price, quality of service, speeds, data allowance and better service offerings, rather than by treating the data usage of certain content differently."

— "The CRTC is of the view that differential pricing generally gives an unfair advantage or disadvantage to certain content providers and consumers."

— "After assessing Videotron’s Unlimited Music Service under the new framework, the CRTC found that the company is giving an undue preference to certain consumers and music streaming services, while subjecting other consumers and content providers to an unreasonable disadvantage. Videotron must ensure its Unlimited Music Service comes into compliance within 90 days."

Follow CircleID on Twitter

More under: Access Providers, Net Neutrality, Policy & Regulation, Telecom




Pirate Bay Founder and Other Internet Activists Launch Domain Privacy Service

2017-04-19T16:26:00-08:00

A team of Internet activists including co-founder and ex-spokesperson of the Pirate Bay, Peter Sunde, today announced the launch of a unique domain name service, called Njalla, designed to act as a "privacy shield" for registrants. "Think of us as your friendly drunk (but responsibly so) straw person that takes the blame for your expressions," says the group. "As long as you keep within the boundaries of reasonable law and you're not a right-wing extremist, we're for promoting your freedom of speech, your political weird thinking, your kinky forums and whatever." The group points out that Njalla is not a domain name registration service, but sit between the domain name registration service and the registrant. "When you purchase a domain name through Njalla, we own it for you. However, the agreement between us grants you full usage rights to the domain. Whenever you want to, you can transfer the ownership to yourself or some other party."

Follow CircleID on Twitter

More under: Domain Names, Privacy




New In-depth Analysis Finds Thousands of Domains Used in Technical Support Scams

2017-04-17T14:59:00-08:00

A study conducted by PhD candidates at the Stony Brook University resulted in identifying malvertising as a major culprit for exposing users to technical support scams which allowed them to build an automated system capable of discovering, on a weekly basis, hundreds of phone numbers and domains operated by scammers. They wrote: "By allowing our system to run for more than 8 months we collect a large corpus of technical support scams and use it to provide insights on their prevalence, the abused infrastructure, the illicit profits, and the current evasion attempts of scammers. .. [I]n a period of 250 days, we discover 8,698 unique domain names involved in technical support scams, claiming that users are infected and urging them to call one of the 1,581 collected phone numbers. To the best of our knowledge, our system is the first one that can automatically discover hundreds of domains and numbers belonging to technical support scammers every week, without relying on manual labor or crowdsourcing, which appear to be the main methods of collecting instances of technical support scams used by the industry. ... From a financial perspective, we take advantage of publicly exposed webserver analytics and estimate that, just for a small fraction of the monitored domains, scammers are likely to have made more than 9 million dollars."

Follow CircleID on Twitter

More under: Cybercrime, Domain Names




Internet Association Meets With the FCC In Efforts to Preserve Net-Neutrality Rules

2017-04-12T13:10:00-08:00

"The plan to eliminate net neutrality rules and replace them with voluntary commitments is not winning over lobbyists for major Internet companies." Jon Brodkin reporting in Ars Technica: "Federal Communications Commission Chairman Ajit Pai and his staff met yesterday with the Internet Association, a trade group whose members include Amazon, Dropbox, eBay, Facebook, Google, Microsoft, Netflix, PayPal, Reddit, Spotify, Twitter, and about 30 other Web companies. The meeting occurred about a week after Pai reportedly met with broadband industry lobby groups to discuss his plans for eliminating net neutrality rules."

Internet Association CEO Michael Beckerman released a letter yesterday stating the points made with respect to the FCC's 2015 Open Internet Order ("the OI Order") which included the following:

— "IA continues its vigorous support of the FCC's OI Order, which is a vital component of the free and open internet. The internet industry is uniform in its belief that net neutrality preserves the consumer experience, competition, and innovation online. In other words, existing net neutrality rules should be enforced and kept intact."

— "The OI Order is working well and has been upheld by a DC Circuit panel. Further, IA preliminary economic research suggests that the OI Order did not have a negative impact on broadband internet access service (BIAS) investment."

Follow CircleID on Twitter

More under: Net Neutrality, Policy & Regulation




Study Finds $9.8B Opportunity In Universal Acceptance of All New Generic and Internationalized TLDs

2017-04-11T14:33:00-08:00

Proportion of Internet users, website and native language speakers / Analysysy Mason paper Report from a new study by Analysys Mason, commissioned by the Universal Acceptance Steering Group (UASG), says there is a potential USD $9.8 billion growth opportunity in online revenue through a routine update to Internet systems, including those for speakers of languages that do not use the English script. "The Domain Name System (DNS) has expanded dramatically and now includes more than 1,200 gTLDs. Many of those top-level domains are longer than the legacy three-character domain name (e.g. .com, .edu and .org) or are in non-Latin based scripts (such as Chinese, Arabic or Cyrillic). ... [A]lthough many online systems do not recognize these domain names as valid. For example, problems may arise when a user enters a domain name or related email address into an online form on a website and it is rejected. When this happens, it not only frustrates the user and reduces the opportunities for the organization to win a new customer, but it also lessens the cultural, social and economic benefits made possible by the Internet." — Ram Mohan, Chair of UASG: "To excel in the long run, organizations should seize the opportunity — and responsibility — to ensure that their systems work with the common infrastructure of the Internet — the domain name system. Universal Acceptance unlocks a significant economic opportunity and provides a gateway to the next billion Internet users by ensuring a consistent and positive experience for Internet users globally. Additionally, governments and NGOs will be better able to serve their citizens and constituencies if they adopt Universal Acceptance." — Research estimates that support for Internationalized Domain Names could bring 17 million new users online. These include users whose lack of local language services was previously a barrier to a complete online experience. "The report's estimate is based on the examination of just five major languages and language groups that would benefit from IDNs because they use non-Latin scripts (Russian, Chinese, Arabic, Vietnamese and Indic language groups) and the proportion of non-Internet users for whom a lack of local language services is a barrier. The research shows that online spending from these new IDN users could start at USD 6.2 billion per year." — Potential increased revenues from existing gTLD users: "According to one study, 13 percent of websites reject new domain names with more than three letters — when a simple update of these websites (effectively a "bug fix") could increase online revenues by USD 3.6 billion per year as a result of Universal Acceptance." — Andrew Kloeden, Principal at Analysys Mason: "Our analysis shows that the main impediment to Universal Acceptance is a lack of awareness of the issue, rather than any technical challenges. This is not a heavy lift. The efforts required by software and application owners to implement UA are not particularly onerous; in fact most companies treat UA issues simply as ‘bug fixes.’" Follow CircleID on TwitterMore under: DNS, Email, Top-Level Domains, Web [...]



Substantial Majority of Americans Say Local Governments Should Be Able to Build Their Own Broadband

2017-04-10T20:19:00-08:00

A recent study conducted Pew Research Center in March 13-27, has found a substantial majority of the American public (70%) believes local governments should be able to build their own broadband networks if existing services in the area are either too expensive or not good enough. "As the Federal Communications Commission continues to address broadband infrastructure and access, Americans have mixed views on two policies designed to encourage broadband adoption ... A number of state laws currently prevent cities from building their own high-speed networks, and several U.S. senators recently introduced a bill that would ban these restrictions. ... Americans have different levels of support for broadband subsidies based on political affiliation. Six-in-ten Democrats and independents who lean Democratic say the government should help lower-income Americans purchase high-speed internet service, but that figure falls to just 24% among Republicans and Republican-leaning independents."

(image)

Follow CircleID on Twitter

More under: Broadband, Policy & Regulation




German Minister Calls for Rules Allowing Nations to Attack Foreign Hackers

2017-04-10T16:56:00-08:00

"Germany is trying to beef up its cyber defense, after the interior minister called for rules that allow nations to attack foreign hackers targeting critical infrastructure." Stefan Nicola reporting in Bloomberg: "[Germany] is currently evaluating whether it needs to draft new legislation to ensure its security forces are legally cleared to defend the country against cyber attacks that target, for example, its electricity infrastructure ... [in addition,] there's growing concern in the country over warnings that Russia may seek to destabilize the German government and meddle with the country's Sept. 24 federal elections. Germany's Bundeswehr armed forces inaugurated a new cyber defense unit last week that by July will have a staff of 13,500 to defend against online attacks."

Follow CircleID on Twitter

More under: Cyberattack, Law, Policy & Regulation




Worldwide Cloud IT Infrastructure Spend Grew 9.2% to $32.6 Billion in 2016, Reports IDC

2017-04-10T08:05:01-08:00

Worldwide Cloud IT Infrastructure Top Cloud Vendors 2016 Q4 vs 2015 Q4 – Source: Worldwide Quarterly Cloud IT Infrastructure Tracker, Q4 2016 Vendor revenue from sales of infrastructure products (server, storage, and Ethernet switch) for cloud IT, including public and private cloud, grew by 9.2% year over year to $32.6 billion in 2016, with vendor revenue for the fourth quarter (4Q16) growing at 7.3% to $9.2 billion. According to the latest report from International Data Corporation (IDC) Worldwide Quarterly Cloud IT Infrastructure Tracker, "Cloud IT infrastructure sales as a share of overall worldwide IT spending climbed to 37.2% in 4Q16, up from 33.4% a year ago." — "Revenue from infrastructure sales to private cloud grew by 10.2% to $3.8 billion, and to public cloud by 5.3% to $5.4 billion. In comparison, revenue in the traditional (non-cloud) IT infrastructure segment decreased 9.0% year over year in the fourth quarter." — "Private cloud infrastructure growth was led by Ethernet switch at 52.7% year-over-year growth, followed by server at 9.3%, and storage at 3.6%. Public cloud growth was also led by Ethernet switch at 30.0% year-over-year growth, followed by server at 2.4% and a 2.1% decline in storage. In traditional IT deployments, storage declined the most (10.8% year over year), with Ethernet switch and server declining 3.4% and 9.0%, respectively." — Kuba Stolarski, research director for Computing Platforms at IDC: "Growth slowed to single digits in 2016 in the cloud IT infrastructure market as hyperscale cloud datacenter growth continued its pause. Network upgrades continue to be the focus of public cloud deployments, as network bandwidth has become by far the largest bottleneck in cloud datacenters. After some delays for a few hyperscalers, datacenter buildouts and refresh are expected to accelerate throughout 2017, built on newer generation hardware, primarily using Intel's Skylake architecture." — "From a regional perspective, vendor revenue from cloud IT infrastructure sales grew fastest in Japan at 42.3% year over year in 4Q16, followed by Middle East & Africa at 33.6%, Canada at 16.6%, Western Europe at 15.6%, Asia/Pacific (excluding Japan) at 14.5%, Central and Eastern Europe at 11.6%, Latin America at 9.9%, and the United States at 0.1%." Follow CircleID on TwitterMore under: Cloud Computing, Data Center [...]



Researches Demonstrate How IPv6 Attacks Can Bypass Network Intrusion Detection Systems

2017-04-09T15:12:00-08:00

With the increasing popularity of IoT devices and the added interest of transition to IPv6, a whole new range of threat vectors are evolving that allow attackers to set up undetectable communications channels across networks. Juha Saarinen reporting in iTnews: "A paper has been published by researchers at the NATO defence alliance's Cooperative Cyber Defence Centre of Excellence and Estonia's Tallinn University of Technology. It outlines how attackers can create covert data exfiltration channels and system remote control, using IPv6 transition mechanisms. ... The researchers developed proofs of concept with tunnel-based IPv6 transition tools over IPv4-only, or IPv4/IPv6 dual-stack networks, that were able to pass traffic undetected by common network intrusion detection systems (NIDS) such as Snort, Suricata, Bro and Moloch."

Follow CircleID on Twitter

More under: Cyberattack, IPv6, Security




Permanent Denial-of-Service Attacks on the Rise, Incidents Involve Hardware-Damaging Assaults

2017-04-08T14:13:00-08:00

Also known loosely as "phlashing" in some circles, Permanent Denial-of-Service (PDoS) is an increasing popular form of cyberattack that damages a system so badly that it requires replacement or reinstallation of hardware. "By exploiting security flaws or misconfigurations, PDoS can destroy the firmware and/or basic functions of system," report researchers from security firm, Radware. "It is a contrast to its well-known cousin, the DDoS attack, which overloads systems with requests meant to saturate resources through unintended usage. ... Over a four-day period, Radware's honeypot recorded 1,895 PDoS attempts performed from several locations around the world. Its sole purpose was to compromise IoT devices and corrupt their storage. ... Upon successful access to the device, the PDoS bot performed a series of Linux commands that would ultimately lead to corrupted storage, followed by commands to disrupt Internet connectivity, device performance, and the wiping of all files on the device."

Follow CircleID on Twitter

More under: Cyberattack, DDoS, Internet of Things, Security




IRS Reports Hackers Accessed Data of Up to 100,000 People via Financial Aid Site for Students

2017-04-08T12:55:00-08:00

U.S. Internal Revenue Service Commissioner (IRS) testified before the Senate Finance Committee stating the agency has discovered fraudsters could use someone's personal data to fill out a financial aid application, and the "Data Retrieval Tool" would populate the application with tax information. Selena Larson reporting in CNN: "That information could be used to file false tax returns. The commissioner said fewer than 8,000 of these returns were processed, and refunds were issued totaling $30 million. ... IRS flagged 100,000 accounts of people who started the application, used the Data Retrieval Tool, but then didn't finish it. The IRS is alerting those people, as they may have had their information compromised ... 2016 tax season saw a 400% increase in phishing and malware."

Follow CircleID on Twitter

More under: Cybercrime, Security