Cybersecurity

NSA to Stop Collecting American Emails To and From Overseas

U.S. National Security Agency (NSA) will halt its controversial warrantless surveillance program which collects Americans' emails and texts sent to and from people overseas and that mention a foreigner under surveillance, according to a New York Times report today. more

New Chapter Working Groups Open Closed Doors

One thing was clear from a recent presentation by the new leaders of the SF-Bay Internet Society (ISOC) Chapter Working Groups: inclusion and collaboration will be the key to these groups' success. As Dr. Brandie Nonnecke, the Internet Governance Working Group (WG) Chair said, "We haven't yet cracked the code on what 'multistakeholder' means." But that won't stop her and Dr. Jaclyn Kerr, the Data Protection, Privacy, and Security WG Chair, from trying. more

The Sysadmin’s Guide to Securing Your SaaS Apps

As an admin, app security should be a top priority - but SaaS apps represent a difficult challenge in that regard. How can you protect your business from their risks, while enjoying all their rewards? Within the average enterprise, there are 508 unique cloud applications in use. That number's overwhelming enough on its own without considering that 88% of those applications aren't enterprise ready, or the fact that one in five cloud applications has data sharing as a core functionality. more

A Report on Cyber Espionage Activities of Pawn Storm Over the Past Two Years

Pawn Storm, also known as Sednit, Fancy Bear, APT28, Sofacy, and STRONTIUM, is a cyber espionage organization operating for over a decade which has been particularly aggressive in the past few years. more

Denmark Says Russia Has Been Hacking Its Defense Ministry for Past Two Years

According to a new report by the Danish government's Center for Cybersecurity, hackers have breached email accounts and servers at both the Defense Ministry and the Foreign Ministry in 2015 and 2016. more

Walden Savings Bank to Switch from .com to a .bank TLD

Walden Savings Bank will be the fifth bank in New York state to switch its domain name from a .com top-level domain (TLD) to the new .bank TLD in May of this year. more

UK Government Reports Nearly Half of Businesses Identified Cyber Security Breaches in the Past Year

The UK government has released the results of national cybersecurity survey revealing nearly seven in ten large companies in the country have identified a breach or attack in the past 12 months. more

M3AAWG Offers Some Sensible Password Advice

M3AAWG is a trade association that brings together ISPs, hosting providers, bulk mailers, and a lot of infrastructure vendors to discuss messaging abuse, malware, and mobile abuse. (Those comprise the M3.) One of the things they do is publish best practice documents for network and mail operators, including two recently published, one on Password Recommendations for Account Providers, and another on Password Managers Usage Recommendations. more

Understand More, Fear Less: Will G20 Be Able to Contribute to an Internet Future with a Human Face?

Last week, the G20's ministers responsible for the digital economy met in Düsseldorf to prepare this year's G20 summit, scheduled for Hamburg, July 2017. Building on important strides initiated two years ago during the G20 summit in Antalya and based on the G20 Digital Economy Development and Cooperation Initiative (DEDCI), which was adopted last year under the Chinese G20 presidency, the Düsseldorf meeting adopted a "G20 Digital Economy Ministerial Declaration" which also includes a "Roadmap for Digitalisation". One day before the ministerial meeting, non-state actors were invited to discuss "Policies for a Digital Future" within a so-called Multistakeholder Conference. more

Researches Demonstrate How IPv6 Attacks Can Bypass Network Intrusion Detection Systems

With the increasing popularity of IoT devices and the added interest of transition to IPv6, a whole new range of threat vectors are evolving that allow attackers to set up undetectable communications channels across networks. more

Permanent Denial-of-Service Attacks on the Rise, Incidents Involve Hardware-Damaging Assaults

Also known loosely as "phlashing" in some circles, Permanent Denial-of-Service (PDoS) is an increasing popular form of cyberattack that damages a system so badly that it requires replacement or reinstallation of hardware. more

IRS Reports Hackers Accessed Data of Up to 100,000 People via Financial Aid Site for Students

U.S. Internal Revenue Service Commissioner (IRS) testified before the Senate Finance Committee stating the agency has discovered fraudsters could use someone's personal data to fill out a financial aid application, and the "Data Retrieval Tool" would populate the application with tax information. more

Google to Distrust Symantec-Issued Certificates Amid Misuse

In a post on a developers’ forum, software engineer on the Google Chrome team Ryan Sleevi has announced Google’s plan to start gradually distrust all existing Symantec-issued certificates. more

Use STIX to Block Robocalls

It is one of those oddities that occurs around Washington from time to time. During the same hour today, the Federal Communications Commission (FCC) was meeting at its downtown headquarters trying to stop robocalls, while a large gathering of government and industry cybersecurity experts were meeting a few miles away at Johns Hopkins Applied Physics Lab advancing the principal means for threat information sharing known as STIX. more

Cisco Warning Software Used in Hundreds of Its Products Vulnerable to Critical Security Flaw

The security flaw was discovered by the company's own security researchers in WikiLeaks' most recent disclosure of classified information, released last week. more