Cybersecurity

IETF Releases the New and Improved Internet Security Protocol, TLS 1.3

Internet Engineering Task Force (IETF) has announced the official release of TLS 1.3. more

Microsoft Releases a Cybersecurity eBook, Free Download

Micorsoft has released a 253 page cybersecurity ebook primarily intended for teens but also serves as a useful resource for adults interested in overall understanding of various Internet security topics. more

Microsoft Announces Plans to Adopt DoH in Windows

Microsoft announced today its plans to adopt DNS over HTTPS (DoH) protocol in Windows and will also keep other options such as DNS over TLS (DoT) on the table for consideration. more

Reality Check on the 5G Security MAGAverse

As chance has it, the attempt by NTIA to create a fake Trump Open 5G Security Framework MAGAverse as they headed out the door on 15 January is being followed this week by the global meeting of 3GPP SA3 (Security) to advance the industry's real open 5G security Framework. Designated TSGS3-102e (the 102nd meeting, occurring electronically), it continues the practice of assembling companies, organisations, and agencies from around the world every 8 to 12 weeks to focus on 5G security for current and future releases of 5G infrastructure. more

Close to 20% VPN Providers Reported Leaking Customer IP Addresses via WebRTC Bug

Close to 20% of popular VPN services are reported to be leaking customer's IP address via a WebRTC bug known since January 2015, and which "some VPN providers have never heard of." more

Ensuring Maximum Resilience to the DNS?

Yesterday CommunityDNS noticed a sudden, heavy spike in traffic through its Anycast node in Hong Kong. While comfortably processing queries at 863,000 queries per second for close to 2 hours the occurrence was undeniable. While we can't say the increase in traffic was specifically due to DDoS, its sudden increase is suspicious and reminds us that DDoS is still a popular tool used by the malicious community. more

Securing Weak Links in Supply Chain Attacks

We've all heard the term, "you're only as strong as your weakest link." Whether talking about a tug of war on the playground, a sports team, or a business, this rings as true as ever. Every business relies on a series of suppliers and vendors -- be it the dairy farm supplying milk to the multinational food manufacturer or the payment systems that retailers use. These links form supply chains that every business, large and small, deals with. There is simply no way around it. more

Spamford Wallace Gets Sued Yet Again

If there were a lifetime achievement award for losing lawsuits for being annoying, Sanford Wallace would be a shoo-in. Fifteen years ago, his junk faxing was a major impetus for the TCPA, the law outlawing junk faxes. Later in the 1990s, his Cyber Promotions set important legal precedents about spam in cases where he lost to Compuserve and AOL. Two years ago, he lost a suit to FTC who sued his Smartbot.net for stuffing spyware onto people's computers. And now, lest anyone think that he's run out of bad ideas, he's back, on the receiving end of a lawsuit from MySpace... more

Beyond the Top Level: DNSSEC Deployment at ICANN 40

I recently wrote about the encouraging level of DNSSEC adoption among top-level domain name registries, and noted that adoption at the second level and in applications is an important next step for adding more security to the DNS. The root and approximately 20 percent of the top level domains are now signed; it is time for registrars and recursive DNS servers operated by the ISPs to occupy center stage. more

The Kaljarund Commission: Building Bridges Over Troubled Cyber-Water

There was one message which overshadowed all discussions at the 5th Global Conference on Cyber Space (GCCS) in New Delhi in November 2017: Instability in cyberspace is as dangerous as climate change. With four billion Internet users and five trillion dollars annually in digital transactions, instability in cyberspace has the potential to ruin the world. more

FTC Announces Internet of Things Challenge, Offers $25,000 for Best Technical Solution

The Federal Trade Commission is challenging the public to create an innovative tool to help protect consumers from security vulnerabilities in the software of home devices connected to the Internet of Things. more

New Type of DDoS Attack Targets Vulnerability in Universal Plug and Play Networking Protocol

A new type of DDoS attack takes advantage of an old vulnerability with the potential to put any company with an online presence at risk of attack warn researchers. more

Civil Society Hung Out To Dry in Global Cyber Espionage

This post was co-authored by Sarah McKune, a senior researcher at the Citizen Lab. Public attention to the secretive world of cyber espionage has risen to a new level in the wake of the APT1: Exposing One of China's Cyber Espionage Units report by security company Mandiant. By specifically naming China as the culprit and linking cyber espionage efforts to the People's Liberation Army, Mandiant has taken steps that few policymakers have been willing to take publicly, given the significant diplomatic implications. more

3 Processes That Ensure IoT Cybersecurity Compliance

IoT devices have ingrained themselves into almost every aspect of modern life. From home assistants to industrial machinery, it's hard to find a device that isn't connected to a network and gathering data. Despite widespread adoption, IoT cybersecurity compliance remains surprisingly low. A big reason for this is the unique challenges IoT devices pose to operators. more

27 Countries Issue Joint Statement on ‘Advancing Responsible State Behavior in Cyberspace’

The joint statement was released on Monday at the United Nations ahead of the UN General Assembly's General Debate calling on all states to support the evolving framework and to join in ensuring "greater accountability and stability in cyberspace." more