Internet Security News, Articles and Updates

NIST 1.1 tackles cybersecurity metrics, supply chain

The second draft update of the landmark NIST CSF ups its value and ease of use.

New Mirai variant back on radar after new exploit code published

A new strain of the Mirai IoT malware has been discovered following the publication of exploit code targeting networking equipment.

2020 Census at risk of interference, GAO says

The Government Accountability Office said the security of the 2020 Census IT systems falls short and called for greater congressional oversight.

Microsoft adds ransomware defense with new Windows update

Microsoft is claiming that the latest version of Windows 10, the Fall Creator's Update, is the most secure version of the operating system yet released.

Mirai Botmaster behind Deutsche Telekom router hijack pleads guilty

A 29-year-old hacker has plead guilty in German court to an attack last year which downed internet service all across the country.

Cisco patches critical remote code execution flaw in WebEx browser extensions

Cisco on Monday released software updates to fix a critical remote code execution vulnerability in its WebEx browser extensions for both the Google Chrome and Mozilla Firefox browsers.

FCC votes to rollback net neutrality regs

The vote, which had been anticipated and hotly debated, was cast along party lines.

FCC claims DDoS, not John Oliver fans advocating net neutrality, slowed site

The Federal Communications Commission blamed a website slowdown to DDoS attacks not a charge of protests led by "Last Week Tonight" host John Oliver.

RiskSecNY: Tips for Threat Sharing

Threat Sharing should be a two-way street with all parties sharing relevant information with each other.

Chrome extension trojan places victims in an endless malware loop

People in several Central and South American countries who want nothing more than to watch video online are being hit with a trojans that redirects the viewers to a new URL that contains malicious content.

FCC chair calls for net neutrality rollback

While he didn't offer many details of the new plans - those will be released Thursday - Ajit Pai called the regulations on the internet adopted by the FCC two years ago, "heavy handed" and politically motivated.

Met Police officer buys malware that monitors messages, calls and more

A London police officer has purchased malware for mobile phones and computers that can intercept calls, emails and more.

CREST/IISP Con: We have tools to fix it so why's the internet still broken?

Malicious hackers are taking advantage of broken internet infrastructure that could be fixed, said NCSC technical director Ian Levy in his keynote speech yesterday at CRESTCon & IISP Congress 2017.

Web hacking only getting worse as webmasters fail to patch ageing code

As part of its #NoHacked campaign, Google has published figures on the state of website security, and the trend doesn't look good.

Zscaler reveals risk of SSL based threats, warns of new security priority

More than half of the internet traffic is already HTTPS encrypted for the sake of higher security. However, the encrypted traffic is used by cyber-criminals as well to hide their malicious activities from detection.

US telecoms regs bow to ISPs, customers no longer federally protected

The US Federal Communications Commission has bowed to the telecoms lobby in blocking a regulation which would make ISPs take 'reasonable measures' to protect customer data.

Securing smart cities requires collaboration

"Cybersecurity is a service and the service is enterprise is risk management," City of San Diego Chief Information Security Officer, Deputy Director Gary Hayslip

SPY Car Study Act calls for research to secure connected cars

A bipartisan group of legislators recently proposed a bill that would call for industry professionals to study how to secure connected vehicles.

Mozilla issues five critical patches for Firefox and Firefox ESR

Mozilla issued two security advisories covering Firefox and Firefox ESR that between them contain 33 security patches, five rated as critical.

Patch Tuesday: Adobe Flash Player receives updates for 13 security issues

Adobe's first Patch Tuesday of 2017 features 42 critical security fixes for its Flash Player and other products.

White hats to the rescue?

The holiday spirit was not lost on everyone as Kaspersky Labs researchers came across what the company believes are some white hat hackers trying to recover stolen data.

Microsoft Edge flaw allows fake website warnings

Flaws in Microsoft's Edge's SmartScreen feature is allowing tech support scammers to push out warnings that falsely state a website is dangerous.

Firefox zero day impacts Tor

A Tor executive has confirmed that a zero-day vulnerability impacting Tor and Firefox has been spotted being used to execute malicious code, but it has been reported to Mozilla, according to ARS Technica.

72% of UK internet users prefer to use mobile data over public Wi-Fi

Security fears and complicated sign-up forms are hindering internet users in the UK from using public Wi-Fi.

Search engine turns its back on Yahoo

A privacy-focused search engine, Startpage.com, will no longer be including Yahoo search results in its work.

NSA blames storm for website outage

The National Security Agency (NSA) blamed a partial shutdown of NSA.gov on a storm that hit its headquarters earlier this week.

RSA 2016: Trust in the internet is imperative to sustain worker productivity

One of the more frightening possible result from the seemingly endless stream of hacks taking place is that they degrade public trust in the internet and this could lead to a serious fall off in worker productivity.

The whole package: Security certifications

Security certifications can land you a better job, but companies are also looking for people who can communicate and manage projects, reports Steve Zurier.

Mozilla pushes internet security reform through study

The Cyber Security Delphi initiative will solicit input from security specialists and create an affirmative agenda to move internet security forward.

Google, Microsoft respond to fraudulent certificate

A Turkish certificate authority (CA) accidentally issued two intermediate, or chained, digital certificates, one of which was used by the holder to mimic legitimate websites and launch attacks.