Security and Windows TCO Leftovers
-
Scoop News Group ☛ Industrial networking manufacturer Moxa reports ‘critical’ router bugs
Moxa says the flaws can be used to bypass user authentication, escalate privileges and gain root access to devices.
-
Krebs On Security ☛ A Day in the Life of a Prolific Voice Phishing Crew
Besieged by scammers seeking to phish user accounts over the telephone, Fashion Company Apple and Surveillance Giant Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Fashion Company Apple and Surveillance Giant Google to force a variety of outbound communications to their users, including emails, automated phone calls and system-level messages sent to all signed-in devices.
-
Windows TCO / Windows Bot Nets
-
RIPE ☛ Observing the DDoS Landscape Requires Collaboration
Distributed denial-of-service (DDoS) attacks are an ever-present phenomenon on the Internet. Over the years, several undertakings have combated its feasibility and viability, such as disabling attack vectors (NTP 'get monlist'), deploying source address validation (ingress and egress filtering), and action by law enforcement (booter takedowns). In addition, an industry of DDoS protection companies sells attack mitigation services. While all these approaches have had an impact - who knows how dire the situation would be without our efforts - DDoS remains a persistent threat.
-
APNIC ☛ Observing the DDoS landscape requires collaboration
Our longitudinal DDoS trend analysis is based on 10 datasets from across academia and industry. For this study, we collected data from seven observatories listed in Table 1. Each observatory shared 4.5 years of weekly attack counts for our long-term trend analysis. The observatories from academia additionally shared raw DDoS event data, which enabled us to analyze the visibility of targets across observatories. We further collected and analyzed 24 DDoS threat reports from 22 companies for the year 2022. We published the detailed analysis as an artifact online.
-
Scoop News Group ☛ White House launches cybersecurity label program for consumers
The initiative tackles rising consumer concerns about the security vulnerabilities of “smart” devices essential to modern homes. As households become more dependent on interconnected gadgets — with a 2023 Deloitte study revealing that the average U.S. household has 21 connected devices — the threat of cyberattacks becomes increasingly significant. These threats include hackers gaining unauthorized access to home security systems and illicit recordings through unsecured cameras.
The Cyber Trust Mark aims to reassure users by offering clear security evaluations of the products they use every day.
-
Federal News Network ☛ WH national cyber director finalizing software liability proposals
White House National Cyber Director Harry Coker, speaking at the Foundation for the Defense of Democracies in Washington on Tuesday, ran down his office’s signature efforts, including the 2023 national cyber strategy and the push to establish minimum cyber standards for critical industries. Congress passed a law establishing the ONCD in 2021 to lead governmentwide cyber strategy and policy.
In addition to implementation of the national cyber strategy, ONCD also now plays a key role in establishing agency priorities for cybersecurity, while also advancing distinct issues ranging from memory safe programing language to cyber workforce.
-
-
Confidentiality
-
Tor ☛ Arti 1.3.2 is released: onion services, RPC, relay development, and more | The Tor Project
This release continues continues development on RPC, and includes preparatory work for relay support and service-side onion service denial-of-service resistance.
-