Security and More
Krebs On Security ☛ Phish-Friendly Domain Registry “.top” Put on Notice
The Chinese company in charge of handing out domain names ending in “.top” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. The warning comes amid the release of new findings that .top was the most common suffix in phishing websites over the past year, second only to domains ending in “.com.”
Standards/Consortia
APNIC ☛ Privacy and DNS Client Subnet
To ensure service consistency these replicated instances of the content are named with the same DNS name, and the DNS conventionally offers the same resolution outcome to each user when they query for the IP address of the content server. How can the CDN ‘steer’ each user to the closest instance of the desired content to optimize the subsequent content transaction? At the same time, the user is revealing their location within the network to inform this steering decision. To what extent is such a steering function compromising users’ privacy expectations with respect to the location and their online actions?
Integrity/Availability/Authenticity
Google ☛ Whose Voice Is It Anyway? AI-Powered Voice Spoofing for Next-Gen Vishing Attacks
According to news reports, scammers have leveraged voice cloning and deepfakes to steal over HK$200 million from an organization. Attackers can use AI-powered voice cloning in various phases of the attack lifecycle, including initial access, and lateral movement and privilege escalation.
