[Newsclips] IETF SYN-ACK Newspack 2020-10-05

David Goldstein <david@goldsteinreport.com> Mon, 05 October 2020 12:31 UTC

Return-Path: <david@goldsteinreport.com>
X-Original-To: newsclips@ietfa.amsl.com
Delivered-To: newsclips@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23B0D3A09E1 for <newsclips@ietfa.amsl.com>; Mon, 5 Oct 2020 05:31:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.878
X-Spam-Level:
X-Spam-Status: No, score=-1.878 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_TVD_FUZZY_SECURITIES=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 84mVTLVqp69o for <newsclips@ietfa.amsl.com>; Mon, 5 Oct 2020 05:30:54 -0700 (PDT)
Received: from karkinos.atomiclayer.com (karkinos.atomiclayer.com [96.125.178.142]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 726973A09E4 for <newsclips@ietf.org>; Mon, 5 Oct 2020 05:30:54 -0700 (PDT)
Received: from DavidDesktop2019 (unknown [101.180.67.32]) by karkinos.atomiclayer.com (Postfix) with ESMTPSA id A105D280A0E for <newsclips@ietf.org>; Mon, 5 Oct 2020 08:30:50 -0400 (EDT)
Authentication-Results: karkinos.atomiclayer.com; spf=pass (sender IP is 101.180.67.32) smtp.mailfrom=david@goldsteinreport.com smtp.helo=DavidDesktop2019
Received-SPF: pass (karkinos.atomiclayer.com: connection is authenticated)
From: David Goldstein <david@goldsteinreport.com>
To: newsclips@ietf.org
Date: Mon, 05 Oct 2020 23:30:48 +1100
Organization: Goldstein Report
Message-ID: <005a01d69b13$5e1867f0$1a4937d0$@goldsteinreport.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_005B_01D69B6F.9188DFF0"
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-au
Thread-Index: AdabE1JrpEOBcJYWSmuLJ5fLnL5+OA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/newsclips/jcOtV3a5kQxfTIRXEjE2S7_Rkmg>
Subject: [Newsclips] IETF SYN-ACK Newspack 2020-10-05
X-BeenThere: newsclips@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF News Clips <newsclips.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/newsclips>, <mailto:newsclips-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/newsclips/>
List-Post: <mailto:newsclips@ietf.org>
List-Help: <mailto:newsclips-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/newsclips>, <mailto:newsclips-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2020 12:31:00 -0000

**********************

IETF IN THE NEWS

**********************

NTS RFC Published: New Standard to Ensure Secure Time on the Internet

The Internet Society is pleased to see the publication of RFC 8915: Network Time Security for the Network Time Protocol by the IETF. This standard represents a new security mechanism for one of the oldest protocols on the Internet, the Network Time Protocol (NTP).

< <https://www.internetsociety.org/blog/2020/10/nts-rfc-published-new-standard-to-ensure-secure-time-on-the-internet/> https://www.internetsociety.org/blog/2020/10/nts-rfc-published-new-standard-to-ensure-secure-time-on-the-internet/>

 

RFC 8890 on The Internet is for End Users

Abstract: This document explains why the IAB believes that, when there is a conflict between the interests of end users of the Internet and other parties, IETF decisions should favor end users. It also explores how the IETF can more effectively achieve this.

< <https://www.iab.org/2020/08/28/rfc-8890-on-the-internet-is-for-end-users/> https://www.iab.org/2020/08/28/rfc-8890-on-the-internet-is-for-end-users/>

 

Internet Engineering Task Force Proposes Standard for Network Time Security

The IETF has published RFC8915, its proposed standard for network time security (NTS). It has been five years in the making and is designed to remedy the issues and vulnerabilities that exist in the current network time protocol (NTP).

< <https://www.securityweek.com/internet-engineering-task-force-proposes-standard-network-time-security> https://www.securityweek.com/internet-engineering-task-force-proposes-standard-network-time-security>

 

NTS is now an RFC

Earlier today the document describing Network Time Security for NTP officially became RFC 8915. This means that Network Time Security (NTS) is officially part of the collection of protocols that makes the Internet work. We’ve changed our time service to use the officially assigned port of 4460 for NTS key exchange, so you can use our service with ease. This is big progress towards securing a ubiquitous Internet protocol.

< <https://blog.cloudflare.com/nts-is-now-rfc/> https://blog.cloudflare.com/nts-is-now-rfc/>

 

Nokia launches ‘world-first’ 4G, 5G automation network slicing solution

... The new 4G and 5G slicing system complies with 3GPP and IETF slicing specifications and is compatible with Nokia's NetAct and SON/Self-Organizing Networks and Network Services Platform/NSP.

< <https://www.zdnet.com/article/nokia-launches-world-first-4g-5g-automation-network-slicing-solution/> https://www.zdnet.com/article/nokia-launches-world-first-4g-5g-automation-network-slicing-solution/>

 

Nokia offers world’s first automated 4G/5G network slicing within RAN, transport and core domains [news release]

Nokia today announced it is the first vendor to offer extreme automation of 4G and 5G network slicing across all network domains, including RAN, transport and core. The company introduces new network management, controller and orchestration capabilities to its solution, enabling mobile operators for the first time to rapidly deliver and assure network slicing services within minutes instead of hours or days. Nokia’s new automation capabilities, which comply with the 3GPP and IETF slicing specifications, are an extension of its 4G/5G end-to-end network slicing solution announced in February1 and the slice orchestrator announced in June2. First deliveries are planned by the end of 2020.

< <https://www.nokia.com/about-us/news/releases/2020/10/01/nokia-offers-worlds-first-automated-4g5g-network-slicing-within-ran-transport-and-core-domains/> https://www.nokia.com/about-us/news/releases/2020/10/01/nokia-offers-worlds-first-automated-4g5g-network-slicing-within-ran-transport-and-core-domains/>

 

IETF sichert NTP ab [IETF secures NTP]

Bisher lässt sich die Kommunikation zwischen NTP-Servern und Clients nur schwer absichern. Der IETF-Standard NTS soll das ändern.

< <https://www.golem.de/news/network-time-security-ietf-sichert-ntp-ab-2010-151262.html> https://www.golem.de/news/network-time-security-ietf-sichert-ntp-ab-2010-151262.html>

 

Streaming telemetry challenges SNMP in large, complex networks

... Streaming telemetry packages data straight from the device into YANG (Yet Another Next Generation), an IETF standards based-model, making it easier to aggregate devices across complex systems into a useful picture of the state of IT infrastructure, says John Annand, research director for Info-Tech Research Group.

< <https://www.networkworld.com/article/3575837/streaming-telemetry-gains-interest-as-snmp-reliance-fades.html> https://www.networkworld.com/article/3575837/streaming-telemetry-gains-interest-as-snmp-reliance-fades.html>

 

Data interoperability across IoT ecosystems with One Data Model (OneDM)

Data and information interoperability are key enablers for the creation of scalable IoT systems, particularly as the systems evolve and change over time to accommodate new components and applications. The One Data Model (OneDM) liaison activity is a new data model interoperability initiative which has gathered wide industry support. OneDM provides both a forum of collaboration for addressing ecosystem interoperability, as well as the tools and mechanisms to efficiently attain that interoperability. ... To further improve the technical quality of SDF, the OneDM group has decided to bring SDF to IETF for formal standardization, a process which has just started.

< <https://www.ericsson.com/en/blog/2020/9/data-interoperability-across-iot-ecosystems-with-onedatamodel> https://www.ericsson.com/en/blog/2020/9/data-interoperability-across-iot-ecosystems-with-onedatamodel>

 

Nokia adds extreme automation capabilities to 4G/5G network slicing

The new automation capabilities are said to be an extension of Nokia's 4G/5G end-to-end network slicing solution and slice orchestration functionality announced earlier this year and comply with the 3GPP and IETF slicing specification.

< <https://www.devdiscourse.com/article/technology/1235514-nokia-adds-extreme-automation-capabilities-to-4g5g-network-slicing> https://www.devdiscourse.com/article/technology/1235514-nokia-adds-extreme-automation-capabilities-to-4g5g-network-slicing>

 

Spammers add random text to shortened links to evade detection

... A URL or an IP address can be represented in different ways. Attackers are abusing these variations in IP/URL formats allowed by the IETF's specifications to cause "semantic attacks."

< <https://www.bleepingcomputer.com/news/security/spammers-add-random-text-to-shortened-links-to-evade-detection/> https://www.bleepingcomputer.com/news/security/spammers-add-random-text-to-shortened-links-to-evade-detection/>

 

DNS en Android: qué es, cómo cambiarlos y por qué hacerlo

... La documentación oficial del Grupo de Trabajo de Ingeniería de Internet o IETF define en el RTC 1034 que este elemento actúa a modo de sistema de nomenclatura jerárquico y descentralizado, y es el encargado de dar nombre a los distintos dispositivos conectados a una red IP, ya sea Internet o una red privada.

< <https://andro4all.com/guias/android/dns-en-android-que-es-como-cambiarlos-y-por-que-hacerlo> https://andro4all.com/guias/android/dns-en-android-que-es-como-cambiarlos-y-por-que-hacerlo>

 

TWNIC推動RPKI 2週年 協助46家業者啟動來源驗證 [TWNIC promotes the 2nd anniversary of RPKI and assists 46 companies to start source verification]

今年4月發生一起包含Google、Amazon、Cloudflare、Go Daddy、Line等在內全球200家內容傳遞網路(Content Distribution Network,CDN)業者遭BGP劫持事件,原本該流向其網站的流量被導向俄羅斯。為了杜絕BGP劫持事件,網際網路工程任務組(IETF)透過制定資源公鑰基礎建設(Resource Public Key Infrastructure,RPKI)標準來強化路由安全。台灣網路資訊中心(TWNIC)推動RPKI計畫滿2週年,今日舉辦RPKI Day活動展示推動成果暨路由來源驗證伺服器(Validator)啟用儀式,目前全台已有150家IP位址擁有者完成簽署路由來源授權(ROA),且有對外發放路由的IP擁有者已有46家企業組織率先完成串接路由來源驗證伺服器,能向其用戶證明重視用戶連線安全的決心。

< <https://market.ltn.com.tw/article/9129> https://market.ltn.com.tw/article/9129>

 

Cloudflare เริ่มส่งข้อมูลโปรโตคอลที่รองรับผ่าน DNS ใช้งานใน iOS 14 ได้แล้ว [Cloudflare has now begun sending supported protocol data via DNS in iOS 14]

Cloudflare ประกาศรองรับ DNS เรคคอร์ด HTTPS เพื่อระบุว่าว่าเว็บรองรับโปรโตคอล HTTP/2 และ HTTP/3 หรือไม่ เปิดทางให้ไคลเอนต์สามารถเชื่อมต่อเข้าเว็บได้เร็วขึ้น โดยตอนนี้ Safari ใน iOS 14 สามารถเปิดฟีเจอร์นี้ขึ้นมาทดสอบได้แล้ว. โดยปกติแล้วหากผู้ใช้ไม่ได้ระบุโปรโตคอลด้วยตัวเอง เบราว์เซอร์จะพยายามเชื่อมต่อ HTTP ปกติก่อนเสมอ ขณะเดียวกันการเชื่อมต่อ HTTP/3 ก็ต้องอาศัยการประกาศค่าในฟิลด์ Alt-Svc ในค่าเฮดเดอร์ HTTP ก่อน แต่ในร่างมาตรฐาน IETF จะเปิดให้เบราว์เซอร์สามารถคิวรี DNS ได้ค่าเช่น

< <https://www.blognone.com/node/118743> https://www.blognone.com/node/118743>

 

**********************

SECURITY & PRIVACY

**********************

Smart cities are all well and good, but how can we ensure they are secure?

Gerry Dunphy, Event Director of IFSEC and FIREX International, explores why the benefits that smart cities are heralded to bring will only be worthwhile if the technology involved can be made as secure as possible.

< <https://www.ifsecglobal.com/safe-cities/smart-cities-how-can-we-ensure-they-are-secure/> https://www.ifsecglobal.com/safe-cities/smart-cities-how-can-we-ensure-they-are-secure/>

 

European Cybersecurity Month 2020 ‘Think Before U Click’ kicks off today

This October marks the European Union’s 8th European Cybersecurity Month (ECSM), promoting online security among EU citizens. The annual cybersecurity awareness campaign is coordinated by the European Union Agency for Cybersecurity (ENISA) and the European Commission, and supported by the Member States and more than 300 partners from across industries.

< <https://www.enisa.europa.eu/news/enisa-news/ecsm-2020> https://www.enisa.europa.eu/news/enisa-news/ecsm-2020>

 

EU launches the European Cyber Security Month

This October marks the European Union’s 8th European Cyber Security Month, which brings together the EU, its Member States and European citizens, to prevent and act against cyber threats. Encouraging people to "Think Before U Click", the key goal of this year’s campaign that starts tomorrow is to ensure that citizens are aware of online risks and have the tools to become more resilient and confident users of technology.

< <https://ec.europa.eu/digital-single-market/en/news/eu-launches-european-cyber-security-month> https://ec.europa.eu/digital-single-market/en/news/eu-launches-european-cyber-security-month>

 

eu: Artificial Intelligence: Cybersecurity Essential for Security & Trust

On 30 September, Member of European Parliament Eva Kaili and the EU Agency for Cybersecurity (ENISA) co-hosted the Cybersecurity for Artificial Intelligence (C4AI) virtual workshop to explore the security challenges related to Artificial Intelligence (AI). Speakers and panellists discussed the current risks and offered ways forward to establishing a secure ecosystem for AI across the Union.

< <https://www.enisa.europa.eu/news/enisa-news/artificial-intelligence-cybersecurity-essential-for-security-trust> https://www.enisa.europa.eu/news/enisa-news/artificial-intelligence-cybersecurity-essential-for-security-trust>

 

U.S. Treasury warns cyber insurers payments to hackers may violate sanctions

Cyber insurers and other financial institutions that facilitate payments to hackers to end cyberattacks risk running afoul of sanctions rules, the U.S. Treasury Department warned on Thursday.

< <https://uk.reuters.com/article/us-ransomware-insurance/u-s-treasury-warns-cyber-insurers-payments-to-hackers-may-violate-sanctions-idUKKBN26M7J3> https://uk.reuters.com/article/us-ransomware-insurance/u-s-treasury-warns-cyber-insurers-payments-to-hackers-may-violate-sanctions-idUKKBN26M7J3>

 

us: CISA Kicks Off 17th National Cybersecurity Awareness Month

Today, the Cybersecurity and Infrastructure Security Agency (CISA) kicked off the 17th annual National Cybersecurity Awareness Month, in partnership with the National Cyber Security Alliance. This year’s theme “Do Your Part. #BeCyberSmart.” encourages Americans to own their role in cybersecurity by focusing on personal accountability and the importance of taking proactive steps to be safer and more secure online.

< <https://www.cisa.gov/news/2020/10/01/cisa-kicks-17th-national-cybersecurity-awareness-month> https://www.cisa.gov/news/2020/10/01/cisa-kicks-17th-national-cybersecurity-awareness-month>

 

us: CISA and MS-ISAC Release Joint Ransomware Guide

The Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing a joint Ransomware Guide meant to be a one-stop resource for stakeholders on how to be proactive and prevent these attacks from happening and also a detailed approach on how to respond to an attack and best resolve the cyber incident. CISA and MS-ISAC observed there are vast products and resources available, but very few that have them all in one place.

< <https://www.cisa.gov/news/2020/09/30/cisa-and-ms-isac-release-joint-ransomware-guide> https://www.cisa.gov/news/2020/09/30/cisa-and-ms-isac-release-joint-ransomware-guide>

 

Ransomware Guide

On September 30, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center released a joint Ransomware Guide, which is a customer centered, one-stop resource with best practices and ways to prevent, protect and/or respond to a ransomware attack. CISA and MS-ISAC are distributing this guide to inform and enhance network defense and reduce exposure to a ransomware attack:

< <https://www.cisa.gov/publication/ransomware-guide> https://www.cisa.gov/publication/ransomware-guide>

 

us: Ransomware Victims That Pay Up Could Incur Steep Fines from Uncle Sam

Companies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. federal government if the crooks who profit from the attack are already under economic sanctions, the Treasury Department warned today.

< <https://krebsonsecurity.com/2020/10/ransomware-victims-that-pay-up-could-incur-steep-fines-from-uncle-sam/> https://krebsonsecurity.com/2020/10/ransomware-victims-that-pay-up-could-incur-steep-fines-from-uncle-sam/>

 

us: House Passes Internet of Things Cybersecurity Improvement Act

The House of Representatives recently passed the Internet of Things (IoT) Cybersecurity Improvement Act of 2020 (the Act). The Act has been moved to the Senate for consideration. The legislation sets minimum security standards for all IoT devices purchased by government agencies.

< <https://www.natlawreview.com/article/house-passes-internet-things-cybersecurity-improvement-act> https://www.natlawreview.com/article/house-passes-internet-things-cybersecurity-improvement-act>

 

Why developing cybersecurity education is key for a more secure future

Cybersecurity threats are growing every day, be they are aimed at consumers, businesses or governments. The pandemic has shown us just how critical cybersecurity is to the successful operation of our respective economies and our individual lifestyles.

< <https://www.helpnetsecurity.com/2020/10/05/why-developing-cybersecurity-education-is-key-for-a-more-secure-future/> https://www.helpnetsecurity.com/2020/10/05/why-developing-cybersecurity-education-is-key-for-a-more-secure-future/>

 

Cybersecurity’s Women of Influence Will Meet Virtually at the 2020 EWF Conference

Every industry has been impacted by the global pandemic, but these past several months have really inspired the events industry to explore new ways to deliver educational content while also allowing attendees to interact virtually.

< <https://www.rsaconference.com/industry-topics/blog/cybersecuritys-women-of-influence-will-meet-virtually-at-the-2020-ewf-conference> https://www.rsaconference.com/industry-topics/blog/cybersecuritys-women-of-influence-will-meet-virtually-at-the-2020-ewf-conference>

 

#BeCyberSmart: At Work and at Home

It’s October! Time for pumpkins, candy corn and National Cybersecurity Awareness Month (NCSAM). This year’s theme: “Do Your Part. #BeCyberSmart.”

< <https://www.rsaconference.com/industry-topics/blog/becybersmart-at-work-and-at-home> https://www.rsaconference.com/industry-topics/blog/becybersmart-at-work-and-at-home>

 

National Cybersecurity Awareness Month 2020 and The DNS

1. Introduction: October is National Cybersecurity Awareness Month (NCSAM). DNS security is not only important for enterprises – it is also important for consumers as well.

< <https://www.farsightsecurity.com/blog/long-view/NationalCybersecurityAwarenessMonth-20201001/> https://www.farsightsecurity.com/blog/long-view/NationalCybersecurityAwarenessMonth-20201001/>

 

EU countries test their ability to cooperate in the event of cyber attacks

EU Member States, the EU Agency for Cybersecurity (ENISA) and the European Commission met on 29 September to test and assess their cooperation capabilities and resilience in the event of a cybersecurity crisis. The exercise, organised by the Netherlands with the support of ENISA, is a key milestone towards the completion of relevant operating procedures.

< <https://ec.europa.eu/digital-single-market/en/news/eu-countries-test-their-ability-cooperate-event-cyber-attacks> https://ec.europa.eu/digital-single-market/en/news/eu-countries-test-their-ability-cooperate-event-cyber-attacks>

 

Spoofed Internet Domains and Email Accounts Pose Cyber and Disinformation Risks to Voters

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are issuing this announcement to help the public recognize and avoid spoofed election-related internet domains and email accounts during the 2020 election year.

< <https://www.ic3.gov/media/2020/201002.aspx> https://www.ic3.gov/media/2020/201002.aspx>

 

PhishFarm: A Scalable Framework for Measuring the Effectiveness of Evasion Techniques Against Browser Phishing Blacklists

Phishing attacks have reached record volumes in recent years. Simultaneously, modern phishing websites are grow- ing in sophistication by employing diverse cloaking techniques to avoid detection by security infrastructure.

< <https://apwg.org/phishfarm-a-scalable-framework-for-measuring-the-effectiveness-of-evasion-techniques-against-browser-phishing-blacklists/> https://apwg.org/phishfarm-a-scalable-framework-for-measuring-the-effectiveness-of-evasion-techniques-against-browser-phishing-blacklists/>

 

Web cache attacks in the tangled web

The journey of an HTTP message is arduous. Every request may traverse massive content delivery networks, cloud platforms, packet inspectors, load balancers, and countless other proxies sprinkled along the path to their destination. On the way back, web caches store suitable responses for serving subsequent requests, short-cutting the journey. This complex ecosystem of proxies and web caches is key to enabling scalable communications over the Internet.

< <https://blog.apnic.net/2020/10/02/web-cache-attacks-in-the-tangled-web/> https://blog.apnic.net/2020/10/02/web-cache-attacks-in-the-tangled-web/>

 

Cached and Confused: Web Cache Deception in the Wild

Web cache deception (WCD) is an attack proposed in 2017, where an attacker tricks a caching proxy into erroneously storing private information transmitted over the Internet and subsequently gains unauthorized access to that cached data. Due to the widespread use of web caches and, in particular, the use of massive networks of caching proxies deployed by content distribution network (CDN) providers as a critical component of the Internet, WCD puts a substantial population of Internet users at risk.

< <https://www.usenix.org/system/files/sec20summer_mirheidari_prepub.pdf> https://www.usenix.org/system/files/sec20summer_mirheidari_prepub.pdf>

< <https://www.researchgate.net/publication/338138254_Cached_and_Confused_Web_Cache_Deception_in_the_Wild/download> https://www.researchgate.net/publication/338138254_Cached_and_Confused_Web_Cache_Deception_in_the_Wild/download>

 

Speeding up HTTPS and HTTP/3 negotiation with... DNS

In late June, Cloudflare's resolver team noticed a spike in DNS requests for the 65479 Resource Record thanks to data exposed through our new Radar service. We began investigating and found these to be a part of Apple’s iOS14 beta release where they were testing out a new SVCB/HTTPS record type.

< <https://blog.cloudflare.com/speeding-up-https-and-http-3-negotiation-with-dns/> https://blog.cloudflare.com/speeding-up-https-and-http-3-negotiation-with-dns/>

 

Weaponizing Digital Trade: Creating a Digital Trade Zone to Promote Online Freedom and Cybersecurity

To counter Chinese and Russian visions for the global internet, the United States and its allies should form a digital trade zone, a bloc of like-minded democracies that cooperates on cyber issues and through which digital trade flows freely.

< <https://www.cfr.org/report/weaponizing-digital-trade> https://www.cfr.org/report/weaponizing-digital-trade>

 

us: Ransomware Attacks Take On New Urgency Ahead of Vote

Attacks against small towns, big cities and the contractors who run their voting systems have federal officials fearing that hackers will try to sow chaos around the election.

< <https://www.nytimes.com/2020/09/27/technology/2020-election-security-threats.html> https://www.nytimes.com/2020/09/27/technology/2020-election-security-threats.html>

 

Microsoft: Ransomware & Nation-State Attacks Rise, Get More Sophisticated

Attackers continue to improve their tactics and tools, demonstrating growing sophistication, including the creation of one-off web addresses to foil blocklists, a jump in ransomware infections, a focus on reconnaissance and credential harvesting, and an uptick in targeting connected devices, according to Microsoft's annual "Digital Defense Report," published on Sept. 29.

< <https://www.darkreading.com/threat-intelligence/microsoft-ransomware-and-nation-state-attacks-rise-get-more-sophisticated/d/d-id/1339037> https://www.darkreading.com/threat-intelligence/microsoft-ransomware-and-nation-state-attacks-rise-get-more-sophisticated/d/d-id/1339037>

 

Microsoft Digital Defense Report, September 2020 

Informed by over 8 trillion daily security signals and observations from our security and threat intelligence experts, our Digital Defense Report presents telemetry and insights about the current state of cybersecurity.

< <https://www.microsoft.com/en-us/download/details.aspx?id=101738> https://www.microsoft.com/en-us/download/details.aspx?id=101738>

 

DDoS Attacks Soar in First Half of 2020

The first six months of 2020 saw a significant increase in distributed denial-of-service (DDoS) attacks using multiple vectors, with a simultaneous rise in the throughput of those attacks, according to a new Netsount report.

< <https://www.darkreading.com/attacks-breaches/ddos-attacks-soar-in-first-half-of-2020/d/d-id/1339038> https://www.darkreading.com/attacks-breaches/ddos-attacks-soar-in-first-half-of-2020/d/d-id/1339038>

 

Netscout Threat Intelligence Report Shows a Dramatic Increase in Multivector DDoS Attacks in First-Half 2020

Netscout Systems ... announced the findings of its 1H 2020 Threat Intelligence Report, which reinforces the dramatic impact cybercriminals have had during the COVID-19 pandemic. Attackers focused on COVID-era lifelines such as healthcare, e-commerce, and educational services with complex, high-throughput attacks designed to overwhelm and quickly take them down.

< <https://www.netscout.com/netscouts-threat-intelligence-report-1H2020> https://www.netscout.com/netscouts-threat-intelligence-report-1H2020>

 

How Can the U.S. Government and Private Enterprise Work Together to Reinvent Cybersecurity?

Never before in our modern history have the issues of safety and security been more critical. The hot-button topic of cyber security vulnerabilities has mobilized a fleet of AI and technology entrepreneurs, who are keen on finding and implementing digital solutions to avert future crises while simultaneously mitigating current threats.

< <https://www.entrepreneur.com/article/355703> https://www.entrepreneur.com/article/355703>

 

Spammers add random text to shortened links to evade detection

Spammers are using a new technique of generating URLs to evade detection by humans and spam filters alike.

< <https://www.bleepingcomputer.com/news/security/spammers-add-random-text-to-shortened-links-to-evade-detection/> https://www.bleepingcomputer.com/news/security/spammers-add-random-text-to-shortened-links-to-evade-detection/>

 

**********************

OTHERWISE NOTEWORTHY

**********************

The Internet Is Built on ‘Intermediaries’ – They Should Be Protected

Now is not the time to be careless with laws that could harm the Internet we rely on more than ever in our day to day lives. Policymakers owe it to the billions of users around world that rely on the Internet for work, education, and daily activities to do their homework before attempting to change laws so pivotal to the Internet’s success.

< <https://www.internetsociety.org/blog/2020/10/the-internet-is-built-on-intermediaries-they-should-be-protected/> https://www.internetsociety.org/blog/2020/10/the-internet-is-built-on-intermediaries-they-should-be-protected/>

 

FTP Is Almost 50 Years Old—and It’s Ready to Retire

Here’s a small piece of news you may have missed while you were trying to rebuild your entire life to fit inside your tiny apartment at the beginning of the COVID crisis: Because of the way that the virus shook up just about everything, Google skipped the release of Chrome version 82.

< <https://www.vice.com/en/article/5dzx43/ftp-is-almost-50-years-oldand-its-ready-to-retire> https://www.vice.com/en/article/5dzx43/ftp-is-almost-50-years-oldand-its-ready-to-retire>

 

40th Anniversary of The Ethernet

Today marks the 40th anniversary of "The Ethernet: A Local Area Network; Data Link Layer and Physical Layer Specification," a version 1.0 specification published on 30th September 1980 and included in ACM SIGCOMM Computer Communication Review in July 1981. Ethernet is still used today in the majority of the lowest layer of computer networks, sitting underneath IP and higher level protocols like TCP/UDP.

< <https://www.infoq.com/news/2020/09/ethernet-40th/> https://www.infoq.com/news/2020/09/ethernet-40th/>

 

Digital pioneer Geoff Huston apologises for bringing the internet to Australia

Huston says the internet is a 'gigantic vanity-reinforcing distorted TikTok selfie' and web security is 'the punchline to some demented sick joke'. But Australia's first Privacy Commissioner thinks he's being optimistic.

< <https://www.zdnet.com/article/digital-pioneer-geoff-huston-apologises-for-bringing-the-internet-to-australia/> https://www.zdnet.com/article/digital-pioneer-geoff-huston-apologises-for-bringing-the-internet-to-australia/>

 

China is winning the war for global tech dominance

When the United Kingdom announced in July that it no longer would allow the Chinese technology firm Huawei to be part of its 5G telecommunications network, it was considered to be a success for the Trump administration’s lobbying of its closest ally. Other countries such as Australia and Japan also have effectively banned the company, echoing Washington’s fears of a potential national security threat.

< <https://thehill.com/opinion/technology/518773-china-is-winning-the-war-for-global-tech-dominance> https://thehill.com/opinion/technology/518773-china-is-winning-the-war-for-global-tech-dominance>

 

------

David Goldstein

email:  <mailto:david@goldsteinreport.com> david@goldsteinreport.com

web:  <http://goldsteinreport.com/> http://goldsteinreport.com/

Twitter:  <https://twitter.com/goldsteinreport> https://twitter.com/goldsteinreport

phone: +61 418 228 605 - mobile; +61 2 9663 3430 - office/home