Security Alerts & News
by Tymoteusz A. Góral

History
#1642 Lawmakers asking what ISPs can do about DDoS attacks
IoT botnets and DDoS attacks have prominent lawmakers asking government agencies some probing questions about what can be done.

Sen. Mark Warner (D-VA) on Tuesday sent a letter to the Federal Communications Commission—as well as the Federal Trade Commission and Homeland Security—querying among other things whether ISPs have a legal standing to boot insecure connected devices from their networks. Warner wrote:

“Under the Federal Communications Commission’s (FCC’s) Open Internet rules, ISPs cannot prohibit the attachment of “non-harmful devices” to their networks. It seems entirely reasonable to conclude under the present circumstances, however, that devices with certain insecure attributes could be deemed harmful to the “network” – whether the ISP’s own network or the networks to which it is connected. While remaining vigilant to ensure that such prohibitions do not serve as a pretext for anticompetitive or exclusionary behavior, I would encourage regulators to provide greater clarity to internet service providers in this area."
Read more
#1645 Don’t Skype and Type! Acoustic eavesdropping in VOIP (PDF)
#1644 The Dyn report: What we know so far about the world's biggest DDoS attack
#1643 Remote code execution vulnerabilities plague LibTIFF library
#1642 Lawmakers asking what ISPs can do about DDoS attacks
#1641 Paypal fixes 'worrying' security bug
#1640 Windows Atom tables can be abused for code injection attacks
#1639 Microsoft Office malware: Now more users get anti-hacker, macro-blocking features
#1638 Flash Player zero-day being exploited in targeted attacks
#1637 Joomla update fixes two critical issues, 2FA error
#1636 Dyn DDoS could have topped 1 Tbps
#1635 Cisco patches critical vulnerability in facility events response system
#1634 Could your 'smart' home be a weapon of web destruction?
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12