Security News
In this Help Net Security interview, Doug Madory, Director of Internet Analysis at Kentik, discusses the FCC's proposal requiring major U.S. ISPs to implement RPKI Route Origin Validation, and addresses concerns about the impact on smaller ISPs and the global implications of U.S.-mandated changes. Regulatory mandates on BGP security could impose significant burdens on smaller ISPs, particularly regarding their ability to adapt to emerging security standards.
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
The Federal Communications Commission has named its first officially designated robocall threat actor 'Royal Tiger,' a move aiming to help international partners and law enforcement more easily track individuals and entities behind repeat robocall campaigns. The Royal Tiger group, allegedly led by Prince Jashvantlal Anand and his associate Kaushal Bhavsar, is operating multiple entities linked to illegal calls in the United States, including VoIP companies Illum Telecommunication Limited, PZ Telecommunication LLC, and One Eye LLC. They routed robocalls in the United States to Texas-based Great Choice Telecom, previously the target of a $225 million forfeiture order and cease-and-desist letters from the FCC and the FTC for placing illegal spoofed robocalls.
The Federal Communications Commission fined the nation's largest wireless carriers for illegally sharing access to customers' location information without consent and without taking reasonable measures to protect that information against unauthorized disclosure. Wireless carriers shared access to customers' location data.
The Federal Communications Commission has fined the largest U.S. wireless carriers almost $200 million for sharing their customers' real-time location data without their consent. The fines imposed on Monday include $12 million for Sprint and $80 million for T-Mobile, more than $57 million for AT&T, and an almost $47 million fine for Verizon.
A new phishing campaign is using fake Okta single sign-on pages for the Federal Communications Commission and for various cryptocurrency platforms to target users and employees, Lookout researchers have discovered. The victims are then prompted to resolve a captcha using hCaptcha - a tactic that prevents the phishing site from being identified and adds to its credibility - and are presented with a spoofed Okta SSO page.
A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission employees, using specially crafted single sign-on pages for Okta that appear remarkably similar to the originals. The same campaign also targets users and employees of cryptocurrency platforms, such as Binance, Coinbase, Kraken, and Gemini, using phishing pages that impersonate Okta, Gmail, iCloud, Outlook, Twitter, Yahoo, and AOL. The attackers orchestrate a complex phishing and social engineering attack consisting of email, SMS, and voice phishing to deceive victims into entering sensitive information on the phishing pages, such as their usernames, passwords, and, in some cases, even photo IDs.
Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements."Without an FCC rule requiring breach notifications for the above categories of PII, there would be no requirement in Federal law that telecommunications carriers report non-CPNI breaches to their customers," the FCC said.
As the FCC planned, the new rule also eliminates the mandatory seven-day waiting period for reporting break-ins to consumers. "Without an FCC rule requiring breach notifications for the above categories of PII, there would be no requirement in Federal law that telecommunications carriers report non-CPNI breaches to their customers," the FCC said of the new rule.