Security News
The largest collection of public internet censorship data ever compiled shows that even citizens of what are considered the world's freest countries aren't safe from internet censorship. A team from the University of Michigan used its own Censored Planet tool, an automated censorship tracking system launched in 2018, to collect more than 21 billion measurements over 20 months in 221 countries.
The former head of the National Cyber Security Centre has warned that some British government figures have a "Profound lack of understanding" of cyberspace, online warfare and information security. Ciaran Martin, who stepped down as NCSC chief earlier this year, also cautioned policymakers against seeing the online world as a place for warfare, saying: "We militarise the internet at our peril."
Microsoft is taking further steps to kill off the antiquated Internet Explorer in favor of its new Chromium-based Microsoft Edge browser. Starting in recent versions of Microsoft Edge, when Internet Explorer visits an incompatible site, the browsing session will automatically be launched in Microsoft Edge to continue the browsing session.
Microsoft says that customers can now disable JScript execution in Internet Explorer 11 after installing the Windows October 2020 monthly security updates. "Blocking Jscript helps protect against malicious actors targeting the JScript scripting engine while maintaining user productivity as core services continue to function as usual," Microsoft explains.
The Internet Engineering Task Force has published RFC8915, its proposed standard for network time security. The existing issues affecting basic NTP include DDoS amplification, packet manipulation, and replay attacks - the last two being implemented by man-in-the-middle attacks that can forge messages and falsify the time.
Cloudflare partners with Internet Archive to make sites available when their origin servers are down
By partnering with the Internet Archive, Cloudflare is strengthening its Always Online solution that makes sites available when their origin servers are down and keeps the Internet functioning for users globally. To do this, the Internet Archive uses the same crawling infrastructure that has allowed its Wayback Machine to archive over 465 billion web pages to date.
The Internet Society has launched the first-ever regulatory assessment toolkit that defines the critical properties needed to protect and enhance the future of the Internet. The Internet Impact Assessment Toolkit is a guide to help ensure regulation, technology trends and decisions don't harm the infrastructure of the Internet.
The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency on Wednesday ordered US federal agencies outside the defense and intelligence communities to develop a working vulnerability disclosure policy. "An open redirect - which can be used to give off-site malicious content the appearance of legitimacy - may not be on par with a fire, yet serious vulnerabilities in internet systems cause real-world, negative impacts every day," he said.
A new report finds that 33% of companies within the digital supply chain expose common network services such as data storage, remote access, and network administration to the internet. Admins should either eliminate direct internet access or deploy compensating controls for when/if such services are required, according to the report by RiskRecon, a Mastercard company, and the cybersecurity research services firm Cyentia Institute.
33% of companies within the digital supply chain expose common network services such as data storage, remote access and network administration to the internet, according to RiskRecon. The data was analyzed in two strategic ways: the direct proportion of internet-facing hosts running unsafe services, as well as the percentage of companies that expose unsafe services somewhere across their infrastructure.