Analysis What’s claimed to be the first IPv6-based distributed denial-of-service attack has been spotted by internet engineers who warn it is only the beginning of what could become the next wave of online disruption.

Network guru Wesley George noticed the strange traffic earlier this week as part of a larger attack on a DNS server in an effort to overwhelm it. He was taking packet captures of the malicious traffic as part of his job at Neustar’s SiteProtect DDoS protection service when he realized there were “packets coming from IPv6 addresses to an IPv6 host.”

Computers behind 1,900 IPv6 addresses were attacking the DNS server as part of a larger army of commandeered systems, mostly using IPv4 addresses on the public internet. Anyone running an IPv6 network needs to, therefore, ensure they have the same level of network security and mitigation tools in place as their IPv4 networks – and fast.

Microsoft has released out-of-band updates for Windows 7 and Windows Server 2008 R2 to address a serious privilege escalation vulnerability introduced earlier this year by the Meltdown mitigations.

Microsoft informed customers on Thursday that a new patch has been released for Windows 7 x64 Service Pack 1 and Windows Server 2008 R2 x64 Service Pack 1 to fully resolve the problem. “Customers who apply the updates, or have automatic updates enabled, are protected.” a Microsoft spokesperson said.

The vulnerability, tracked as CVE-2018-1038 and rated “important,” has been patched with the KB4100480 update. Users are advised to install the update as soon as possible, particularly since some Microsoft employees believe it will likely be exploited in the wild soon.

Cisco has patched more than 30 vulnerabilities in its IOS software, including a critical remote code execution flaw that exposes hundreds of thousands – possibly millions – of devices to remote attacks launched over the Internet.

A total of three vulnerabilities have been rated critical. One of them is CVE-2018-0171, an issue discovered by researchers at Embedi in the Smart Install feature in IOS and IOS XE software.

An unauthenticated attacker can send specially crafted Smart Install messages to an affected device on TCP port 4786 and cause it to enter a denial-of-service (DoS) condition or execute arbitrary code.

Authorities this week arrested 20 individuals in Italy and Romania for their role in a banking phishing scam that defrauded bank customers of €1 million ($1.23 million).

The arrests were the result of a two-year long cybercrime investigation conducted by the Romanian National Police and the Italian National Police, with support from Europol, the Joint Cybercrime Action Taskforce (J-CAT), and Eurojust.

The arrests were made on March 28, following a series of coordinated raids. 9 of the individuals were arrested in Romania and 11 in Italy. The Romanian Police raided 3 houses, while the Italian authorities conducted 10 home and computer searches.

The Next Cold War Is Here, and It’s All About Data
https://www.wired.com/story/opinion-new-data-cold-war

The headlines about the trade wars being touched off by President Trump’s new tariffs may telegraph plenty of bombast and shots fired, but the most consequential war being waged today is a quieter sort of conflict: It’s the new Cold War over data protection. While the Facebook/Cambridge Analytica crisis currently burns as the latest, hottest flare-up in this simmering conflict, tensions may increase even more on May 25, 2018, when the European Union’s General Data Protection Regulation comes into effect.

Whenever you are doing something online that requires you to present an official ID like a passport or driver’s license to complete the transaction, it presents risk to both parties.

Kaarel Kotkas, CEO and founder of the company, says the goal is to be “the Stripe of identity .” What he means is he wants to provide developers with the ability to embed identity verification into any application or website, as easily as you can use Stripe to add payments.

At the Adobe Summit in Las Vegas this week, privacy was on the minds of many people. It was no wonder with social media data abuse dominating the headlines, GDPR just around the corner, and Adobe announcing the concept of a centralized customer experience record.

With so many high profile breaches in recent years, putting your customer data in a central record-keeping system would seem to be a dangerous proposition, yet Adobe sees so many positives for marketers, it likely believes this to be a worthy trade-off.