Jigsaw, the division owned by Google parent Alphabet, has revealed Intra, a new app aimed at protecting users from state-sponsored censorship.

Intra is a new app that aims to prevent DNS manipulation attacks.

By passing all your browsing queries and app traffic through an encrypted connection to a trusted Domain Name Server, Intra says it ensures you can use your app without meddling or get to the right site without interference.

Amazon fires employee for allegedly sharing customer email addresses
https://www.cnet.com/news/amazon-fires-employee-for-allegedly-sharing-customer-email-addresses/

The company is working with law enforcement and informing affected

Technology Advances Make It Easier to Assign Blame for Cyberattacks
https://www.wsj.com/articles/technology-advances-make-it-easier-to-assign-blame-for-cyberattacks-1538677334

AI and sophisticated data gathering are making it easier for firms and governments to attribute hacks in months, not years

Figuring out who exactly is responsible for a cyberattack is an inexact science, but advances in machine learning and years of data-gathering on hacks are making it easier than ever for law-enforcement officials and cybersecurity specialists to name the likely culprits.

Some hosting providers take over two weeks to respond, with the worst taking over 19 days.

Web hosting providers take 3 days, 2 hours, and 33 minutes on average to respond to abuse complaints and remove malware hosted on their servers, according to a report published today.

Abuse reports are commonly filed by security researchers, manually or using automated tools, and sent to web hosting providers at an email address specified on their sites.

Researchers scour the internet and keep an eye out for malicious links in email spam or other places, collect the URLs, determine the web host, and send out an email to the hosting provider, asking it to take down the link before users get a chance to click on it. There are thousands if not tens of thousands of such abuse reports being sent each day.

Previous studies have shown that the first few hours after a malware distribution are the most critical, as that’s when spam filters and antivirus engines are most likely to be caught with their pants down and when the vast majority of users get infected.

This is why web hosting providers need to cooperate and respond to abuse complaints with urgency, to keep users safe and stop malware campaigns.

Uber will pay $148 million and tighten data security after the ride-hailing company failed for a year to notify drivers that hackers had stolen their personal information, according to a settlement announced Wednesday.

Uber Technologies Inc. reached the agreement with all 50 states and the District of Columbia after a massive data breach in 2016. Instead of reporting it, Uber hid evidence of the theft and paid ransom to ensure the data wouldn’t be misused.

“This is one of the most egregious cases we’ve ever seen in terms of notification; a yearlong delay is just inexcusable,” Illinois Attorney General Lisa Madigan told The Associated Press. “And we’re not going to put up with companies, Uber or any other company, completely ignoring our laws that require notification of data breaches.”

Qualys has disclosed the details of an integer overflow vulnerability in the Linux kernel that can be exploited by a local attacker for privilege escalation. The flaw, dubbed “Mutagen Astronomy,” affects certain versions of the Red Hat, CentOS and Debian distributions.

Tracked as CVE-2018-14634, the flaw exists in the kernel’s create_elf_tables() function. The security hole can be exploited using a SUID binary to escalate privileges to root, but it only works on 64-bit systems.

The vulnerability affects versions of the kernel released between July 19, 2007, and July 7, 2017. While many Linux distributions have backported the commit that addresses the bug, the fix hasn’t been implemented in Red Hat Enterprise Linux, CentOS (which is based on Red Hat), and Debian 8 Jessie.

Red Hat, which assigned the flaw an impact rating of “important” and a CVSS score of 7.8 (high severity), has started releasing updates that should address the issue.

Microsoft this week announced a new set of distributed denial of service (DDoS) mitigation tools for Azure, which the company says will provide customers with increased visibility and support when their computing resources are under attack.

Building on the capabilities of Azure DDoS Protection, new features such as DDoS Attack Analytics and DDoS Rapid Response can deliver attack insights that can be leveraged for compliance, security audits, and defense optimizations, and also help customers engage DDoS experts during an active attack for specialized support.

There are three new features that Azure DDoS Protection Standard customers can now take advantage of, namely Attack Mitigation Reports, Attack Mitigation Flow Logs and DDoS Rapid Response. Thus, organizations will get detailed visibility into attack traffic and mitigation actions in Azure Monitor, as well as custom mitigations and support for attack investigation, Microsoft notes.

DDoS Protection Attack Analytics and rapid response
https://azure.microsoft.com/en-us/blog/ddos-protection-attack-analytics-rapid-response/

On September 1, Ontario’s Municipal Offices experienced a cyberattack that left their computers inoperable when Malware entered its systems and rendered its servers useless. The municipality was faced with paying a ransom to the attackers or face the consequences of being locked out of its systems. Per the advice of a consultant, the city paid an undisclosed amount of ransom to its attackers.

Managing cyber risk is a challenging undertaking, even for large organizations with significant resources at their disposal. For executives and senior managers in small to medium-sized organizations, however, managing cyber risk can quickly become a daunting and overwhelming task. That is where Rob Arnold’s book Cybersecurity: A Business Solution provides a unique and helpful perspective. Written specifically for small to medium-sized businesses, the book provides executives and senior managers with a business-centered perspective on managing cyber risk in their organizations. The audience for this book also includes IT professionals and network defenders. By mapping out how to manage an organization’s cyber risk strategies, as well as how to implement an effective cybersecurity plan, it gives IT professionals a way to speak to administration and provide them with tools for an overall plan of action.