The Internet Corporation for Assigned Names and Numbers (ICANN) warned Friday that the Domain Name System (DNS) is dangerously vulnerable, and urges swift and widespread adoption of DNSSEC. Some of the DNS hijacking of the last few months appears to be state-directed: SecurityWeek quotes FireEye as attributing a significant fraction of such activity to Iran.
BleepingComputer's forum is discussing an outbreak of B0r0nt0K ransomware. Details are sparse, and analysts are as of this writing still looking for samples, but the infestation is known to have appeared in Linux-based servers. Windows users may also be susceptible. The ransom demands are running at about $75 thousand, payable in Bitcoin.
University researchers disclose a proof-of-concept they say could expose 4G and 5G networks to interception of phone calls and geotracking of users, TechCrunch reports.
The Wall Street Journal reports that heath and fitness app vendors have begun to stop sharing sensitive personal data with Facebook. Facebook itself said that it works to avoid this kind of sharing in the first place. New York State has opened investigations into the matter.
As governments continue to decide how to address the security concerns that surround Huawei equipment, WIRED describes how GCHQ vets the Chinese manufacturers products at its Huawei Cyber Security Evaluation Centre.
TASS is authorized to disclose that Russia's embassy in Vienna has sustained cyberattacks evidently aimed at disrupting consular services. Bots booked appointments, inevitably became no-shows, and thereby prevented actual people from getting consular sessions. The embassy says it's restored services to normal.