Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
techhub.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A hub primarily for passionate technologists, but everyone is welcome

Administered by:

Server stats:

4.8K
active users

techhub.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.8

#m3aawg

0 posts0 participants0 posts today
Public
The Spamhaus Project

Is Port 25 on your network restricted? If not, why not? We are seeing an increasing number of issues arising from ISPs leaving Port 25 open, and we would like to understand why this is happening?

Want to know more about why you should restrict port 25?

👉 See our FAQs: spamhaus.org/faqs/policy-block

👉 Read the
@M3AAWG
's best practice on how to manage Port 25: m3aawg.org/sites/default/files

Want to discuss this further? If you're at #M3AAWG this week, connect with one of the Spamhaus team, or please reach out to use via this social channel.

#ClosePort25#BestPractice
Public
The Spamhaus Project

💡 "Policymakers generally don’t seem to appreciate that most damage is inflicted within a few hours of the onset of a cyberattack."

We caught up with Dave Piscitello to get his insights from INTERISLE CONSULTING GROUP, LLC's recent study into supply chains used by cybercriminals - from changes to policy, trends, to cheap TLDs - learn more here 👇
spamhaus.org/resource-hub/cybe

Look out for Part 2, which will be published tomorrow!

#M3AAWG#APWG#CAUCE
Public
securityskeptic :donor: :verified:

New report from #M3AAWG

DNS Abuse Prevention, Remediation, and Mitigation Practices for Registrars and Registries

m3aawg.org/DNSAbusePreventionR

The report shares findings and recommendations from our Interisle Criminal Abuse of Domain Names and Phishing Landscape 2020 reports. In particular, they emphasize the important role that registries and registrars must play to mitigate cybercrimes and attacks that exploit bulk domain registrations.

#spam #malware #phishing #dns #cybercrimeprevention

interisle.net/sub/CriminalDoma
interisle.net/PhishingLandscap

Public
securityskeptic :donor: :verified:

Good Monday all...

Today we've released a study,

Cybercrime Supply Chain 2023:
Measurements and Assessments of Cyber Attack Resources and Where Criminals Acquire Them

interisle.net/CybercrimeSupply

The major findings of the study are:

• 5M domains identified as serving as a resource for cybercrime.
• 1M domains reported for spam activity were registered in new gTLDs.
• 500,000 subdomain hostnames reported for serving as resources for cybercrime.
• 1.5 million domains exhibited characteristics of malicious bulk domain registration behavior.
• Exact matches of a well-known brand name were used in over 200,000 cybercrime attacks.
• The US had the most IPv4 addresses serving as resources for cybercrime activity. China, India, Australia, and Hong Kong rounded out the top 5.

Summary: Reactive efforts currently employed by the domain name and hosting industries, governments, and private sector organizations cannot curtail cybercrime and the harms it inflicts on Internet users.

In the report, Interisle recommends measures that policy regimes, governments, service providers, and private sector working together can implement to disrupt the cybercrime supply chain.

The study was sponsored by the #APWG, #CAUCE, and #M3AAWG.

#cybercrime#spam#malware
Public
Dataplane.org

The Internet Last Week

* VNC average signals volume rising
dataplane.org/statistics/vncrf
* APRICOT 2023 / APNIC 55
2023.apricot.net/program/sched
* DNS Root server prefix hijacks
twitter.com/leftman76/status/1
twitter.com/leftman76/status/1
* Dish Network outage
bleepingcomputer.com/news/secu
theverge.com/2023/2/24/2361373
* M3AAWG 57th
m3aawg.org/upcoming-meetings
#VNC #APRICOT #APNIC #DNS #DISH #M3AAWG

dataplane.orgVNC RFB Signal StatisticsThis interactive time-series plot is a measure our observed VNC RFB signals data.
Public
Simon McGarr

Many of the debates, struggles and disagreements on #moderation and blocking of individual instances mirror the days of the commercial explosion of email adoption.

Say that #Mastodon is like email, but if we accept that is true of how email was then (as opposed to now) then we could simlarly learn from how spam and abuse was addressed then in email too

#M3AAWG is an industry group about exactly this, publishing decades of best practices m3aawg.org/published-documents

(I am a m3aawg policy advisor)

www.m3aawg.orgBest Practices | M3AAWGAll the M3AAWG Public Policy Comments are available fom the M3AAWG Public Policy page in this section.
Public
securityskeptic :donor: :verified:

#M3AAWG comments on the FTC's proposed rule Trade Regulation Rule on Impersonation of Government and Businesses is available. I was one of the contributors to the comment.

In the comment, M3AAWG "suggests additional regulatory solutions and best practices to complement the goals of this rule, such as clarifying the scope of the rule to include the use of domain names in impersonation schemes and the use of technologies that enable impersonation" and the important role that Whois plays in investigating impersonation and fraud.

Several reports that my Interisle colleagues and I published are cited in the comment, along with the 2022 DNS Abuse Study Commissioned by the European Commission, which also quotes from our #phishing studies. Statistics generated from data collected at our Cybercrime Information Center project, cybercrimeinfocenter.org are cited as well.

The #APWG and Coalition for a Secure and Transparent Internet (#CSTI) also submitted comments with similar observations and support for regulation. I'll share those links when I receive them.

#infosec can effect change

Proposed Rule: federalregister.gov/documents/
Comment: m3aawg.org/sites/default/files

Cybercrime Information CenterCybercrime Information Center
ExploreLive feeds
About