NTIA announced in Monday's Federal Register the Sept. 29 first meeting of its multistakeholder process to create a set of common principles and best practices for security vulnerability information disclosures. Stakeholders are to meet at the University of California-Berkeley School of Law, NTIA said. It plans to use similar multistakeholder processes in the future for other cybersecurity issues (see 1508280036).

Despite the recent breach into infidelity site Ashley Madison (see 1508280041) and subsequent online posting of users’ sensitive information “hundreds of thousands of new users signed up for the Ashley Madison platform -- including 87,596 women” last week, Ashley Madison parent Avid Life Media said in a news release Monday. As of Aug. 29, the Ashley Madison app is the 14th highest grossing app in the U.S. social networking category in the Apple App store, it said. About 70 percent of the company’s revenue on any given day is from members making repeat purchases, it said. “Recent media reports predicting the imminent demise of Ashley Madison are greatly exaggerated.” In response to claims there are numerous fake female accounts created on the site to lure men into thinking their odds of having an affair are greater, the company said women sent more than 2.8 million messages within the platform last week, and the ratio of men who communicate with women is 1.2 to 1.

A domain masquerading as an official Electronic Frontier Foundation site has been tricking users into a false sense of trust and has been used in a spear phishing attack, or emails that appear to be from a familiar individual or business, wrote EFF Staff Technologist Cooper Quintin in a blog post Thursday. The domain, ElectronicFrontierFoundation.org, was registered Aug. 4, and it’s suspected of the phishing attacks that began that same day, Quintin said. The domain “seems to be part of a larger campaign, known as ‘Pawn Storm’” that began a little more than a month ago and is thought to be associated with the Russian government, Quintin said. The domain has been reported for abuse, but was still active when Quintin wrote his blog. As part of the phishing attack, an attacker "sends the target a spear phishing email containing a link to a unique URL on the malicious domain (in this case electronicfrontierfoundation.org)," Quintin said. When the user visits the URL, they are redirected to another unique URL that contains a "Java applet which exploits a vulnerable version of Java," he said. "Once the URL is used and the Java payload is received, the URL is disabled and will no longer deliver malware (presumably to make life harder for malware analysts)," Quintin said. "The attacker, now able to run any code on the user's machine due to the Java exploit, downloads a second payload, which is a binary program to be executed on the target's computer."

The FTC will host a conference Jan. 14 on research and trends in protecting consumer privacy and security, a news release said Friday. PrivacyCon will bring stakeholders, white hat researchers, academics, industry representatives, federal policymakers and consumer advocates together, the release said. FTC staff is calling for original research on new vulnerabilities and how they might be exploited, plus research in areas like big data, the IoT, and consumer attitudes toward privacy, it said. Proposals for presentations will be accepted until Oct. 9. “We want to increase the FTC’s engagement with the technology community in order to more effectively encourage innovation that is protective of consumer privacy and security,” said FTC Chairwoman Edith Ramirez of the event. “At PrivacyCon, our goal is to have leading experts in privacy and data security sit at the table with us and other policymakers to discuss their original research findings and the implications for consumer privacy."

NTIA plans to continue to “closely monitor” the ICANN community’s work on an Internet Assigned Numbers Authority (IANA) transition plan and a related set of proposed changes to ICANN’s accountability mechanisms, the federal agency said Friday in its Q3 report to Congress. NTIA is required under the FY 2015 Department of Commerce budget to report on the IANA transition process on a quarterly basis. NTIA said it wants to ensure the IANA transition plan “fully meets” the criteria that the agency established, including “that the proposal must support and enhance the multistakeholder model of Internet governance, i.e., it should be developed by the multistakeholder community and have broad community support. We will not accept a transition proposal that replaces the NTIA role with a government-led or intergovernmental organization solution.” NTIA had said it intends to extend its current contract with ICANN to administer the IANA functions until Sept. 30, 2016, to give ICANN additional time to plan the IANA transition and implement requisite accountability changes (see 1508180068). The specifics of NTIA’s planned review of ICANN’s IANA transition plan “will depend in part on the thoroughness of the processes the community uses to develop and review its proposal,” NTIA said. “For example, if the community ‘stress tests’ any new process or structures included in the proposal prior to submission, well-documented results may facilitate NTIA’s review.”

Global shipments of tablets, including “detachables” sold with 2-in-1 devices, are expected to decline 8 percent this year to 212 million, IDC said Wednesday in a forecast report. The 2-in-1 segment “is starting to gain traction,” the research firm said. IDC expects that segment to grow 86.5 percent year over year in 2015, with 14.7 million units shipped. IDC sees iOS tablet device shipments declining 14.9 percent this year to 54 million units, while Android tablet shipments are expected to decline 10 percent to 139.8 million. Percentage-wise, Windows tablets will be 2015's big winner, rising 59.5 percent to 17.7 million, it said. IDC also sees Windows tablets rising at a 30.3 percent compound annual growth rate through 2019, compared with a 2.7 percent CAGR decline for Android and a 0.5 percent CAGR decline for iOS.

The debut of Apple Watch catapulted Apple into second place in wearables shipment volume and market share in Q2, said IDC. Apple shipped 3.6 million watches in Q2, 19.9 percent of the worldwide wearables market, said the research firm Thursday. Market leader Fitbit shipped 4.4 million units, losing roughly 6 percentage points in market share, but it had 159 percent growth during the quarter, said IDC. Total wearables shipment volume for the quarter was 18.1 million units, up 223 percent jump from Q2 2014, it said. "Anytime Apple enters a new market, not only does it draw attention to itself, but to the market as a whole," said Ramon Llamas, research manager-wearables at IDC. Apple's arrival in the category had the greatest impact on smart wearables capable of running third-party apps, said Jitesh Ubrani, senior research analyst.

Cisco said it completed the purchase of cybersecurity firm OpenDNS. The $635 million deal, announced in late June (see 1506300068), “will advance Cisco's Security Everywhere approach by adding broad visibility, enforcement, and threat intelligence from the OpenDNS cloud-delivered platform,” Cisco said Thursday. The company began integrating OpenDNS’ platforms Thursday via an application programming interface that will allow customers of both companies’ services to immediately benefit from both the OpenDNS Umbrella service and Cisco’s AMP Threat Grid. “By integrating the OpenDNS platform with Cisco's security solutions, customers will receive greater network visibility and threat intelligence for cloud delivered protection against malicious websites and threats,” David Goeckeler, Cisco general manager-Security Business Group, said in a news release. OpenDNS CEO David Ulevitch is now Cisco Security Business Group vice president, Cisco said.

Illinois Gov. Bruce Rauner (R) vetoed a data breach notification bill (SB-1833) that would have extended the types of protected personal information to include medical, health insurance, biometric, consumer marketing and geolocation information. In a letter to the General Assembly dated Aug. 21, Rauner said the bill was too burdensome compared with efforts in other states, requiring breach notification to occur in 30 days instead of 45 days, which Rauner said would hurt the state’s economy. If the legislature removed geolocation information and consumer marketing data from the bill as protected information, and other “duplicative information,” Rauner said he would sign the legislation. Notification should remain at 45 days, he said.

The Department of Defense issued a proposed interim rule on cyber incidents. It would amend the Defense Federal Acquisition Regulation Supplement (DFARS) to implement a section of the National Defense Authorization Act for FY 2013 and a section of the National Defense Authorization Act for FY 2015, both of which require contractor reporting on network penetrations, said a DOD notice in Wednesday's Federal Register. “This interim rule requires contractors and subcontractors to report cyber incidents that result in an actual or potentially adverse effect on a covered contractor information system or covered defense information residing therein, or on a contractor's ability to provide operationally critical support,” the Pentagon said. “Cyber incidents involving classified information on classified contractor systems will continue to be reported in accordance with the National Industrial Security Program Operating Manual.” Comments are due Oct. 26.