β Siemens Patches Firewall Flaw That Put Operations at Risk β
π Read
via "Threatpost | The first stop for security news".
The industrial company on Tuesday released mitigations for eight vulnerabilities overall.π Read
via "Threatpost | The first stop for security news".
Threat Post
Siemens Patches Firewall Flaw That Put Operations at Risk
The industrial company on Tuesday released mitigations for eight vulnerabilities overall.
π Researchers discover seven new Meltdown and Spectre attacks π
π Read
via "Security on TechRepublic".
Experiments showed that processors from AMD, ARM, and Intel are affected.π Read
via "Security on TechRepublic".
TechRepublic
Researchers discover seven new Meltdown and Spectre attacks
Experiments showed that processors from AMD, ARM, and Intel are affected.
π΄ Sharpen Your Malware-Fighting Skills at Black Hat Europe π΄
π Read
via "Dark Reading: ".
Don't miss out on the Black Hat Briefings, Trainings, and Arsenal tools that will equip you with the knowledge and skills you need to deal with today's top malware.π Read
via "Dark Reading: ".
Dark Reading
Sharpen Your Malware-Fighting Skills at Black Hat Europe
Don't miss out on the Black Hat Briefings, Trainings, and Arsenal tools that will equip you with the knowledge and skills you need to deal with today's top malware.
π΄ Understanding Evil Twin AP Attacks and How to Prevent Them π΄
π Read
via "Dark Reading: ".
The attack surface remains largely unprotected from Wi-Fi threats that can result in stolen credentials and sensitive information as well as backdoor/malware payload drops.π Read
via "Dark Reading: ".
Darkreading
Understanding Evil Twin AP Attacks and How to Prevent Them
The attack surface remains largely unprotected from Wi-Fi threats that can result in stolen credentials and sensitive information as well as backdoor/malware payload drops.
π΄ Airlines Have a Big Problem with Bad Bots π΄
π Read
via "Dark Reading: ".
Bad bots account for 43.9% of all traffic on their websites, APIs, and mobile apps, according to a new analysis of 100 airlines.π Read
via "Dark Reading: ".
Darkreading
Airlines Have a Big Problem with Bad Bots
Bad bots account for 43.9% of all traffic on their websites, APIs, and mobile apps, according to a new analysis of 100 airlines.
π΄ Black Hat: European Security Pros Wrestling With Potential Breaches, Privacy Issues π΄
π Read
via "Dark Reading: ".
Black Hat Europe attendee survey shows European cybersecurity leaders are uncertain of their ability to protect end user data - and are fearful of a near-term breach of critical infrastructure.π Read
via "Dark Reading: ".
Dark Reading
Black Hat: European Security Pros Wrestling With Potential Breaches, Privacy Issues
Black Hat Europe attendee survey shows European cybersecurity leaders are uncertain of their ability to protect end user data - and are fearful of a near-term breach of critical infrastructure.
π΄ Cryptojacking, Mobile Malware Growing Threats to the Enterprise π΄
π Read
via "Dark Reading: ".
At the same time, criminal organizations continue to look for new ways to attack their victims.π Read
via "Dark Reading: ".
Darkreading
Cryptojacking, Mobile Malware Growing Threats to the Enterprise
At the same time, criminal organizations continue to look for new ways to attack their victims.
<b>⌨ Calif. Man Pleads Guilty in Fatal Swatting Case, Faces 20+ Years in Prison ⌨</b>
<code>A California man who pleaded guilty Tuesday to causing dozens of swatting attacks β including a deadly incident in Kansas last year β now faces 20 or more years in prison.</code><code>Media</code><code>Tyler Raj Barriss, in an undated selfie.</code><code>Tyler Barriss, 25, went by the nickname SWAuTistic on Twitter, and reveled in perpetrating βswattingβ attacks. These dangerous hoaxes involve making false claims to emergency responders about phony hostage situations or bomb threats, with the intention of prompting a heavily-armed police response to the location of the claimed incident.</code><code>On Dec. 28, 2018, Barriss placed a call from California to police in Wichita, Kansas, claiming that he was a local resident whoβd just shot his father and was holding other family members hostage.</code><code>When Wichita officers responded to the address given by the caller β 1033 W. McCormick β they shot and killed 28-year-old Andrew Finch, a father of two who had done nothing wrong.</code><code>Barriss admitted setting that fatal swatting attack in motion after getting in the middle of a dispute between two Call of Duty gamers, 18-year-old Casey Viner from Ohio and Shane Gaskill, 20, from Wichita.</code><code>Viner allegedly asked Barriss to swat Gaskill. But when Gaskill noticed Barrissβ Twitter account (@swattingaccount) suddenly following him online, he tried to deflect the attack. Barriss says Gaskill allegedly dared him to go ahead with the swat, but then gave Barriss an old home address β 1033 W. McCormick β which was then being occupied by Finchβs family.</code><code>Viner and Gaskill are awaiting trial. A more detailed account of their alleged dispute is told here.</code><code>According to the Justice Department, Barriss pleaded guilty to making hoax bomb threats in phone calls to the headquarters of the FBI and the Federal Communications Commission in Washington, D.C. He also made bomb threat and swatting calls from Los Angeles to emergency numbers in Ohio, New Hampshire, Nevada, Massachusetts, Illinois, Utah, Virginia, Texas, Arizona, Missouri, Maine, Pennsylvania, New Mexico, New York, Michigan, Florida and Canada.</code><code>U.S. Attorney Stephen McAllister said Barriss faces 20 years or more in prison. Barriss is due to be sentenced Jan. 30, 2019.</code><code>Many readers following this story over the past year have commented here that the officer who fired the shot which killed Andrew Finch should also face prosecution. However, the district attorney for the county that encompasses Wichita decided in April that the officer will not face charges, and will not be named because he isnβt being charged with a crime.</code><code>As the victim of a swatting attack in 2013 and two other attempted swattings, Iβm glad to finally see a swatting prosecution that may actually serve as a deterrent to this idiotic and extremely dangerous crime going forward.</code><code>Itβs also great to see police departments like Seattleβs taking steps to help head off swatting incidents before they happen. Last month, the Seattle Police 911 Center launched a new program that lets residents register their address and corresponding concerns if they feel they may be the target of swatting.</code><code>But it would also be nice if more police forces around the country received additional training on exercising restraint in the use of deadly force, particularly in responding to hostage or bomb threat scenarios that have hallmarks of a swatting hoax.</code><code>For example, perpetrators of swatting often call non-emergency numbers at state and local police departments to carry out their crimes precisely because they are not local to the region and cannot reach the targetβs police department by calling 911. This is exactly what Tyler Barriss did in the Wichita case and others. Swatters also often use text-to-speech (TTY) services for the hearingβ¦
<code>A California man who pleaded guilty Tuesday to causing dozens of swatting attacks β including a deadly incident in Kansas last year β now faces 20 or more years in prison.</code><code>Media</code><code>Tyler Raj Barriss, in an undated selfie.</code><code>Tyler Barriss, 25, went by the nickname SWAuTistic on Twitter, and reveled in perpetrating βswattingβ attacks. These dangerous hoaxes involve making false claims to emergency responders about phony hostage situations or bomb threats, with the intention of prompting a heavily-armed police response to the location of the claimed incident.</code><code>On Dec. 28, 2018, Barriss placed a call from California to police in Wichita, Kansas, claiming that he was a local resident whoβd just shot his father and was holding other family members hostage.</code><code>When Wichita officers responded to the address given by the caller β 1033 W. McCormick β they shot and killed 28-year-old Andrew Finch, a father of two who had done nothing wrong.</code><code>Barriss admitted setting that fatal swatting attack in motion after getting in the middle of a dispute between two Call of Duty gamers, 18-year-old Casey Viner from Ohio and Shane Gaskill, 20, from Wichita.</code><code>Viner allegedly asked Barriss to swat Gaskill. But when Gaskill noticed Barrissβ Twitter account (@swattingaccount) suddenly following him online, he tried to deflect the attack. Barriss says Gaskill allegedly dared him to go ahead with the swat, but then gave Barriss an old home address β 1033 W. McCormick β which was then being occupied by Finchβs family.</code><code>Viner and Gaskill are awaiting trial. A more detailed account of their alleged dispute is told here.</code><code>According to the Justice Department, Barriss pleaded guilty to making hoax bomb threats in phone calls to the headquarters of the FBI and the Federal Communications Commission in Washington, D.C. He also made bomb threat and swatting calls from Los Angeles to emergency numbers in Ohio, New Hampshire, Nevada, Massachusetts, Illinois, Utah, Virginia, Texas, Arizona, Missouri, Maine, Pennsylvania, New Mexico, New York, Michigan, Florida and Canada.</code><code>U.S. Attorney Stephen McAllister said Barriss faces 20 years or more in prison. Barriss is due to be sentenced Jan. 30, 2019.</code><code>Many readers following this story over the past year have commented here that the officer who fired the shot which killed Andrew Finch should also face prosecution. However, the district attorney for the county that encompasses Wichita decided in April that the officer will not face charges, and will not be named because he isnβt being charged with a crime.</code><code>As the victim of a swatting attack in 2013 and two other attempted swattings, Iβm glad to finally see a swatting prosecution that may actually serve as a deterrent to this idiotic and extremely dangerous crime going forward.</code><code>Itβs also great to see police departments like Seattleβs taking steps to help head off swatting incidents before they happen. Last month, the Seattle Police 911 Center launched a new program that lets residents register their address and corresponding concerns if they feel they may be the target of swatting.</code><code>But it would also be nice if more police forces around the country received additional training on exercising restraint in the use of deadly force, particularly in responding to hostage or bomb threat scenarios that have hallmarks of a swatting hoax.</code><code>For example, perpetrators of swatting often call non-emergency numbers at state and local police departments to carry out their crimes precisely because they are not local to the region and cannot reach the targetβs police department by calling 911. This is exactly what Tyler Barriss did in the Wichita case and others. Swatters also often use text-to-speech (TTY) services for the hearingβ¦
π΄ Security Teams Struggle with Container Security Strategy π΄
π Read
via "Dark Reading: ".
Fewer than 30% of firms have more than a basic container security plan in place.π Read
via "Dark Reading: ".
Dark Reading
Security Teams Struggle with Container Security Strategy
Fewer than 30% of firms have more than a basic container security plan in place.
π΄ Small-Time Cybercriminals Landing Steady Low Blows π΄
π Read
via "Dark Reading: ".
High-end crime groups are acquiring the sorts of sophisticated capabilities only nation-states once had, while low-tier criminals maintain a steady stream of malicious activity, from cryptomining to PoS malware.π Read
via "Dark Reading: ".
Darkreading
Small-Time Cybercriminals Landing Steady Low Blows
High-end crime groups are acquiring the sorts of sophisticated capabilities only nation-states once had, while low-tier criminals maintain a steady stream of malicious activity, from cryptomining to PoS malware.
β Pwn2Own Trifecta: Galaxy S9, iPhone X and Xiaomi Mi6 Fall to Hackers β
π Read
via "Threatpost | The first stop for security news".
Hacker contest earns participants $325,000 based on the discovery of 18 vulnerabilities.π Read
via "Threatpost | The first stop for security news".
Threat Post
Pwn2Own Trifecta: Galaxy S9, iPhone X and Xiaomi Mi6 Fall to Hackers
Hacker contest earns participants $325,000 based on the discovery of 18 vulnerabilities.
β Bitcoin Giveaway Scam Balloons, with Google the Latest Victim β
π Read
via "Threatpost | The first stop for security news".
A slew of verified Twitter accounts have been hijacked and altered, used to tweet out a bogus Bitcoin giveaway scam.π Read
via "Threatpost | The first stop for security news".
Threat Post
Bitcoin Giveaway Scam Balloons, with Google the Latest Victim
A slew of verified Twitter accounts have been hijacked and altered, used to tweet out a bogus Bitcoin giveaway scam.
β Steganography β cool cybersecurity trick or dangerous risk? [VIDEO] β
π Read
via "Naked Security".
Burying secret data in plain sight- is it a clever cybersecurity trick, or a way to attract the very attention you wanted to avoid?π Read
via "Naked Security".
Naked Security
Steganography β cool cybersecurity trick or dangerous risk? [VIDEO]
Burying secret data in plain sight- is it a clever cybersecurity trick, or a way to attract the very attention you wanted to avoid?
β France: Letβs make the internet safer! US: βHow about NO?!β β
π Read
via "Naked Security".
Don't cry for us, Argentina: Critics saw potential for government meddling without court order, among other issues.π Read
via "Naked Security".
Naked Security
France: Letβs make the internet safer! US: βHow about NO?!β
Donβt cry for us, Argentina: Critics saw potential for government meddling without court order, among other issues.
β DARPA uses a remote island to stage a cyberattack on the US power grid β
π Read
via "Naked Security".
It enacted a worst-case, "black start" scenario: swaths of the country's grid offline for a month, battery backups exhausted.π Read
via "Naked Security".
Naked Security
DARPA uses a remote island to stage a cyberattack on the US power grid
It enacted a worst-case, βblack startβ scenario: swaths of the countryβs grid offline for a month, battery backups exhausted.
β Official Google Twitter account hacked in Bitcoin scam β
π Read
via "Naked Security".
The epidemic of Twitter-based Bitcoin scams took another twist this week as attackers tweeted scams directly from two verified high-profile accounts.π Read
via "Naked Security".
Naked Security
Official Google Twitter account hacked in Bitcoin scam
The epidemic of Twitter-based Bitcoin scams took another twist this week as attackers tweeted scams directly from two verified high-profile accounts.
ATENTIONβΌ New - CVE-2015-9274
π Read
via "National Vulnerability Database".
HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-table.hh, hb-ot-layout-gsub-table.hh, and hb-ot-layout-gsubgpos-private.hh.π Read
via "National Vulnerability Database".
π΄ Learn How to Better Protect your Network at Black Hat Europe π΄
π Read
via "Dark Reading: ".
Whether you're sussing out vulnerabilities or defending enterprise networks, Black Hat Europe's lineup of Briefings, Trainings, and Arsenal tools will help you take things to the next level.π Read
via "Dark Reading: ".
Dark Reading
Learn How to Better Protect your Network at Black Hat Europe
Whether you're sussing out vulnerabilities or defending enterprise networks, Black Hat Europe's lineup of Briefings, Trainings, and Arsenal tools will help you take things to the next level.
π Micro data centers are changing IT's role in the retail industry in unexpected ways π
π Read
via "Security on TechRepublic".
As brick-and-mortar retailers use micro data centers to power unique customer experiences and compete with online giants like Amazon, they're ramping up IT to manage these mission-critical systems.π Read
via "Security on TechRepublic".
TechRepublic
Micro data centers are changing IT's role in the retail industry in unexpected ways
As brick-and-mortar retailers use micro data centers to power unique customer experiences and compete with online giants like Amazon, they're ramping up IT to manage these mission-critical systems.
π΄ From Reactive to Proactive: Security as the Bedrock of the SDLC π΄
π Read
via "Dark Reading: ".
Secure code development should be a priority, not an afterthought, and adopting the software development life cycle process is a great way to start.π Read
via "Dark Reading: ".
Darkreading
From Reactive to Proactive: Security as the Bedrock of the SDLC
Secure code development should be a priority, not an afterthought, and adopting the software development life cycle process is a great way to start.
π Cyber Monday shoppers will overlook past cybersecurity breaches for a good deal π
π Read
via "Security on TechRepublic".
Some 62% of online shoppers are willing to shop sites vulnerable to breaches for a discount on Cyber Monday, a DomainTools report says.π Read
via "Security on TechRepublic".
TechRepublic
Cyber Monday shoppers will overlook past cybersecurity breaches for a good deal
Some 62% of online shoppers are willing to shop sites vulnerable to breaches for a discount on Cyber Monday, a DomainTools report says.