🔐 A year after Spectre and Meltdown, how well do patches work? 🔐

Attempts to mitigate the landmark vulnerabilities have caused crashes, sudden reboots, and performance degradations. Here's the progress report on the Spectre and Meltdown solution.

📖 Read

via "Security on TechRepublic".

🔐 12 ways to stay cybersecure over the holidays 🔐

Unboxing a new device gift can be exciting, but you need to follow these steps to ensure you don't invite hackers in, according to Palo Alto Networks.

📖 Read

via "Security on TechRepublic".

🕴 APT10 Indictments Show Shift to MSP Targets 🕴

US brings more indictments against a cyber espionage group operating in China, but what will they accomplish?

📖 Read

via "Dark Reading: ".

⚠ Microsoft gets users test driving Patch Tuesday’s non-security updates ⚠

Are Microsoft's new C and D updates a good idea or a beta by another name?

📖 Read

via "Naked Security".

🕴 Criminals Move Markets to Remain in the Shadows 🕴

While malware families and targets continue to evolve, the most important shift might be happening in the background.

📖 Read

via "Dark Reading: ".

🕴 US Indicts 2 APT10 Members for Years-Long Hacking Campaign 🕴

In an indictment unsealed this morning, the US ties China's state security agency to a widespread campaign of personal and corporate information theft.

📖 Read

via "Dark Reading: ".

🕴 APT10 Indictments Show Shift to MSP Targets 🕴

US brings more indictments against a cyber espionage group operating in China, but what will they accomplish?

📖 Read

via "Dark Reading: ".

❌ Caribou Coffee, Bruegger’s Bagels Bitten by Months-Long Breach ❌

Hackers targeted hundreds of bagel stores across the U.S. to devour customers' credit card info.

📖 Read

via "Threatpost | The first stop for security news".

🕴 I Spy: Dark Reading Caption Contest Winners 🕴

No shortage of political humor and inside security jokes in this batch of cartoon caption contenders. And the winners are ...

📖 Read

via "Dark Reading: ".

🕴 Amazon Slip-Up Shows How Much Alexa Really Knows 🕴

Amazon mistakenly sent one user's Alexa recordings to a stranger but neglected to disclose the error.

📖 Read

via "Dark Reading: ".

🔐 Why small businesses should check out the PCI SSC's Data Security Essentials 🔐

Cash-strapped small businesses get help from the PCI SSC's data security evaluation tool and additional resources to better understand and secure their digital payment systems.

📖 Read

via "Security on TechRepublic".

⚠ More phishing attacks on Yahoo and Gmail SMS 2FA authentication ⚠

The second report in a week has analysed phishing attacks that are attempting – and probably succeeding – in bypassing older forms of two-factor authentication (2FA).

📖 Read

via "Naked Security".

❌ FBI Denies Service to 15 DDoS-for-Hire Sites, Charges Operators ❌

The FBI has taken down several of the largest DDoS-as-a-service sites on the web.

📖 Read

via "Threatpost | The first stop for security news".

⚠ Ep. 013 – Breaches, Facebook and ransomware reinvented [PODCAST] ⚠

We ring out 2018 with a look at the big issues of the past year. Listen and enjoy!

📖 Read

via "Naked Security".

🔐 How to prevent wire-transfer fraud: Tips for SMBs 🔐

The information garnered by cybercriminals during a phishing attack is sometimes used to perpetrate costly fraudulent wire transfers. Learn how to prevent the initial phishing scams.

📖 Read

via "Security on TechRepublic".

🕴 Unpatched Kernel-Level Vuln in IBM Security Tool for Apple MacOS Revealed 🕴

Researchers disclose signedness bug in driver used by IBM Trusteer Rapport endpoint security tool after IBM fails to deliver timely patch.

📖 Read

via "Dark Reading: ".

🕴 7 Business Metrics Security Pros Need to Know 🕴

These days, security has to speak the language of business. These KPIs will get you started.

📖 Read

via "Dark Reading: ".

<b>&#9000; Serial Swatter and Stalker Mir Islam Arrested for Allegedly Dumping Body in River &#9000;</b>

<code>A 22-year-old man convicted of cyberstalking and carrying out numerous bomb threats and swatting attacks — including a 2013 swatting incident at my home — was arrested Sunday morning in the Philippines after allegedly helping his best friend dump the body of a housemate into a local river.</code><code>Media</code><code>Suspects Troy Woody Jr. (left) and Mir Islam, were arrested in Manila this week for allegedly dumping the body of Woody’s girlfriend in a local river. Image:  Manila Police Dept.</code><code>Police in Manila say 22-year-old U.S citizens Mir Islam and Troy Woody Jr., 21, booked an Uber to pick them up at Woody’s condominium in Mandaluyong City, and when the driver arrived the two men stuffed a large box into the trunk of the vehicle.</code><code>According to the driver, Islam and Woody asked to be driven to a nearby shopping mall, but told the driver along the way to stop at a compound near the Pasig River in Manila, where the two men allegedly dumped the box before getting back in the Uber.</code><code>The Inquirier reports that authorities recovered the box and identified the victim as Tomi Michelle Masters, 23, also a U.S. citizen from Indiana who was reportedly dating Woody and living in the same condo. Masters’ Instagram profile states that she was in a relationship with Woody.</code><code>Brooklyn, NY native Islam, a.k.a. “Josh the God,” has a long rap sheet for computer-related crimes. He briefly rose to Internet infamy as one of the core members of UGNazi, an online mischief-making group that claimed credit for hacking and attacking a number of high-profile Web sites.</code><code>On June 25, 2012, Islam and nearly two-dozen others were caught up in an FBI dragnet dubbed Operation Card Shop. The government accused Islam of being a founding member of carders[dot]org — a credit card fraud forum — trafficking in stolen credit card information, and possessing information for more than 50,000 credit cards.</code><code>Media</code><code>JoshTheGod’s (Mir Islam’s ) Twitter feed, in April 2012 warning fellow carding forum carderprofit members that the forum was being run by the FBI.</code><code>In June 2016, Islam was sentenced to a year in prison for an impressive array of crimes, including stalking people online and posting their personal data on the Internet. Islam also pleaded guilty to reporting phony bomb threats and fake hostage situations at the homes of celebrities and public officials (as well as this author).</code><code>At that 2016 sentencing, Islam’s lawyer argued that his client suffered from multiple psychological disorders, and that he and his co-conspirators orchestrated the swattings of a sense of “anarchic libertarianism.”</code><code>Islam was let out of prison under supervised release before serving the whole sentence, but soon was back inside after violating the terms of his release. Earlier this year, Islam filed a typosquatting lawsuit from prison that named Woody Jr. In that bizarre handwritten complaint (PDF), Islam refers to Woody variously as “TJ” and “Josh,” and says the two men were best friends and have known each other for eight years.</code><code>Media</code><code>An anti-cybersquatting domain dispute filed by Mir Islam earlier this year while in jail. In it, Islam refers to Woody as “TJ” and says the two have been best friends for years.</code><code>Troy Woody Jr. describes himself as an “early crypto investor,” but sources say Woody — like Islam — was a core member of the UGNazi group who went by the nicknames “MrOsama,” and “Everlife.” His Instagram profile suggests he was in a relationship with Ms. Masters. Both are pictured in the first of the three large photos below, taken from Woody’s Instagram account.</code><code>Media</code><code>The Instagram profile of Troy Woody Jr., a.k.a. “titled,” and “MrOsama,” one of two Americans arrested today for allegedly dumping a…

❌ 2018: A Banner Year for Breaches ❌

A look back at the blizzard of breaches that made up 2018.

📖 Read

via "Threatpost | The first stop for security news".

❌ San Diego School District Data Breach Hits 500k Students ❌

A phishing attack led to the data breach of students' social security numbers, addresses, and more.

📖 Read

via "Threatpost | The first stop for security news".

❌ Critical Bug Patched in Schneider Electric Vehicle Charging Station ❌

Vulnerability in electric car charging stations could allow attackers to compromise devices.

📖 Read

via "Threatpost | The first stop for security news".