🕴 Cyberattackers Bait Financial Firms with Google Cloud Platform 🕴

A new wave of attacks abuses the Google Cloud Platform URL redirection in PDF decoys, sending users to a malicious link.

📖 Read

via "Dark Reading: ".

❌ Fighting Fire with Fire: API Automation Risks ❌

A look at API attack trends such as the current (and failing) architectural designs for addressing security of these API transactions.

📖 Read

via "Threatpost | The first stop for security news".

🕴 Cisco Study Finds Fewer Data Breaches at GDPR-Ready Firms 🕴

Many organizations find that getting their data privacy house in order is paying off.

📖 Read

via "Dark Reading: ".

🕴 After Eight Years, Metasploit Gets Its First Major Update 🕴



📖 Read

via "Dark Reading: ".

ATENTION‼ New - CVE-2017-18359

PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled.

📖 Read

via "National Vulnerability Database".

⚠ Facebook debuts scam ads reporting tool ⚠

Adverts on Facebook featuring fake celebrity endorsements scam people out of their savings, and Facebook is now doing something about it.

📖 Read

via "Naked Security".

⚠ Cops catch $15m crypto-crook ⚠

A man has been arrested a year after stealing €10m ($15m) of the IoT-focused cryptocurrency IOTA using bogus software that tricked users.

📖 Read

via "Naked Security".

⚠ #DeleteFacebook? #DeleteTwitter? #FatLotOfGood that will do you ⚠

Your likes, interest and personality can be gleaned from as few as 8-9 friends on social media, whether you're on the platform or not.

📖 Read

via "Naked Security".

⚠ US gov declares emergency after wave of domain hijacking attacks ⚠

The US Department of Homeland Security (DHS) has issued an emergency directive tightening DNS security after a recent wave of domain hijacking attacks targeting government websites.

📖 Read

via "Naked Security".

⚠ Fighting Emotet: lessons from the front line ⚠

Emotet is moving, shape-shifting target for admins and their security software. Here's what we've learned from dealing with outbreaks.

📖 Read

via "Naked Security".

🔐 7 bug bounty myths, busted 🔐

Interest in bug bounty programs is exploding, as companies look to crowdsourcing to combat hackers. But several misconceptions remain.

📖 Read

via "Security on TechRepublic".

ATENTION‼ New - CVE-2017-18332 (mdm9607_firmware, mdm9635m_firmware, mdm9640_firmware, mdm9645_firmware, mdm9650_firmware, mdm9655_firmware, msm8909w_firmware, msm8996au_firmware, sd_205_firmware, sd_210_firmware, sd_212_firmware, sd_425_firmware, sd_430_firmware, sd_450_firmware, sd_625_firmware, sd_650_firmware, sd_652_firmware, sd_670_firmware, sd_710_firmware, sd_712_firmware, sd_820_firmware, sd_820a_firmware, sd_835_firmware, sd_845_firmware, sd_850_firmware, sda660_firmware, sdx20_firmware, sxr1130_firmware)

Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130

📖 Read

via "National Vulnerability Database".

🕴 The 5 Stages of CISO Success, Past & Future 🕴

In cybersecurity, as in history, security leaders who forget the lessons of the past will be doomed to repeat them.

📖 Read

via "Dark Reading: ".

🕴 Credential Compromises By the Numbers 🕴

Recent statistics show just how much credential stealing has become a staple in the attacker playbook.

📖 Read

via "Dark Reading: ".

❌ Razy Malware Attacks Browser Extensions to Steal Cryptocurrency ❌

The malware targets victims in multiple, sneaky ways as they move around the web.

📖 Read

via "Threatpost | The first stop for security news".

🕴 Satya Nadella: Privacy Is a Human Right 🕴

In a talk at the World Economic Forum, Microsoft's CEO voiced support for GDPR and expressed hope the United States creates a similar approach to privacy.

📖 Read

via "Dark Reading: ".

🕴 Ukraine Sees Surge in Election-Targeted Cyberattacks 🕴

The nation suspects Russia's hand in the attacks, which seem aimed at disrupting the upcoming presidential election.

📖 Read

via "Dark Reading: ".

<b>&#9000; Three Charged for Working With Serial Swatter &#9000;</b>

<code>The U.S. Justice Department has filed criminal charges against three U.S. men accused of swatting, or making hoax reports of bomb threats or murders in a bid to trigger a heavily armed police response to a target’s address. Investigators say the men, aged 19 to 23, all carried out the attacks with the help of Tyler Barriss, a convicted serial swatter whose last stunt in late 2018 cost an Oklahoma man his life.</code><code>Media</code><code>Image: FBI.gov</code><code>FBI agents on Wednesday arrested Neal Patel, 23, of Des Plaines, Ill. and Tyler Stewart, 19 of Gulf Breeze, Fla. The third defendant, Logan Patten, 19, of Greenwood, Mo., agreed to turn himself in. The men are charged in three separate indictments with conspiracy and conveying false information about the use of explosive devices.</code><code>Investigators say Patten, who used the Twitter handle “@spared,” hired Barriss in December 2017 to swat individuals and a high school in Less’s Summit, Mo.</code><code>Around the same time, Stewart, a.k.a. “@tragic” on Twitter, allegedly worked with Barriss to make two phony bomb threats to evacuate a high school in Gurnee, Ill. In that incident, Barriss admitted telling police in Gurnee he had left explosives in a classroom and was high on methamphetamine and was thinking about shooting teachers and students.</code><code>Also in December 2017, Patel allegedly worked with Barriss to plan a bomb threat targeting a video game convention in Dallas, Texas. Patel is also accused of using stolen credit cards to buy items of clothing for Barriss.</code><code>The Justice Department’s media release on the indictments doesn’t specify which convention Barriss and Patel allegedly swatted, but a Wired story from last year tied Barriss to a similarly timed bomb threat that caused the evacuation of a major Call of Duty tournament at the Dallas Convention Center.</code><code>“When the social media star SoaR Ashtronova tweeted about the confusion she felt as she fled the event beneath the whir of police helicopters, Barriss taunted her from one of his Twitter accounts: ‘It got ran, baby girl. Thats what happens,” Wired reported.</code><code>Interestingly, it was a dispute over a $1.50 grudge match in a Call of Duty game that would ultimately lead to Barriss’s final — and fatal — swatting a year later. On Dec. 28, 2018, Barriss phoned police in Wichita, Kan. from his location in California, telling them he was a local man who’d just shot his father and was holding other family members hostage.</code><code>Prosecutors say Barriss did so after getting in the middle of a dispute between two Call of Duty gamers, 18-year-old Casey Viner from Ohio and Shane Gaskill, 20, from Wichita. Viner allegedly asked Barriss to swat Gaskill. But when Gaskill noticed Barriss’ Twitter account suddenly following him online, he tried to deflect the attack. Barriss says Gaskill allegedly dared him to go ahead with the swat, but then gave Barriss an old home address — which was then being occupied by someone else.</code><code>When Wichita police responded to the address given by Barriss, they shot and killed 28-year-old Andrew Finch, a father of two who had no party to the dispute and did not know any of the three men.</code><code>Both Viner and Gaskill have been charged with wire fraud, conspiracy and obstruction of justice. Barriss pleaded guilty in Nov. 2018 to a total of 51 charges brought by federal prosecutors in Los Angeles, Kansas and Washington, D.C. He has agreed to serve a sentence of between 20 to 25 years in prison. Barrris is slated to be sentenced on March 1, 2019.</code><code>Stewart’s attorney declined to comment. Lawyers assigned to Patel and Patten could not be reached for comment.</code><code>As the victim of a swatting attack in 2013 and several other unsuccessful attempts, I am pleased to see federal authorities continue to take this crime seriously. According to the FBI,…

❌ Phishing Campaign Delivers Nasty Ransomware, Credential-Theft Two-Punch ❌

A spate of phishing emails with Word attachments deliver both the Gandcrab ransomware and Ursnif executable.

📖 Read

via "Threatpost | The first stop for security news".

🔐 Major vulnerability found in Android ES File Explorer app 🔐

Popular application ES File Explorer for Android has a significant vulnerability, putting your data at risk. Learn what's involved and how to remediate the threat.

📖 Read

via "Security on TechRepublic".

❌ Threatpost News Wrap Podcast For Jan. 25 ❌

From a massive GDPR fine on a big tech company, to an emergency government security alert, here are the top security stories of the week.

📖 Read

via "Threatpost | The first stop for security news".