π΄ Credential Compromises By the Numbers π΄
π Read
via "Dark Reading: ".
Recent statistics show just how much credential stealing has become a staple in the attacker playbook.π Read
via "Dark Reading: ".
Darkreading
Credential Compromises by the Numbers
Recent statistics show just how much credential stealing has become a staple in the attacker playbook.
β Razy Malware Attacks Browser Extensions to Steal Cryptocurrency β
π Read
via "Threatpost | The first stop for security news".
The malware targets victims in multiple, sneaky ways as they move around the web.π Read
via "Threatpost | The first stop for security news".
Threat Post
Razy Malware Attacks Browser Extensions to Steal Cryptocurrency
The malware targets victims in multiple, sneaky ways as they move around the web.
π΄ Satya Nadella: Privacy Is a Human Right π΄
π Read
via "Dark Reading: ".
In a talk at the World Economic Forum, Microsoft's CEO voiced support for GDPR and expressed hope the United States creates a similar approach to privacy.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π΄ Ukraine Sees Surge in Election-Targeted Cyberattacks π΄
π Read
via "Dark Reading: ".
The nation suspects Russia's hand in the attacks, which seem aimed at disrupting the upcoming presidential election.π Read
via "Dark Reading: ".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
<b>⌨ Three Charged for Working With Serial Swatter ⌨</b>
<code>The U.S. Justice Department has filed criminal charges against three U.S. men accused of swatting, or making hoax reports of bomb threats or murders in a bid to trigger a heavily armed police response to a targetβs address. Investigators say the men, aged 19 to 23, all carried out the attacks with the help of Tyler Barriss, a convicted serial swatter whose last stunt in late 2018 cost an Oklahoma man his life.</code><code>Media</code><code>Image: FBI.gov</code><code>FBI agents on Wednesday arrested Neal Patel, 23, of Des Plaines, Ill. and Tyler Stewart, 19 of Gulf Breeze, Fla. The third defendant, Logan Patten, 19, of Greenwood, Mo., agreed to turn himself in. The men are charged in three separate indictments with conspiracy and conveying false information about the use of explosive devices.</code><code>Investigators say Patten, who used the Twitter handle β@spared,β hired Barriss in December 2017 to swat individuals and a high school in Lessβs Summit, Mo.</code><code>Around the same time, Stewart, a.k.a. β@tragicβ on Twitter, allegedly worked with Barriss to make two phony bomb threats to evacuate a high school in Gurnee, Ill. In that incident, Barriss admitted telling police in Gurnee he had left explosives in a classroom and was high on methamphetamine and was thinking about shooting teachers and students.</code><code>Also in December 2017, Patel allegedly worked with Barriss to plan a bomb threat targeting a video game convention in Dallas, Texas. Patel is also accused of using stolen credit cards to buy items of clothing for Barriss.</code><code>The Justice Departmentβs media release on the indictments doesnβt specify which convention Barriss and Patel allegedly swatted, but a Wired story from last year tied Barriss to a similarly timed bomb threat that caused the evacuation of a major Call of Duty tournament at the Dallas Convention Center.</code><code>βWhen the social media star SoaR Ashtronova tweeted about the confusion she felt as she fled the event beneath the whir of police helicopters, Barriss taunted her from one of his Twitter accounts: βIt got ran, baby girl. Thats what happens,β Wired reported.</code><code>Interestingly, it was a dispute over a $1.50 grudge match in a Call of Duty game that would ultimately lead to Barrissβs final β and fatal β swatting a year later. On Dec. 28, 2018, Barriss phoned police in Wichita, Kan. from his location in California, telling them he was a local man whoβd just shot his father and was holding other family members hostage.</code><code>Prosecutors say Barriss did so after getting in the middle of a dispute between two Call of Duty gamers, 18-year-old Casey Viner from Ohio and Shane Gaskill, 20, from Wichita. Viner allegedly asked Barriss to swat Gaskill. But when Gaskill noticed Barrissβ Twitter account suddenly following him online, he tried to deflect the attack. Barriss says Gaskill allegedly dared him to go ahead with the swat, but then gave Barriss an old home address β which was then being occupied by someone else.</code><code>When Wichita police responded to the address given by Barriss, they shot and killed 28-year-old Andrew Finch, a father of two who had no party to the dispute and did not know any of the three men.</code><code>Both Viner and Gaskill have been charged with wire fraud, conspiracy and obstruction of justice. Barriss pleaded guilty in Nov. 2018 to a total of 51 charges brought by federal prosecutors in Los Angeles, Kansas and Washington, D.C. He has agreed to serve a sentence of between 20 to 25 years in prison. Barrris is slated to be sentenced on March 1, 2019.</code><code>Stewartβs attorney declined to comment. Lawyers assigned to Patel and Patten could not be reached for comment.</code><code>As the victim of a swatting attack in 2013 and several other unsuccessful attempts, I am pleased to see federal authorities continue to take this crime seriously. According to the FBI,β¦
<code>The U.S. Justice Department has filed criminal charges against three U.S. men accused of swatting, or making hoax reports of bomb threats or murders in a bid to trigger a heavily armed police response to a targetβs address. Investigators say the men, aged 19 to 23, all carried out the attacks with the help of Tyler Barriss, a convicted serial swatter whose last stunt in late 2018 cost an Oklahoma man his life.</code><code>Media</code><code>Image: FBI.gov</code><code>FBI agents on Wednesday arrested Neal Patel, 23, of Des Plaines, Ill. and Tyler Stewart, 19 of Gulf Breeze, Fla. The third defendant, Logan Patten, 19, of Greenwood, Mo., agreed to turn himself in. The men are charged in three separate indictments with conspiracy and conveying false information about the use of explosive devices.</code><code>Investigators say Patten, who used the Twitter handle β@spared,β hired Barriss in December 2017 to swat individuals and a high school in Lessβs Summit, Mo.</code><code>Around the same time, Stewart, a.k.a. β@tragicβ on Twitter, allegedly worked with Barriss to make two phony bomb threats to evacuate a high school in Gurnee, Ill. In that incident, Barriss admitted telling police in Gurnee he had left explosives in a classroom and was high on methamphetamine and was thinking about shooting teachers and students.</code><code>Also in December 2017, Patel allegedly worked with Barriss to plan a bomb threat targeting a video game convention in Dallas, Texas. Patel is also accused of using stolen credit cards to buy items of clothing for Barriss.</code><code>The Justice Departmentβs media release on the indictments doesnβt specify which convention Barriss and Patel allegedly swatted, but a Wired story from last year tied Barriss to a similarly timed bomb threat that caused the evacuation of a major Call of Duty tournament at the Dallas Convention Center.</code><code>βWhen the social media star SoaR Ashtronova tweeted about the confusion she felt as she fled the event beneath the whir of police helicopters, Barriss taunted her from one of his Twitter accounts: βIt got ran, baby girl. Thats what happens,β Wired reported.</code><code>Interestingly, it was a dispute over a $1.50 grudge match in a Call of Duty game that would ultimately lead to Barrissβs final β and fatal β swatting a year later. On Dec. 28, 2018, Barriss phoned police in Wichita, Kan. from his location in California, telling them he was a local man whoβd just shot his father and was holding other family members hostage.</code><code>Prosecutors say Barriss did so after getting in the middle of a dispute between two Call of Duty gamers, 18-year-old Casey Viner from Ohio and Shane Gaskill, 20, from Wichita. Viner allegedly asked Barriss to swat Gaskill. But when Gaskill noticed Barrissβ Twitter account suddenly following him online, he tried to deflect the attack. Barriss says Gaskill allegedly dared him to go ahead with the swat, but then gave Barriss an old home address β which was then being occupied by someone else.</code><code>When Wichita police responded to the address given by Barriss, they shot and killed 28-year-old Andrew Finch, a father of two who had no party to the dispute and did not know any of the three men.</code><code>Both Viner and Gaskill have been charged with wire fraud, conspiracy and obstruction of justice. Barriss pleaded guilty in Nov. 2018 to a total of 51 charges brought by federal prosecutors in Los Angeles, Kansas and Washington, D.C. He has agreed to serve a sentence of between 20 to 25 years in prison. Barrris is slated to be sentenced on March 1, 2019.</code><code>Stewartβs attorney declined to comment. Lawyers assigned to Patel and Patten could not be reached for comment.</code><code>As the victim of a swatting attack in 2013 and several other unsuccessful attempts, I am pleased to see federal authorities continue to take this crime seriously. According to the FBI,β¦
β Phishing Campaign Delivers Nasty Ransomware, Credential-Theft Two-Punch β
π Read
via "Threatpost | The first stop for security news".
A spate of phishing emails with Word attachments deliver both the Gandcrab ransomware and Ursnif executable.π Read
via "Threatpost | The first stop for security news".
Threat Post
Phishing Campaign Delivers Nasty Ransomware, Credential-Theft Two-Punch
A spate of phishing emails with Word attachments deliver both the Gandcrab ransomware and Ursnif executable.
π Major vulnerability found in Android ES File Explorer app π
π Read
via "Security on TechRepublic".
Popular application ES File Explorer for Android has a significant vulnerability, putting your data at risk. Learn what's involved and how to remediate the threat.π Read
via "Security on TechRepublic".
TechRepublic
Major vulnerability found in Android ES File Explorer app | TechRepublic
Popular application ES File Explorer for Android has a significant vulnerability, putting your data at risk. Learn what's involved and how to remediate the threat.
β Threatpost News Wrap Podcast For Jan. 25 β
π Read
via "Threatpost | The first stop for security news".
From a massive GDPR fine on a big tech company, to an emergency government security alert, here are the top security stories of the week.π Read
via "Threatpost | The first stop for security news".
Threat Post
Threatpost News Wrap Podcast For Jan. 25
From a massive GDPR fine on a big tech company, to an emergency government security alert, here are the top security stories of the week.
π 5 ways to enforce company security π
π Read
via "Security on TechRepublic".
There are several actions companies can take to improve overall employee awareness about security. View the top five below.π Read
via "Security on TechRepublic".
TechRepublic
5 ways to enforce company security
There are several actions companies can take to improve overall employee awareness about security. View the top five below.
β LabKey Vulnerabilities Threaten Medical Research Data β
π Read
via "Threatpost | The first stop for security news".
LabKey Server version 18.3.0-61806.763, released on January 16, patches all three issues, so users should update as soon as possible.π Read
via "Threatpost | The first stop for security news".
Threat Post
LabKey Vulnerabilities Threaten Medical Research Data
LabKey Server version 18.3.0-61806.763, released on January 16, patches all three issues, so users should update as soon as possible.
π΄ Internet Society to Issue Privacy Code of Conduct π΄
π Read
via "Dark Reading: ".
Security pros know all too well that following basic privacy guidelines can cut down on human errors that can lead to serious security breaches.π Read
via "Dark Reading: ".
Darkreading
Internet Society to Issue Privacy Code of Conduct
Security pros know all too well that following basic privacy guidelines can cut down on human errors that can lead to serious security breaches.
β Monday review β the hot 24 stories of the week β
π Read
via "Naked Security".
From the US gov's emergency directive to the 10 Year Challenge, and everything in between. It's weekly roundup time.π Read
via "Naked Security".
Naked Security
Monday review β the hot 24 stories of the week
From the US govβs emergency directive to the 10 Year Challenge, and everything in between. Itβs weekly roundup time.
β YouTube subscribers getting spammed by celebrity imposters β
π Read
via "Naked Security".
YouTube personality Philip DeFranco warned that the messages pretending to be from him and other top influencers are scams.π Read
via "Naked Security".
Naked Security
YouTube subscribers getting spammed by celebrity imposters
YouTube personality Philip DeFranco warned that the messages pretending to be from him and other top influencers are scams.
β Even Microsoft canβt escape βreply allβ email storms β
π Read
via "Naked Security".
Of all the calamities that befall email users, few are more dreaded than the βreply allβ storm.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Twitter scammers jump in on real-time complaints to companies β
π Read
via "Naked Security".
βHi there,β said the polite (and fake) help desk, leading to a back-and-forth between a lying scammer and a lying security analyst.π Read
via "Naked Security".
Naked Security
Twitter scammers jump in on real-time complaints to companies
βHi there,β said the polite (and fake) help desk, leading to a back-and-forth between a lying scammer and a lying security analyst.
β BGP secure routing experiment ends in online row β
π Read
via "Naked Security".
An experiment to make the internet safer ended up breaking parts of it last week.π Read
via "Naked Security".
Naked Security
BGP secure routing experiment ends in online row
An experiment to make the internet safer ended up breaking parts of it last week.
β How to protect yourself this Data Privacy Day β
π Read
via "Naked Security".
Today is Data Privacy Day. We asked around at Sophos for some tips from people that live security day in and day out.π Read
via "Naked Security".
Naked Security
How to protect yourself this Data Privacy Day
Today is Data Privacy Day. We asked around at Sophos for some tips from people that live security day in and day out.
β How my Instagram account got hacked β
π Read
via "Naked Security".
After years of embarrassment, I'm finally ready to admit how and why my Instagram account got hacked.π Read
via "Naked Security".
Naked Security
How my Instagram account got hacked
After years of embarrassment, Iβm finally ready to admit how and why my Instagram account got hacked.
β WordPress Users Urged to Delete Zero-Day-Ridden Plugin β
π Read
via "Threatpost | The first stop for security news".
The development team of the vulnerable Total Donations plugin appears to have abandoned it, and did not respond to inquiries from researchers.π Read
via "Threatpost | The first stop for security news".
Threat Post
WordPress Users Urged to Delete Zero-Day-Ridden Plugin
The development team of the vulnerable Total Donations plugin appears to have abandoned it, and did not respond to inquiries from researchers.
π΄ 3 Ways Companies Mess Up GDPR Compliance the Most π΄
π Read
via "Dark Reading: ".
The best way to conform to the EU's new privacy regulation is to assume that you don't need to hold on to personal data, versus the opposite.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
β Active Scans Target Vulnerable Cisco Routers for Remote Code-Execution β
π Read
via "Threatpost | The first stop for security news".
Cyberattackers are targeting a pair of just-patched vulnerabilities that allow remote unauthenticated information disclosure leading to remote code-execution.π Read
via "Threatpost | The first stop for security news".
Threat Post
Active Scans Target Vulnerable Cisco Routers for Remote Code-Execution
Cyberattackers are targeting a pair of just-patched vulnerabilities that allow remote unauthenticated information disclosure leading to remote code-execution.