Cyber-bullied Footballer Donates Compensation to Charity

A Kittitian soccer player has made a charitable donation of the compensation he received after being racially abused on social media. 

Midfielder Romaine Sawyers, who is currently on loan at Stoke City Football Club from his parent club, West Bromwich Albion, was victimized by 50-year-old cyber-bully Simon Silwood of Kingswinford, West Midlands.

Silwood was arrested after posting a comment on a Facebook group in January 2021 that said that Sawyers should be awarded the “Baboon D’Or.” 

The comment was a racist pun based on the Ballon d’Or or Golden Boot, which is an annual award given to the world’s best footballer. 

Sawyers told Walsall Magistrates’ Court that reading Silwood’s comment has caused him to feel “harassed, alarmed and distressed.”

In a statement released earlier today, Sawyers said: “This is an incident that has affected me deeply, but I would like to encourage fellow players to report all racial abuse to the police.” 

Silwood claimed that he had written the word “buffoon” and autocorrect had changed it to “baboon,” but he was convicted of sending an offensive message under the Communications Act in a trial that ended on September 9.

Earlier today, a judge at Birmingham Magistrates’ Court sentenced Silwood to eight weeks in prison and ordered him to pay a £128 victim surcharge and a total of £1,000 in costs and compensation.

The judge told the court: “There is no place for racial abuse.”

Sawyers stated today that he has donated the compensation to a local West Midlands charity. He explained: “It is important to me to turn this negative experience into something positive.”

The 29-year-old footballer thanked the fan who came forward and reported the abuse and expressed his gratitude to the police who investigated the matter. 

Sawyers then called on social media companies to make a greater effort to keep racist abuse off their platforms. 

“It is widely accepted that social media companies must do more to stop the publication of racism on their platforms,” said Sawyers. “I again urge them to take the necessary action required to prevent anyone from receiving the abuse I experienced.”

West Bromwich Albion – the team supported by Silwood – have banned the convicted criminal from attending matches for the rest of his life.

Coast Guard is Commissioning Cyber Talent

The United States Coast Guard has launched a new program that gives cyber professionals the chance to become Coast Guard Cyber Officers. 

With the launch of the Direct Commission Cyber Officer (DCCO) program, the maritime security branch of the United States military is hoping to attract top cyber talent to work in cyberspace operations, information assurance, cyber threat intelligence, and cybersecurity.

The program is open to “high-performing cyber professionals” with “robust work experience” and “military members with cyber experience” who are aged between 21 and 40.

“We’re bringing them in under our direct commission engineer program, our IT paths and even into FY ’22, we’re creating direct commission for cyber opportunities,” said Rear Admiral Michael Ryan, commander of Coast Guard Cyber Command.

Speaking at a briefing that took place after the Joint Service Academy Cybersecurity Summit on September 23, Ryan said: “We’re grabbing our best and brightest and enlisted members and giving them the opportunity to join the officer ranks.” 

Applicants must be citizens of the United States and hold a valid security clearance. Candidates must be in good shape physically and mentally with a 2.5 GPA on a 4.0 scale and the ability to complete “a structured physical fitness program.”

The Coast Guard said: “New Coast Guard Cyber Officers will immediately put their skills to use in vital operational cyber missions providing a secure and functional network upon which all other Coast Guard missions rely, and ensure the protection of the Marine Transportation System from malicious Cyber Actors.

“Selectees will have a chance to become key resources in what has become the Coast Guard’s top emerging field, and will receive an initial assignment within the Coast Guard’s Operational Cyberspace Workforce.”

The DCCOs will complete a Direct Commission Officer (DCO) course in New London, Connecticut, that will last four to five weeks. There, they will receive “initial indoctrination to the traditions and programs of the service” and training on service-specific administration essentials.

“Following their initial assignment, DCCOs can anticipate broadening their experience within the cyber community, with increasing levels of leadership and management exposure with progression in rank,” said the Coast Guard.

Scammers Capitalize on Release of New Bond Movie

The long-awaited release of the new James Bond movie is being exploited by cyber-criminals, according to cybersecurity company Kaspersky

No Time to Die is actor Daniel Craig’s fifth and final fling with the internationally renowned 007 spy character created by author Ian Fleming. Bond first entered the public consciousness in 1952 with the publication of Fleming’s novel Casino Royale

The big-screen adaptation of Casino Royale, which came out in 2006, was the first James Bond film to star Craig in the title role. After a delay of nearly 18 months due to the COVID-19 pandemic, Craig’s last turn as the over-sexed Martini-drinking maverick MI6 spy is set to premiere today.

Cyber-criminals are taking advantage of the bigger than usual buzz around this particular Bond title by operating malicious pop-ups, digital adverts, and phishing websites dedicated to the new release.

To lure victims, scammers and criminals have been dressing up malicious movie files so that they appear to be a leaked copy of No Time to Die. In reality, the files contain unwanted software or malware. 

“With the premieres of new films and TV series moving online, this has fueled interest not only for cinephiles but also among scammers and fraudsters. Inevitably, such a long-awaited premiere as No Time to Die causes a stir,” said Kaspersky security expert Tatyana Shcherbakova.

“Users should be alert to the pages they visit, not download files from unverified sites, and be careful with whom they share personal information.”

In the lead-up to the film’s premier, Kaspersky researchers found and analyzed malicious files disguised as the new movie and movie-related phishing websites. They found Trojans, malicious programs that can give cyber-criminals backdoor access to a victim’s sensitive data.

Researchers also encountered adware, ransomware, and Trojan-PSW – stealers capable of gathering login credentials. 

Also doing the rounds were phishing websites set up to steal victims’ bank details. The sites play only part of the movie before asking the viewer to register and enter their credit card information.

“However, after registration is complete, the user can’t continue watching. Money is debited from their card and the payment data ends up in the fraudster’s hands,” warned researchers.

API Flaw Exposes Elastic Stack Users to Data Theft and DoS

Security researchers have disclosed a serious and wide-ranging API vulnerability stemming from the incorrect implementation of Elastic Stack, which could create serious business risk for customers.

Elastic Stack is a popular collection of open source search, analytics and data aggregation products, including Elasticsearch.

Salt Security claimed that nearly every provider customer is affected by the vulnerability — which relates to design implementation flaws rather than a bug in Elastic Stack code itself.

Its Salt Labs team first identified the issue in a large online B2C platform providing API-based mobile applications and SaaS offerings to millions of global users.

“The APIs contained a design flaw, and Elastic Stack was configured with implicit trust of front-end services by back-end services. As a result, we were able to query for unauthorized customer and system data,” Salt Labs said in a blog post.

“We were further able to demonstrate additional flaws that took advantage of this Elastic Stack design weakness to create a cascade of API threats, many of which correspond indirectly to items described in the OWASP API Security Top 10.”

These include excessive data exposure, security misconfiguration, exposure to injection attacks due to lack of input filtering, and lack of resources and rate limits.

Salt Labs said the data it could access from the B2C firm via exploitation of the flaw included customer account numbers and GDPR-regulated information.

The injection attacks made possible by the vulnerability could enable threat actors to launch DoS attacks, as well as data theft, it claimed.

“Our latest API security research underscores how prevalent and potentially dangerous API vulnerabilities are. Elastic Stack is widely used and secure, but Salt Labs observed the same architectural design mistakes in almost every environment that uses it,” said Roey Eliyahu, co-founder and CEO of Salt Security.

“The Elastic Stack API vulnerability can lead to the exposure of sensitive data that can be used to perpetuate serious fraud and abuse, creating substantial business risk.”

According to recent research from the company, global API attacks have soared by 348% in the past six months.