Bradley Barth SC Media

Bradley Barth

Senior Reporter

Most recent articles by Bradley Barth

Report: Microsoft misses disclosure deadline to patch RCE bug in JET

By

Trend Micro’s Zero Day Initiative (ZDI) team disclosed a still-unpatched remote code execution vulnerability in Microsoft’s JET Database Engine yesterday, claiming the software giant failed to fix the flaw within its 120-day disclosure window. Discovered by Trend Micro researcher Lucas Leong, the zero-day bug is an out-of-bounds write issue pertaining to the management of indexes within…

White House unveils initiatives to combat botnets

White House touts release of National Cyber Strategy

By

Eager to demonstrate a commitment to cybersecurity amidst criticisms over vulnerable election infrastructure, the White House yesterday unveiled its National Cyber Strategy. The plan is divided four “pillars” of strategy: protecting the homeland by fighting cybercrime and fortifying defenses, promoting American prosperity by adding cyber jobs and defending intellectual property, preserving peace through strength by…

Report: Hackers used data mining tool, network sniffer to steal Click2Gov information

By

The malicious actor behind a year-old campaign targeting the web payment portal Click2Gov appears to have been using a malicious webshell, data mining utility program and network sniffer to steal information from users, according to a new report from FireEye researchers. The researchers note that while the perpetrator’s tools and techniques are “generally consistent with other financially…

Mirai creators sentenced to probation after assisting FBI with cyber investigations

By

Three young men who developed and deployed the original Mirai IoT botnet malware were sentenced on Tuesday in an Alaskan federal court to five years probation – a lenient punishment earned through extensive cooperation with FBI on other cyber investigations. Paras Jha, 22, of Fanwood, N.J.; Josiah White, 21, of Washington, Penn.; and Dalton Norman,…

Report: Cryptomining malware detections up more than 459 percent since 2017

By

Detections of cryptomining malware has increased by 459 percent since last year, according to a new report released today by the Cyber Threat Alliance (CTA), citing statistics collected from several of its member companies. Titled “The Illicit Cryptocurrency Cyber Threat,” the report warns that this dramatic year-over-year rise is no fluke, noting that illegal mining activity will likely…

Senate building

Bill to codify DHS cyber program introduced into Senate after passing House

By

Two weeks after it passed the U.S. House of Representatives, a bill that would codify and modernize the Department of Homeland Security (DHS) Continuous Diagnostics Mitigation (CDM) cybersecurity program was introduced into the Senate. Known as the Advancing Cybersecurity Diagnostics and Mitigation Act, the legislation was originally proposed last July by Rep. John Ratcliffe, R-Tex., and ushered into…

Quirky Fbot IoT botnet kills rival, communicates via blockchain-based DNS

By

There’s an odd new addition to the extended family of Mirai-inspired IoT botnets, and so far its only obvious victim is a competing botnet whose malware is targeted for removal from any infected devices. Dubbed Fbot, the malware is also unusual because rather than using standard DNS to communicate with the command-and-control server, it instead…

applePatch

Apple issues updates for multiple operating systems, Safari browser

By

Apple yesterday released software updates for five of its offerings: Safari, ioS, watchOS, tvOS and Apple Support for iOS. The company fixed three vulnerabilities in Safari 12: a logic issue that could enable a malicious website to exfiltrate autofilled data (CVE-2018-4307), an error that prevents users from deleting their browsing history if their visits involved…

Iron Group suspected in creation of Xbash all-in-one malware

By

A threat actor has been targeting Windows and Linux servers with a self-propagating malware mash-up that’s comprised of botnet, ransomware, disk wiper, cryptomining and worm elements all in one. Researchers from Palo Alto Networks’ Unit 42 division have tied the malware, dubbed Xbash, to the APT actor known as Iron Group. The same group has previously…

Amazon Logo

Report: Amazon employees under investigation for allegedly sharing internal data with merchants

By

Online mega-retailer Amazon reportedly has launched an investigation into employees who may have accepted bribes from independent merchants in exchange for sharing private corporate data. Citing sellers and brokers with knowledge of the practice, as well as people familiar with Amazon’s investigations, the Wall Street Journal reported yesterday that data being shared in violation of…

Next post in Cybercrime