Bradley Barth SC Media
Bradley Barth

Bradley Barth

Senior Reporter

Most recent articles by Bradley Barth

Adobe eliminates 11 critical bugs in Acrobat, Reader

For the August edition of Patch Tuesday, Adobe Systems today supplied fixes for 26 vulnerabilities — 11 critical — in Acrobat and Reader and one in its image organization and manipulation software Lightroom Classic. Nine of the 11 critical flaws can result in arbitrary code execution. Two are caused by out-of-bounds write conditions (CVE-2020-9693, CVE-2020-9694), five are…

Stricken electronics firms weigh reward, cost of paying ransom

Garmin reportedly paid cyber extortionists millions of dollars for access to a decryptor so that the company could restore its services to customers following a July 23 WastedLocker ransomware attack. Meanwhile, a separate ransomware outfit this week reportedly leaked sensitive data lifted from LG and Xerox’s internal networks after attempted negotiations with the two tech…

What security functions should small medical providers outsource?

Strapped for cybersecurity resources, small and medium-size health care providers should outsource electronic medical record (EMR) maintenance, Payment Card Industry (PCI) compliance and threat intelligence gathering to third-party service providers, but risk assessment must still be handled internally, according to Mitchell Parker, CISO at Indiana University Health. Lamenting the recent scourge of ransomware and data…

‘We want to have more protection’: Arrested pen testers push for Good Samaritan law

Prosecutors dropped felony criminal charges against a pair of ethical pen testers arrested while assessing the security of an Iowa courthouse. But the the two men are not ready move on just yet. Coalfire employees Gary DeMercurio, managing senior, and Justin Wynn, senior security consultant, lobbied Wednesday at the virtual Black Hat conference for a…

Media companies need to lock down content systems as fake news invades

Social media companies have started to become more efficient at recognizing and taking down fake accounts designed to spread fake news and propaganda. But operators of traditional media websites and other digital platforms that regularly publish vital news information to the public may also want to train themselves be on the lookout for disinformation secretly…

Adobe mends critical code execution flaws in Magento

Adobe this week released a security update fixing four vulnerabilities – two critical – in its Magento Commerce 2 and Magento Open Source 2 e-commerce platforms. The two most significant bugs are identified as a path traversal flaw (CVE-2020-9689) and a Security Mitigation bypass (CVE-2020-9692), both of which can result in arbitrary code execution. The first issue is credited was reported by…

Botnet abuses Docker servers and crypto blockchain to deliver Doki backdoor

As user organizations move more of their business infrastructure off premises, cybercriminals become increasingly motivated to target Linux-based cloud environments, including Docker servers with misconfigured API ports. And while cryptojacking schemes comprise some of the more conventional varieties of these Linux-based malware attacks, researchers have just disclosed the discovery of a Docker container attack that…

Next post in Malware