Bradley Barth SC Media

Bradley Barth

Senior Reporter

Most recent articles by Bradley Barth

Third decryption tool for GandCrab ransomware released to public

By

A new free decryption tool for counteracting the effects of GandCrab ransomware is now available to the public.  This latest decryptor is effective against versions 1, 4 and 5.x up through 5.1, which means GandCrab variants released as recently as October 2018 can now be defeated. The tool is the result of a collaborative effort…

‘Old Phantom Crypter’ supplants older Microsoft Office exploit builder tools

By

Out with the old, in with the… Old Phantom Crypter, which despite its name is actually a new Microsoft Office exploit builder that’s been surpassing its predecessors in popularity among the cybercriminal community. Gabor Szappanos, principal malware researcher at SophosLabs, described the ascendance of Old Phantom yesterday in a company blog post, which links to…

Ransomware attackers exploit old plug-in flaw to infect MSPs and their clients

By

Researchers are warning that hackers are exploiting a plug-in vulnerability to infect MSPs and their customers with GandCrab ransomware. The bug, CVE-2017-18362, dates back to 2017, and is found in unpatched versions of the ConnectWise ManagedITSync integration plug-in tool, explains a Feb. 8 blog post by Chris Bisnett, security researcher at Huntress Labs. This plug-in…

Flaw in runC could allow malicious containers to infect host environment

By

A vulnerability discovered in the runC container management tool has exposed multiple privileged container systems to a potential exploit through which attackers could allow malware to escape a container and compromise an entire host system. Designated CVE-2019-5736, the flaw allows attackers to use a malicious container to overwrite the host runC binary during the execution…

TrickBot variant steals credentials for remote computer access

By

The developers behind TrickBot have once again upgraded the information stealer’s malicious capabilities, this time creating a variant that swipes credentials for various remote access services. In a Feb. 12 company blog post, Trend Micro researchers Noel Anthony Llimos and Carl Maverick Pascual report that the new version targets passwords for Virtual Network Computing (VCN), PuTTY,…

Report: Details on 617 million user accounts up for sale on dark web

By

A dark web marketplace this week reportedly began selling stolen data linked to roughly 617 million user accounts from 16 different websites. The Register was first to report the incident, citing details provided by the seller, who has set up show on the Tor network-based site Dream Market cyber-souk. The affected online services consist of video messaging…

‘Clipper’ malware that alters crypto wallet addresses slips into Play Store

By

Google’s Play Store unknowingly hosted a fake cryptocurrency app that actually modifies users’ crypto wallet addresses once they’re copied to the clipboard, researchers are reporting. This Android-based “clipper” malware, as it’s called, secretly changes the wallet address to one hosted by the attackers, allowing them to steal victims’ digital coin transactions, explains ESET researcher Lukas…

Report: Apple demands companies obtain consent before recording users’ app sessions

By

Apple has reportedly issued an ultimatum to companies that rely on “session replay” tools to track the way users interact with their iPhone apps: disclose the practice and seek explicit consent for it, or be removed from the app store. Apple’s mandate comes after a TechCrunch report last Wednesday revealed that Air Canada, Hollister, Expedia,…

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple patches two flaws reportedly exploited in zero-day attacks; also nixes FaceTime eavesdropping bug

By

Apple yesterday released security updates for iOS and macOS Mojave, repairing four vulnerabilities, including two that a Google researcher says were exploited in the wild as zero days. The two exploited flaws consisted of memory corruption issues caused by insufficient input validation. The first, CVE-2019-7286, is a privilege escalation vulnerability in the Foundation framework that…

Next post in Security News