Bradley Barth SC Media

Bradley Barth

Senior Reporter

Most recent articles by Bradley Barth

High-volume eGobbler malvertising campaign exploits zero-day Chrome bug

By

A malicious actor has been leveraging a Google Chrome browser exploit to deliver malvertisements to iOS users, including a campaign earlier this month during which 500 million user sessions were exposed to a session hijacking attack. Dubbed eGobbler by researchers at Confiant, the threat actor from April 6-10 ran a massive operation consisting of eight…

Drupal releases correct four moderately critical third-party vulnerabilities

By

Drupal this week issued a series of security releases to fix four “moderately critical” vulnerabilities, three related to the content management system’s Symfony PHP web application framework and a fourth involving the jQuery project JavaScript library. The three Symfony issues consist of: A cross-site scripting bug caused by the failure of validation messages in the…

Facebook says it ‘unintentionally’ harvested 1.5M users’ email contacts via verification feature

By

Facebook has once again stoked controversy after the social media giant reportedly owned up to “unintentionally” collecting the email contacts of 1.5 million users without their consent. Business Insider revealed the company’s latest data mismanagement gaffe in an April 17 news report, after its staff members created a fake account and entered an email password…

Malware attack rains on Weather Channel’s parade, disrupts live broadcast

By

The Weather Channel is blaming a “malicious software” attack for knocking its live morning broadcast off the air for approximately one hour and 39 minutes today. “We experienced issued with this morning’s live broadcast following a malicious software attack on the network,” reads a tweet issued by the network earlier today. “We were able to…

‘Brazen’ nation-state actors behind ‘Sea Turtle’ DNS hijacking campaign

By

State-sponsored hackers are behind a large-scale DNS hijacking campaign that since January 2017 has been responsible for compromising at least 40 organizations across 13 countries, researchers from Cisco Talos have reported. Primarily targeting the Middle East and North Africa, the attackers are looking to harvest credentials that grant them access to sensitive networks belonging to…

Kaspersky Labs

European Commission: No evidence Kaspersky software is malicious

By

The European Commission yesterday acknowledged in a public document that it possesses no evidence to support the notion that software from Russia-based Kaspersky Lab software is malicious. The admission comes about 10 months after the European Parliament passed a resolution calling for the European Union to ban dangerous software, naming Kaspersky products as specific example.…

Report: Ecuadorian websites besieged by cyberattacks following Julian Assange’s arrest

By

Since Julian Assange’s arrest and removal from London’s Ecuadorian embassy last week, the websites of Ecuador’s public institutions have been subjected to roughly 40 million cyberattacks, Agence France-Presse reported yesterday. The attacks have primarily originated from the U.S., Brazil, Ecuador itself, and European nations including the Netherlands, Germany, Romania, France, Austria and the UK, said…

Ukraine-Map

Five-year cyber espionage campaign targeting Ukraine potentially linked to Luhansk People’s Republic

By

Researchers believe hackers from the breakaway Luhansk People’s Republic (LPR) may be behind a spear phishing-based malware campaign that’s been actively targeting the Ukrainian government. The researchers, from FireEye, disclosed their assessment following their investigation into a malware-laced email that they were able to tie back to a 2018 phishing campaign designed to to deliver…

Researchers disclose six privilege escalation bugs in Shimo VPN client

By

The Shimo VPN client for Mac systems contains six privilege escalation vulnerabilities that have yet to be patched by its developers, researchers from Cisco’s Talos division reported yesterday. Shimo is a product that allows users to connect multiple VPN accounts to a single application. Discovered by Cisco Labs researcher Tyler Bohan, all six flaws were…

Microsoft web mail services breached after support agent’s credentials are compromised

By

Hackers reportedly compromised a Microsoft Corp. support agent’s credentials, allowing them to gain unauthorized access to the company’s various web-based email services, including Outlook, MSN and Hotmail, for at least three months in 2019. This breach exposed not only information pertaining to certain customers’ email accounts, but also in some cases the content of the…

Next post in Security News