Bradley Barth SC Media

Bradley Barth

Senior Reporter

Most recent articles by Bradley Barth

My kingdom for a decryptor! Ransomware creates ticketing snafu for N.J. Shakespeare theater

The Shakespeare Theatre of New Jersey was forced to cancel a performance of “A Christmas Carol” earlier this week after a ransomware attack disrupted its database and ticketing system, causing a show reservations nightmare. Performances of the show, which run through Dec. 29, are now back underway. However, the ransomware has disabled the company’s online…

Company sued for allegedly hijacking Facebook accounts to serve ads

In a lawsuit filed yesterday, Facebook is accusing a Hong Kong-based company of infecting individuals with malware in order to hijack their Facebook ad accounts and run malicious advertisements at their expense. The Menlo Park, Calif.-based social media company filed the legal documentation in a San Francisco federal court against ILikeAd Media International Company Ltd.,…

U.S. charges alleged members of “Evil Corp” cybercrime group for Zeus and Dridex campaigns

The U.S. today announced legal and regulatory action against the powerhouse cybercriminal group Evil Corp, filing hacking and bank fraud charges against two of its suspected members. Authorities are also offering a $5 million bounty for information leading to the arrest or conviction of one of the group’s alleged masterminds, 32-year-old Maksim Yakubets of Moscow,…

talkingonaphone

Sprint contractor reportedly stored non-Sprint customers’ phone bills on open server

Hundreds of thousands of cell phone bills and other documents belonging to AT&T, Verizon and T-Mobile customers were reportedly exposed after a Sprint contractor left them sitting on an open public server. The documents had been collected and stored in the first place as part a marketing effort to persuade subscribers of rival carrier services…

Cookie leak allows white-hat researcher to access HackerOne vulnerability reports

Bug bounty platform provider HackerOne Tuesday disclosed that one of its own security analysts mistakenly sent a session cookie to a white-hat researcher on Nov. 24, allowing the researcher to take over the analyst’s account and access vulnerability reports on a number of companies. The researcher, known in the HackerOne community as haxta4ok00, promptly reported…

Phishing scam uses fake giveaways to lure in Steam gaming service users

Cybercriminals are reportedly attempting to trick users of the Steam video game digital distribution service into visiting a phishing site that pretends to give away new game skins, but actually steals login credentials. Researcher “nullcookies” first reported the fraudulent giveaway promotion in a Twitter post late last month. BleepingComputer followed up on the post and…

Magecart skimmer group guns for Smith & Wesson’s Black Friday sales

The e-commerce website of weapons manufacturer Smith & Wesson has been targeted by a Magecart payment card-skimming group that’s been using lookalike domain names to impersonate payment anti-fraud company Sanguine Security. The Smith & Wesson website was compromised with a JavaScript-based skimmer last Wednesday, Nov. 27 – in time to steal card information for any…

Data breach more than 4X worse than first thought for Montgomery County schools

What at first looked like a single data breach affecting Montgomery County Public Schools (MCPS) in Maryland turned out to be a series of breaches that impacted thousands of more students than was originally reported. On Oct. 4, 2019, MCPS disclosed that a district student had one day earlier allegedly executed a brute-force credentials-stealing attack…

Exploited Android flaw ‘StrandHogg’ enables phishing overlays, malicious permissions

Attackers have been actively exploiting an Android vulnerability that allows malicious apps to display dangerous permission requests and phishing overlays under the guise of a legitimate app. Dubbed StrandHogg (an old Norse Viking term), the flaw resides in Android’s taskAffinity control setting, and can be successfully abused without having to first gain root access, according…

Data breach reportedly affects over 20M users of Mixcloud streaming service

An unauthorized party illegally accessed systems belonging to British online audio streaming service Mixcloud and is now reportedly selling the company’s user data on the dark web. Roughly 20 million to 22 million accounts were compromised in the November incident, according to multiple media organizations that were contacted by the malicious hacker late last week.…

Next post in Cybercrime