Bradley Barth SC Media
Bradley Barth

Bradley Barth

Senior Reporter

Most recent articles by Bradley Barth

Here are the hurdles that will face Biden’s new CISO

As the newly appointed CISO of Joe Biden’s presidential campaign, Chris DeRusha, former chief security officer with the State of Michigan, has fewer than four months to implement his cybersecurity vision before Election Day arrives — all in the midst of a pandemic that has altered the traditional way that campaigns traditionally operate. DeRusha will…

U.S. universities at risk of back-to-school and Covid-19 email fraud

The top 20 universities based in the U.S. are failing to implement proper DMARC protections and policies, opening the door for fraudsters to spoof their email domains and convincingly impersonate them at a time when students are likely expecting to receive a wealth digital communications related to back-to-school instructions, researchers warn. In particular, students and…

hacker in a hoodie

Unsealed indictment alleges Kazakh man is behind Fxmsp hacking group

Federal prosecutors have indicted Andrey Turchin, a 37-year-old citizen of Kazakhstan, on five criminal counts related to his alleged involvement in a financially motivated cybercriminal hacking collective known as Fxmsp that the Department of Justice says cost victims tens of millions of dollars. Turchin — who also individually goes by the alias Fxmsp — and…

Hidden purpose of Mac ‘ransomware’ EvilQuest is data exfiltration, say researchers

Researchers have developed a decryption tool for the recently discovered EvilQuest ransomware program designed to target Mac machines. But several analysts now concur that EvilQuest’s malicious encryption may be more of a decoy, while the program’s true purpose appears to be data exfiltration. In a new blog post this week, Thomas Reed, director of Mac…

15B credentials available on dark web; average selling price below $16

There are more than 15 billion stolen account credentials being sold or even shared for free on the dark web, with individual entries selling for an average of $15.43, a new research report states. Roughly one-third of the credentials, or about 5 billion, are unique, according to Digital Shadows, whose researchers reached these totals following…

BEC scams grow in complexity as Russian actors launch Cosmic Lynx operation

A newly reported and unusually sophisticated Business Email Compromise (BEC) operation may serve as a model for other cybercriminals looking to up their social engineering game and cash in on a lucrative illegal pastime. In a press release, blog post and detailed dossier (accessible via the blog post), researchers from Agari who discovered the operation…

Hackers for Charity

Exposed dating service databases leak sensitive info on romance-seekers

A series of database misconfigurations publicly exposed the personal information and private messages of more than 100 million dating website and mobile app account holders. Independent VPN review site WizCase has reported finding six separate dating sites or apps that each potentially compromised thousands of users due to improper data storage. According to WizCase researchers,…

LeBron James among the 1st stars to have their stolen law firm files put up for auction

The Sodinokibi/REvil ransomware gang has apparently made good on its threat to auction off files it lifted from celebrity law firm Grubman Shire Meiselas & Sacks. The group on July 1 reportedly placed legal documents corresponding to Nicki Minaj, Mariah Carey and LeBron James up for bid, with the starting price set at $600,000 per…

NetWalker ransomware group claims attack on Fort Worth transportation agency

Another Texas-based government institution may have fallen victim to ransomware actors. According to a reliable source, the cybercriminals behind the malicious encryptor NetWalker have published online evidence of an attack on Trinity Metro, a transit agency that operates bus and commuter rail transportation services in Fort Worth and its nearby Tarrant County suburbs. Trinity Metro…

Report accuses China of extensive mobile spyware use to track ethnic minority group

A new blog post and research report from the Lookout Threat Intelligence Team has exposed the lengths to which a reputed Chinese government-sponsored APT operation has allegedly gone to track the country’s Uyghur minority population, including the trojanization of mobile apps with surveillanceware. Lookout details four spyware families — SilkBean, DoubleAgent, CarbonSteal and GoldenEagle —…

Next post in APTs/cyberespionage