Bradley Barth SC Media

Bradley Barth

Senior Reporter

Most recent articles by Bradley Barth

Remcos RAT campaign delivers new variant using AutoIt wrapper

Researchers have discovered a new Remcos RAT campaign that uses an AutoIt wrapper to deliver a previously unknown variant featuring new obfuscation and anti-debugging techniques. Trend Micro uncovered the threat last July after encountering a phishing email that was disguised as an order notification, but actually contained an attachment that delivered the RAT. “The email…

Cracked.to hacking forum user data breached and leaked by rivals

Hacking online forum Cracked.to last July suffered a data breach at the hands of one of its rival communities, resulting in the compromise of roughly 321,000 members, breach reference website site “Have I Been Pwned?” reported this week. The breach resulted in a public doxxing that exposed a database containing 749,161 email accounts, as well…

Researcher details decades-old design flaws in Microsoft’s CTF protocol

Google Project Zero researcher Tavis Ormandy yesterday disclosed a series of 20-year-old flaws in Microsoft’s CTF protocol that could allow unauthorized parties to take over applications that use said protocol. According to Ormandy’s blog post and technical analysis, the flaw is specifically found in the msctf subsystem, which is a component of the Text Services…

Varenyky malware records porn on screen, distributes sextortion spam

A cybercriminal operation that’s been targeting France since May is attempting to distribute malware capable of recording the screens of victims who visit pornographic websites. In other cases, the malware sends out spam emails that merely intend to trick victims into believing their web sessions were recorded while they watched porn, even though they were…

Cisco issues multiple product updates, fixes critical flaws in small business switches

Cisco Systems issued a series of security updates on Aug. 6 and 7, in the process disclosing 26 vulnerabilities, including two critical ones found in its Small Business 220 Series Smart Switches. The two most serious bugs consist of a remote code execution flaw (CVE-2019-1913) and an authentication bypass vulnerability (CVE-2019-1912) in the aforementioned switches,…

trojanhorse_1032765

Trojanized apps containing ad fraud malware downloaded 102M times

Two related ad fraud malware programs, recently discovered in 34 trojanized Android applications, have already been downloaded roughly 102 million times from the Google Play store, researchers reported. Dubbed Android.Click.312.origin and Android.Click.313.origin, the malicious clicker trojans appear to be designed primarily to sign users up for paid premium services without their consent, according to a…

leakingData social

Report: SEC looking into First American Financial Corp.’s leaky website

First American Financial Corp. is reportedly the subject of a U.S. Securities and Exchange Commission investigation, following the discovery of a website defect that left 885 million documents exposed to the public. Earlier this year, the financial services company’s website was found to have allowed anyone with a web browser and a URL for a…

Apple to expand bug bounty program, offer researchers access to iOS, iPhones

Apple is drastically overhauling its bug bounty program, eliminating its invitation-only status, increasing its rewards, expanding it to include MacOS and other operating systems, and even agreeing to supply qualified researchers with special iPhones that are easier to probe for vulnerabilities. Apple’s head of security engineering Ivan Krstic announced these changes last week at the…

Saefko RAT peeks at browser histories to help adversaries form optimal attack plan

Researchers have discovered a new remote access trojan that rummages through an infected device’s Chrome browser history to determine which websites the user has visited, allowing adversaries to formulate an optimal attack strategy based on that information. Dubbed Saefko, the RAT looks for at least 70 different websites affiliated with credit cards, at least 26…

Next post in Security News