Bradley Barth SC Media | Page 2 of 22

Bradley Barth

Senior Reporter

Most recent articles by Bradley Barth

Phishing emails imitate North American banks to infect recipients with TrickBot

By

An spam-based phishing campaign recently targeted North American banking customers with malicious Excel documents designed to infect victims with a new variant of the information-stealing TrickBot banking trojan, researchers reported earlier this week. The scam dates back to at least Jan. 27 and peaked in volume on Jan. 30, according a new blog post from…

Movie and TV-tracking service Trakt belatedly discovers 2014 breach

By

An unauthorized party illegally accessed data from TV and movie “scrobbling” service Trakt more than four years ago, but only now are users learning about it. The California-based company, which allows viewers to track the programs and films they watch, reportedly sent an email to its subscribers informing them that an unauthorized party used a…

Report: Chinese cyberspies hacked MSP, retailer and law firm in economic espionage campaign

By

The Chinese state-sponsored threat actor APT10 used stolen remote access software credentials to infiltrate the network of Norwegian managed services provider Visma last year, likely in an effort to launch secondary attacks against the MSP’s clients. An investigation into the cyber espionage campaign revealed that APT10, aka Stone Panda, used similar tactics to invade the…

Remote Desktop Protocol flaws could be exploited to attack RDP clients

By

A research firm has disclosed multiple vulnerabilities in the Remote Desktop Protocol that, if left unpatched, could allow compromised or infected machines to attack the RDP clients that remotely connect to them. In a blog post today, Check Point Software Technologies researcher Eyal Itkin refers to this scenario as a reverse RDP attack because the…

Phishing campaign targeted subscribers to Tibetan Government-in-Exile’s mailing list

By

Subscribers to a Tibetan Government-in-Exile mailing list were targeted in a recent email-based phishing campaign designed to infect them with a remote access trojan. Dubbed ExileRAT, the trojan is capable of gathering system information, retrieving and pushing files, and executing and ending various processes, according to a blog post from Cisco Systems’ Talos division, whose…

Apple releases iOS 8.0.2 to quell buggy update complaints

Apple’s Siri Shortcuts feature vulnerable to abuse, researchers warn

By

Siri Shortcuts, Apple’s recently introduced native feature for iOS 12, can potentially be abused by threat actors to deliver malware to unsuspecting mobile device users, researchers are warning. The tool allows users to quickly execute and automate multiple-step tasks with just a single tap or voice command. Device owners who download the Siri Shortcuts app…

California SIM swapping conviction reportedly may be a legal first

By

Prosecutors in California have reportedly won what they believe to be the first-ever conviction for the act of SIM hijacking. Joel Ortiz, a 20-year-old college student from Boston, pleaded guilty in a Santa Clara County courtroom last month to stealing over $5 million in cryptocurrency after taking over the phone numbers of roughly 40 individuals…

OceanLotus ATP group uses new Kerrdown downloader to deliver payloads

By

Researchers have discovered a previously unknown custom downloader family that reputed Vietnamese APT group OceanLotus has been using since at least early 2018 to infect victims with payloads such as Cobalt Strike Beacon. The ongoing campaign’s targets are either based in Vietnam or speak Vietnamese, which is in keeping with the m.o. of OceanLotus, which is known to…

We must protect this Houzz: Home improvement website discloses breach

By

Home improvement and design website Houzz has publicly disclosed a data breach after discovering late last year that an unauthorized third party had obtained a file containing user data. An FAQ page published on Houzz.com today says that the compromised information falls under three categories: Profile information such as names, addresses, countries and descriptions, but…

Wicked (dark web) wish list

By

The dark web can be a fairly lawless place, but even the most hidden corners of the darknet are not immune to the laws of supply and demand. Malware programs, cybercriminal services and stolen data can skyrocket in popularity on the underground market just as quickly as they can fall out of favor – same…

Next post in Cybercrime