Bradley Barth SC Media | Page 2 of 15

Bradley Barth

Senior Reporter

Most recent articles by Bradley Barth

Australian flag

Australia passes law forcing tech giants to circumvent encryption on target devices

By

Australia’s parliament on Thursday passed groundbreaking legislation that instructs tech developers to help law enforcement investigations by intercepting the encrypted communications of suspects’ devices. Known as the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, the law contains language requiring companies in some cases to build new capabilities to decrypt protected communications if…

DanaBot banking trojan adds sly spam feature, distributes GootKit malware

By

The DanaBot banking trojan is branching out into new territories, adding email address harvesting and spam distribution to its bag of tricks, while apparently partnering with the actors behind GootKit, another banking malware program. In a company blog post today, researchers at ESET said they observed DanaBot’s sudden evolution while investigating a September 2018 campaign that…

Adobe fixes zero-day Flash bug after attackers target Russian clinic with exploit

By

Adobe Systems today issued an emergency security update for Flash Player following the discovery of a critical vulnerability that attackers were actively exploiting in a Nov. 29 phishing operation targeting a Russian state health care institution. The zero-day arbitrary code execution exploit was specifically employed against Moscow-based “Polyclinic No. 2” of the Administrative Directorate of…

The Chaos Computer Club (CCC) became the first group to bypass Apple's Touch ID.

Fake fitness apps steal money using Apple’s Touch ID feature

By

Apple has removed a pair of fake fitness apps from its App Store after they tricked users into making expensive purchases via the Touch ID biometrics feature. Named the “Fitness Balance app” and “Calories Tracker app,” the two malicious programs cleverly instruct victims to scan their fingerprints in order to view their personalized calorie tracker and…

Flowers

Bloom is off the rose: Canadian 1-800-FLOWERS operation discloses four-year breach

By

The Canadian retail operations of 1-800-FLOWERS has disclosed a four-year data breach affecting customers who purchased goods on its website, warning that payment card data was exposed. The company 1873349 Ontario, Inc., which owns www.1800Flowers.ca, acknowledged the incident in a breach notification to impacted consumers, which was filed with the California attorney general’s office on Nov. 30.…

Rhode Island’s Thundermist health center struck by ransomware

By

Thundermist Health Center in Woonsocket, R.I., was victimized by a ransomware attack that disrupted its systems on Thursday morning. Amanda Barney, associated VP of communications and development said that the health care center acted promptly to protect patient and employee data, local news affiliate WPRI reported. As of Thursday evening, there is no evidence that any…

Pied Piper phishing scheme infests victims with FlawedAmmyy, RMS RATs

By

The cybercriminal threat group TA505 is a key suspect in an ongoing phishing campaign that’s been attempting to infect victims with the FlawedAmmyy and Remote Manipulator (RMS) remote access trojans. Dubbed Pied Piper, the campaign was observed targeting a supplier to several well-known food chains, including Godiva Chocolates, Yogurtland and Pinkberry, according to a Nov. 29 blog…

Phishing campaign spreading CARROTBAT dropper focuses on cryptocurrency, Korean interests

By

A phishing campaign targeting the Korean peninsula is using a malicious dropper called CARROTBAT to deliver decoy documents and secondary payloads such as remote access trojans to its victims. Dubbed Fractured Block, the campaign began last March, but has noticeably picked up steam in the last three months, according to a blog post by Josh…

Inspector General’s report documents security flaws at Arizona Medicare MCOs

By

A recent risk assessment of information systems at two Arizona-based Medicaid managed care organizations turned up 19 vulnerabilities, according to a new report from the Department of Health and Human Services Office of the Inspector General. Collectively, the flaws were related to remote network access (2), password and login controls (2), physical security controls (1), network…

DHS algorithm to assess federal agencies’ cyber posture

By

Federal agencies are reportedly feeding data into a special algorithm introduced by the  Department of Homeland Security (DHS) in order to assess their cyber posture scores. This Agency-Wide Adaptive Risk Enumeration (AWARE) algorithm should go into full production by fiscal year 2020, news outlet GCN reported yesterday, citing a public presentation yesterday by DHS Continuous…

Next post in News