Bradley Barth SC Media | Page 2 of 29

Bradley Barth

Senior Reporter

Most recent articles by Bradley Barth

‘Dragonblood’ flaws in WPA3 protocol could help adversaries recover passwords

By

The WPA3 protocol and certification that was introduced last year to make Wi-Fi networks more secure was found to contain a series of vulnerabilities, including time- and cache-based side-channel flaws that could ultimately allow adversaries to recover passwords. Developed by the Wireless Security Alliance, WPA3 replaced the old standard’s Pre-Shared Key exchange with a Simultaneous Authentication…

hotel

Study: 67 percent of hotel websites grant third parties access to personal booking data, reservations

By

A study of more than 1,500 hotels in 54 countries found that 67 percent of their websites leak booking reference codes to third-party partners, allowing them to potentially access guests’ booking details and personal information. Such access could even enable the third parties to cancel individuals’ reservations if they so desired, according to Symantec Principal…

U.S. agencies issue report on Hidden Cobra threat group’s HOPLIGHT malware

By

The U.S. Department of Homeland Security and FBI have jointly released an official Malware Analysis Report detailing several variants of HOPLIGHT, a trojan malware program used by hackers from Hidden Cobra, an APT group that’s been widely linked to the North Korean government. Upon execution, HOPLIGHT allows attackers to collect victim machine information, connect to…

Researchers uncover new ‘TajMahal’ APT framework, plus a new Gaza Cybergang malware campaign

By

Researchers at Kaspersky Lab today issued a pair of reports, one revealing a newly discovered sophisticated APT framework and the other detailing the recent operations of the threat actor known as Gaza Cybergang Group1. Dubbed TajMahal, the APT framework is a fully loaded malicious toolset, replete with backdoors, loaders, orchestrators, C2 communicators, audio recorders, keyloggers,…

Intel addresses flaws found across four products

By

Intel has released a series of security updates and mitigation recommendations to address recently discovered vulnerabilities in four of its products, including two high-severity flaws. The Santa Clara, Calif.-based chip maker patched its Intel Media SDK product to fix CVE-2018-18094, a high-risk vulnerability in versions 2018 R2.1 and earlier that could allow authenticated users with…

Flame

Stuxnet research reveals possible 4th accomplice, newly discovered versions of Flame and Duqu malware

By

Recent research into old malware threats associated with the Stuxnet attacks against Iran’s nuclear program roughly one decade ago turned up several new discoveries, including a possible fourth collaborator in the clandestine operation, as well as previously unknown versions of Flame and Duqu malware. Today, Alphabet’s cybersecurity subsidiary Chronicle revealed the findings of its researchers…

Security update removes hard-coded credentials from MyCar Controls app

By

Motor vehicle technology and equipment provider AutoMobility Distribution Inc. has updated its MyCar Controls telematics mobile application for iOS and Android in order to eliminate the use of insecure hard-coded credentials. The MyCar app offers geolocation services as well as remote start/stop and lock/unlock capabilities to vehicles that come with a compatible remote start unit.…

patch flaw vulnerability

Samba updates eliminate pair of vulnerabilities

By

The development team behind Samba issued software updates yesterday in order to patch a pair of vulnerabilities in the free re-implementation of the SMB networking protocol. The first vulnerability, CVE-2019-3870, occurs in Samba versions 4.9.x upon the provisioning of a new Active Directory domain controller. During this process, some files in the private/ directory are…

FIN6 cybercrime actor adds ransomware to its repertoire

By

Traditionally associated with payment card theft, the cybercriminal group FIN6 has expanded its operations to apparently include ransomware attacks using the malicious encryption programs Ryuk and LockerGoga, according to researchers. Investigations by the FireEye Intelligence research team and the company’s Mandiant division have revealed that FIN6’s ransomware activity dates back to July 2018, and has…

Israel comes under cyber attack

Report: Israel examines hacker’s claim of voter registry breach

By

Israeli authorities are reportedly investigating a hacker’s claims on Twitter that he successfully breached the country’s voter registry in the days leading up to tomorrow’s 2019 legislative election. Nicknamed DarkCoder, the hacker contended in a Saturday tweet that he stole information on 6 million Israeli voters, even posting a picture displaying victims’ names identity numbers…

Next post in Security News