Bradley Barth SC Media | Page 3 of 66

Bradley Barth

Senior Reporter

Most recent articles by Bradley Barth

Cisco repairs 12 bugs in its Data Center Network Manager

Cisco Systems this month issued six security advisories disclosing a total of 12 vulnerabilities the Data Center Network Manager, three of them critical. Designated CVE-2019-15975, CVE-2019-15976 and CVE-2019-15977, the three most serious flaws could enable unauthenticated, remote attackers to bypass authentication measures and execute malicious actions with admin-level privileges. Collectively, the trio of vulnerabilities were…

New Magecart skimmers practice steganography, data transfer via WebSocket

A researcher has discovered a pair of new Magecart-style web skimmers, each one featuring an evasion technique that’s not typically employed by this breed of malware: steganography and the transfer a data via the WebSocket protocol. The researcher, who uses the handle @AffableKraut, posted his two findings on Twitter last month, prompting the team from…

Travelex sidelines online financial services following malware discovery

Foreign exchange financials company Travelex has suspended its UK-based digital services offline since New Year’s Eve, following the discovery of an undisclosed malware program. As of Jan. 3 at 11:30 a.m. ET, the London-based company remains unable to conduct monetary transactions via its website or app. Services are still being conducted manually, however. “We have…

Ransomware attack on maritime facility prompts Coast Guard warning

The U.S. Coast Guard last month issued a safety bulletin following a ransomware attack that impaired both the IT systems and industrial control systems of a facility regulated by the Maritime Transportation Security Act (MTSA), and prompted a 30-hour operational shutdown. The ransomware program, identified as Ryuk, was delivered via a phishing email containing a…

Attackers sink their meathooks into Landry’s restaurants’ payment card data

The Houston-based steakhouse, restaurant and hospitality company Landry’s, Inc. has advised customers of a point-of-sale malware attack that stole payment card data from an order-entry system used to process kitchen and bar orders. According to a company breach notification, Landry’s food and beverage locations typically use point-of-sale terminals featuring end-to-end encryption technology that protects the…

Two information-disclosing bugs found in Twitter Android

In the span of five days, reports of two Twitter Android app vulnerabilities have surfaced: one that could cause attackers to view nonpublic account information or control accounts, and another that reportedly allowed a researcher to look up details on 17 million accounts. In a Dec. 20 blog post, Twitter noted that it issued an…

Rising sea and spam levels? Emotet campaign uses Greta Thunberg as lure

An Emotet banking trojan phishing campaign was spotted using the name of activist Greta Thunberg as a lure to target individuals concerned with climate change. The attackers behind the campaign recently sent out fake invitations to a nonexistent “climate crisis” demonstration supposedly led by the young Swedish activist, who was named Time’s 2019 Person of…

Phishing operation picking on Canadian banks since at least 2017

Researchers recently discovered a large-scale phishing email operation that has been targeting primarily customers of Canadian banking chains since at least 2017. The emails generally attempt to trick recipients into revealing their credentials on a phishing page that utilizes a lookalike domain and impersonates a log-in screen. Researchers with Check Point Software Technologies uncovered the…

Over 100 apps found to serve unwanted ads using ‘Soraka’ SDK

More than 100 Android applications that were downloaded over 4.6 million times via the Google Play Store were found to contain malicious code that delivers unwanted, out-of-context (OOC) advertisements to users. The code, a software development kit called Soraka, typically delivers its first OOC ad just after a device is unlocked, according to a new…

2019 Tech advances

Giant leaps, small steps It’s an unfortunate fact that no security firm came up with a silver bullet to protect endpoints, the cloud, networks, IoT and mobile devices from cyberattack, but that doesn’t mean there were no technological advances made.SC Media reached out to several industry insiders to see which 2019 advances they thought deserved…

Next post in Features