Bradley Barth SC Media | Page 3 of 29

Bradley Barth

Senior Reporter

Most recent articles by Bradley Barth

FIN6 cybercrime actor adds ransomware to its repertoire

By

Traditionally associated with payment card theft, the cybercriminal group FIN6 has expanded its operations to apparently include ransomware attacks using the malicious encryption programs Ryuk and LockerGoga, according to researchers. Investigations by the FireEye Intelligence research team and the company’s Mandiant division have revealed that FIN6’s ransomware activity dates back to July 2018, and has…

Israel comes under cyber attack

Report: Israel examines hacker’s claim of voter registry breach

By

Israeli authorities are reportedly investigating a hacker’s claims on Twitter that he successfully breached the country’s voter registry in the days leading up to tomorrow’s 2019 legislative election. Nicknamed DarkCoder, the hacker contended in a Saturday tweet that he stole information on 6 million Israeli voters, even posting a picture displaying victims’ names identity numbers…

Damages from ransomware attack on Norsk Hydro reach as high as $40M

By

Aluminum company Norsk Hydro has already lost as much as $40.6 million since it was attacked by LockerGoga ransomware on March 19, but at least most of its operations are back running at normal capacity, the company said in a news update yesterday. Most of the financial damage, which Hydro estimated at between 300 million…

Mozilla plugs two critical security holes in Thunderbird

By

The Mozilla Foundation yesterday issued a security update for its Thunderbird open-source email client, fixing two critical vulnerabilities involving its IonMonkey JavaScript JIT (just-in-time) compiler. The first of the two flaws, CVE-2019-9810, consists of incorrect alias information when using the Array.prototype.slice method, which could result in a missing bound check and buffer overflow. The second…

Locky Ransomware

Researchers: LockerGoga coding error can be exploited to prevent malicious encryption

By

The LockerGoga ransomware that’s been targeting industrial and manufacturing companies in early 2019 contains a coding error that could potentially be exploited to stop it from encrypting files, researchers say. The mistake pertains to how the malware handles .lnk file extensions, explains a March 25 blog post from threat management company Alert Logic, whose researchers…

Apple’s latest round of security updates includes 51 iOS fixes

By

Apple yesterday released software updates for seven of its products, fixing a broad range of vulnerabilities. Altogether, the company addressed 51 flaws in iOS, 38 in macOS Mojave, 36 in tvOS, 20 in iCloud for Windows, 20 in Safari, 18 in iTunes for Windows and one in Xcode. Some of the vulnerabilities overlapped between these…

Decryption tool created for ransomware designed to boost PewDiePie subscriptions

By

A PewDiePie fan has taken his admiration of the popular video game commentator a little too far, creating a ransomware designed to increase the YouTube star’s subscriber count. Fortunately, anti-malware company Emsisoft last week announced a new a decryption tool that restores machines infected by the unusual malware, named “PewCrypt.” On its website, Emsisoft describes…

Two U.S. chemical companies disclose cyberattack, LockerGoga suspected

By

Just days after a ransomware attack disrupted operations at Norwegian aluminium company Norsk Hydro, two U.S.-based chemical companies last Friday disclosed that they were affected by an unspecified network security incident that blocked access to certain IT systems and data. Reports suggest the incidents could be the work of LockerGoga, the same malicious encryption program that…

github_1439470

Paper: Leaked authentication secrets rampant across GitHub

By

An academic study of GitHub found that more than 100,000 of the web service’s code repositories contain publicly accessible authentication secrets such as API and cryptographic keys, while thousands of new secrets are leaked each day. North Carolina State University researchers Michael Meli, Matthew McNiece (also from Cisco Systems) and Bradley Reaves detail their findings…

Phishing scam stings Oregon Dept. of Human Services, compromises emails containing resident data

By

The Oregon Department of Human Services (DHS) was the victim of a phishing campaign earlier this year, resulting in a data breach that reportedly involves the records of up to 1.6 million state residents. According to a March 21 Oregon DHS press release, the incident took place last Jan. 8, when nine separate agency employees…

Next post in Security News