Bradley Barth SC Media | Page 3 of 45

Bradley Barth

Senior Reporter

Most recent articles by Bradley Barth

Visa contactless hack takes a million units of any foreign currency

Flaws in Visa contactless cards allow for bypass of anti-fraud checks, researchers warn

Researchers say they discovered a technique for exploiting Visa contactless cards that could allow attackers to bypass certain a pair of anti-fraud “payment checks” that normally require a purchaser’s verification. Positive Technologies researchers Leigh-Anne Galloway and Tim Yunusov successfully tested the exploit on five major banks in the U.K., according to a company blog post…

Capital One breach exposes not just data, but dangers of cloud misconfigurations

The massive Capital One data breach that compromised the personal information of 100 million credit card customers and applicants serves as a stark reminder that misconfigurations and malicious insiders can defeat the most well-intentioned cyber defenses, even when companies rely on a third-party cloud service to securely manage their data. In the case of Capital…

Over 200M devices affected by critical flaws found in real-time operating system

VxWorks, a real-time operating system (RTOS) that runs on more than 2 billion devices — many in industrial, health-care and enterprise environments — has been found to contain 11 vulnerabilities, six of which are critical flaws that enable remote code execution. Around 200 million devices are running the vulnerable versions of the RTOS, according to…

USA Freedom Act foiled by Senate Republicans

Report: Russian-sponsored hackers could have modified U.S. voter data, but didn’t

Russian state-sponsored cyber actors “conducted an unprecedented level of activity against state election infrastructure in the run-up to the 2016 U.S. elections,” the U.S. Senate Select Committee on Intelligence concludes in the first volume of its report on Russia’s efforts to interference in America’s most recent presidential election. Released yesterday, volume one focuses specifically on…

antivirus

Researchers disclose five unpatched bugs in Comodo Antivirus

Researchers at Tenable have disclosed five unpatched vulnerabilities in Comodo Antivirus, which reportedly will be patched by Monday of next week. The most significant of the zero-days appears to be CVE-2019-3969, a local privilege escalation condition that results from an flawed verification mechanism in the CmdAgent.exe process file. “A local process can bypass the signature…

Study: Ransomware generates most interest among underground forum users

An analysis of 3.9 million online posts published on underground forums found that ransomware, crypters and trojans were the most frequently referenced categories of malware and malicious tools – an indication of their popularity among forum visitors and potential cybercriminals. Web shells, remote access trojans, adware, computer viruses, FUD (fully undetectable) crypters, exploit kits and rootkits – in that…

Senate building

Sen. Hyde-Smith blocks 3 security bills on same day Mueller warns of Russian meddling

On the same day that former U.S. special counsel Robert Mueller publicly testified that Russia is actively taking measures to interfere with America’s 2020 elections, Sen. Cindy Hyde-Smith, R-Miss., blocked the passage of three bills designed to boost the security of elections or the federal government. Yesterday, the senator rejected two separate bills (1, 2),…

FTC levies historic fine on Facebook for privacy violations

The U.S. Federal Trade Commission today announced that it has penalized Facebook $5 billion as punishment for what it described as deceptive privacy practices, and imposed new restrictions on the social media giant. Facebook likewise announced that it has agreed to the terms of the deal. In conjunction, the Department of Justice officially filed a…

Sophisticated Android spyware toolset ‘Monokle’ linked to sanctioned Russian defense contractor

A company that was sanctioned by the U.S. government for allegedly helping Russia interfere with the 2016 elections has developed an advanced set of offensive spyware tools with functionality that researchers claim they have never before witnessed in real-life attack campaigns. Dubbed Monokle, the spyware toolset was actually developed as far back as 2015, according…

Next post in APTs/cyberespionage