Bradley Barth SC Media | Page 3 of 23

Bradley Barth

Senior Reporter

Most recent articles by Bradley Barth

Phishing campaign targeted subscribers to Tibetan Government-in-Exile’s mailing list


Subscribers to a Tibetan Government-in-Exile mailing list were targeted in a recent email-based phishing campaign designed to infect them with a remote access trojan. Dubbed ExileRAT, the trojan is capable of gathering system information, retrieving and pushing files, and executing and ending various processes, according to a blog post from Cisco Systems’ Talos division, whose…

Apple releases iOS 8.0.2 to quell buggy update complaints

Apple’s Siri Shortcuts feature vulnerable to abuse, researchers warn


Siri Shortcuts, Apple’s recently introduced native feature for iOS 12, can potentially be abused by threat actors to deliver malware to unsuspecting mobile device users, researchers are warning. The tool allows users to quickly execute and automate multiple-step tasks with just a single tap or voice command. Device owners who download the Siri Shortcuts app…

California SIM swapping conviction reportedly may be a legal first


Prosecutors in California have reportedly won what they believe to be the first-ever conviction for the act of SIM hijacking. Joel Ortiz, a 20-year-old college student from Boston, pleaded guilty in a Santa Clara County courtroom last month to stealing over $5 million in cryptocurrency after taking over the phone numbers of roughly 40 individuals…

OceanLotus ATP group uses new Kerrdown downloader to deliver payloads


Researchers have discovered a previously unknown custom downloader family that reputed Vietnamese APT group OceanLotus has been using since at least early 2018 to infect victims with payloads such as Cobalt Strike Beacon. The ongoing campaign’s targets are either based in Vietnam or speak Vietnamese, which is in keeping with the m.o. of OceanLotus, which is known to…

We must protect this Houzz: Home improvement website discloses breach


Home improvement and design website Houzz has publicly disclosed a data breach after discovering late last year that an unauthorized third party had obtained a file containing user data. An FAQ page published on today says that the compromised information falls under three categories: Profile information such as names, addresses, countries and descriptions, but…

Wicked (dark web) wish list


The dark web can be a fairly lawless place, but even the most hidden corners of the darknet are not immune to the laws of supply and demand. Malware programs, cybercriminal services and stolen data can skyrocket in popularity on the underground market just as quickly as they can fall out of favor – same…

No news on if Iran will retaliate yet...

Researchers: Remexi spyware campaign targeted diplomatic institutions based in Iran


A cyberespionage campaign targeted Iranian IP addresses late last year, with the goal of infecting victims with an updated version of Remexi backdoor malware, researchers have reported. Some of these IP addresses belong to foreign diplomatic entities located within Iran’s borders. Remexi is typically associated with a reputed Iranian APT group known as Chafer. Its…

Possible ransomware attack disturbs Altran Technologies’ European operations


French engineering research and consulting firm Altran Technologies disclosed this week that a Jan. 24 cyberattack impacted its operations in certain European countries. In response to the incident, the company immediately shut down its IT network and all applications,” the company said in a press release issued on Monday. Altran’s statement was short on specifics,…

Video platform Dailymotion takes steps to contain credential stuffing attack


Attackers have launched an ongoing credential stuffing campaign against the online video streaming service Dailymotion, compromising the data of an unspecified number of users in the process. A property of French media and entertainment company Vivendi SA, Paris-based Dailymotion said in a Jan. 25 press alert that its technical teams “successfully contained” the attack “following…

Hundreds of Delaware residents among the victims of BenefitMall breach


Delaware’s Department of Insurance announced yesterday that 650 residents and five companies located within the state were impacted by a 2018 data breach of BenefitMall, a third-party HR services administrator for health insurance companies. It was originally back on Jan. 4, 2019, that BenefitMall, aka Centerstone Insurance and Financial Services, publicly disclosed a “data security…

Next post in Data Breach