Bradley Barth SC Media | Page 4 of 83
Bradley Barth

Bradley Barth

Senior Reporter

Most recent articles by Bradley Barth

Phishing campaign targets remote workers with fake voicemail notifications

Looking for new angles to socially engineer employees working from home under COVID-19 conditions, attackers have devised a new phishing campaign that distributes emails that look as if they were generated by  Private Branch Exchange (PBX), a legacy technology that integrates with employees’ email clients so they can receive their voicemail recordings. In a company…

Cisco security advisories address 47 flaws, three critical

Cisco Systems on Wednesday, June 3 released a series of security advisories addressing a total of 47 vulnerabilities, including three critical bugs that were found and fixed in IOS or IOS EX software. Among the most series flaws is a privilege escalation vulnerability in the authorization controls of the IOx application hosting infrastructure in Cisco IOS XE…

UCSF, Conduent are latest to suffer the slings and arrows of ransomware

Academic health research institution the University of California, San Francisco and business process services company Conduent have emerged as two of the latest prominent victims of organized ransomware attacks. UCSF was targeted by the NetWalker (aka MailTo) ransomware group, as evidenced by a post on the cyber gang’s data leak website, while it was the Maze…

‘Enterprise-grade’ BazarBackdoor malware delivered via spear phishing emails

Researchers have uncovered a new “enterprise-grade” backdoor malware program that they say shares code with the notorious modular banking trojan TrickBot and is used to gain unauthorized access to and compromise corporate networks. Dubbed BazarBackdoor, the malware has been distributed via spear phishing campaigns that leverage a variety of lure topics, including customer complaints, coronavirus-related…

New ransomware trends spotted: Auctioning stolen files, cybergangs joining forces

The tactics of human-operated ransomware campaigns continue to escalate. Victims who previously feared having their their systems disrupted, their files encrypted and their data stolen and published online may now face another ultimatum: Pay up or have your data auctioned off to the highest bidder. That’s the latest threat from the Sodinokibi/REvil gang, which announced…

OMB: Federal agencies reported 8 percent fewer cybersecurity incidents in FY 2019

A new report issued by the U.S. Office of Management and Budget (OMB) says federal agencies reported eight percent fewer cybersecurity incidents in fiscal year 2019, compared to 2018 — an improvement it attributes to the recent “maturation of agencies’ information security programs.” High-value IT assets (HVAs) remain a work in progress, however: In FY…

malware under the magnifying glass

Malware in GitHub-hosted projects designed to spread among open-source developers

Twenty-six open-source projects hosted on GitHub repositories were found to be infected with malware and capable of serving up weaponized code to potential developers in a potential supply chain attack, the GitHub Security Lab has disclosed. An investigation into the incident turned up what GitHub described as a first: “malware designed to enumerate and backdoor…

VMware advisory warns users to patch critical issue in product

VMware discloses important local privilege escalation bug found in 3 products

VMware’s latest security advisory discloses three vulnerabilities spread out among five products. The most significant of this trio is an “important” time-of-check time-of-use (TOCTOU) flaw in the service opener of Fusion, VMRC and Horizon Client that can be locally exploited to escalate privileges to root. Officially designated CVE-2020-3957, the bug was assigned a CVSSv3 base score of…

‘Sandworm Team’ hackers from Russia are exploiting Exim, warns NSA

The U.S. National Security Agency on Thursday issued an advisory alleging that hackers from Russia’s Main Intelligence Directorate (GRU) have been actively exploiting a remote code execution vulnerability in Exim Mail Transfer Agent (MTA) software, found in Unix-based systems. Researchers and analysts reacting to the agency’s warning say the announcement is an important reminder that…

Next post in Security News