Bradley Barth SC Media | Page 55 of 59

Bradley Barth

Senior Reporter

Most recent articles by Bradley Barth

Apple updates guidelines for gov't, law enforcement data requests

Australian Apple hacker avoids jail, gets eight months probation

A Melbourne teenager who pleaded guilty in Australia’s Children’s Court to repeatedly hacking into Apple’s corporate systems because he admired the company was reportedly sentenced to eight months of probation and will avoid jail time. “Your offending is serious, sustained and sophisticated,” said the magistrate presiding over the case, according to The Age. “You knew…

Pair of surveys underscore importance of secure PKI in government, IoT

Both the federal government and Internet of Things manufacturers are facing key challenges and opportunities in regards to implementing secure Public Key Infrastructure practices for digital certificate management and encryption, according to a pair of newly published research reports. The first report, from machine identity protection company Venafi, reveals data compiled from a survey of 100 federal…

FancyBear APT

Seven additional modules make Fancy Bear’s VPNFilter malware even more versatile

Researchers have discovered seven additional third-stage modules in the VPNFilter malware that has been infecting hundreds of thousands of global networking devices in Ukraine and around the world since at least 2016. Believed to be the creation of Russian APT group Fancy Bear, VPNFilter remains a credible threat, despite recent efforts taken to expose the…

House committee leaders submit white paper urging U.S. to address AI security concerns

Artificial intelligence holds tremendous promise for technological innovation, but also presents grave privacy and security risks that necessitate government action, according to a new white paper issued today by two U.S. legislators. Rep. Will Hurd, R-Tex., and Rep. Robin Kelly, D-Ill., respectively the chairman and ranking member of the House Oversight and Government Reform Committee’s…

Turkey main

Attackers use evolved code injection technique to target Turkey with Adwind RAT

A new spam campaign that debuted last August is attempting to infect Turkish targets with the Adwind 3.0 remote access tool, using a previously undiscovered variant of a code injection attack that exploits Microsoft’s Dynamic Data Exchange (DDE) data transfer protocol. A key improvement to this variant is that it features new techniques to avoid anti-malware software…

DDoS attack on education vendor hinders access to districts’ online portals

Multiple school districts are reportedly suffering the effects of a denial of service attack perpetrated against Blaine, Minn.-based Infinite Campus, a third-party online services provider. As a result, district residents may be unable to reliably use services such as the “Parent Portal, through which teachers, parents and students can access information such as grades, class…

Twitter fixes API bug that shared data with wrong developers

Twitter on Friday disclosed that it fixed a bug in its Account Activity API (AAAPI) for app developers that may have mistakenly sent certain user data and content to the wrong developers who were not authorized to see this information. The AAAPI, which enables developers build tools that help customers communicate via Twitter, contained the…

Report: Microsoft misses disclosure deadline to patch RCE bug in JET

Trend Micro’s Zero Day Initiative (ZDI) team disclosed a still-unpatched remote code execution vulnerability in Microsoft’s JET Database Engine yesterday, claiming the software giant failed to fix the flaw within its 120-day disclosure window. Discovered by Trend Micro researcher Lucas Leong, the zero-day bug is an out-of-bounds write issue pertaining to the management of indexes within…

White House unveils initiatives to combat botnets

White House touts release of National Cyber Strategy

Eager to demonstrate a commitment to cybersecurity amidst criticisms over vulnerable election infrastructure, the White House yesterday unveiled its National Cyber Strategy. The plan is divided four “pillars” of strategy: protecting the homeland by fighting cybercrime and fortifying defenses, promoting American prosperity by adding cyber jobs and defending intellectual property, preserving peace through strength by…

Report: Hackers used data mining tool, network sniffer to steal Click2Gov information

The malicious actor behind a year-old campaign targeting the web payment portal Click2Gov appears to have been using a malicious webshell, data mining utility program and network sniffer to steal information from users, according to a new report from FireEye researchers. The researchers note that while the perpetrator’s tools and techniques are “generally consistent with other financially…

Next post in Security News