Bradley Barth SC Media | Page 58 of 84
Bradley Barth

Bradley Barth

Senior Reporter

Most recent articles by Bradley Barth

Researchers: LockerGoga coding error can be exploited to prevent malicious encryption

The LockerGoga ransomware that’s been targeting industrial and manufacturing companies in early 2019 contains a coding error that could potentially be exploited to stop it from encrypting files, researchers say. The mistake pertains to how the malware handles .lnk file extensions, explains a March 25 blog post from threat management company Alert Logic, whose researchers…

Decryption tool created for ransomware designed to boost PewDiePie subscriptions

A PewDiePie fan has taken his admiration of the popular video game commentator a little too far, creating a ransomware designed to increase the YouTube star’s subscriber count. Fortunately, anti-malware company Emsisoft last week announced a new a decryption tool that restores machines infected by the unusual malware, named “PewCrypt.” On its website, Emsisoft describes…

Two U.S. chemical companies disclose cyberattack, LockerGoga suspected

Just days after a ransomware attack disrupted operations at Norwegian aluminium company Norsk Hydro, two U.S.-based chemical companies last Friday disclosed that they were affected by an unspecified network security incident that blocked access to certain IT systems and data. Reports suggest the incidents could be the work of LockerGoga, the same malicious encryption program that…

github_1439470

Paper: Leaked authentication secrets rampant across GitHub

An academic study of GitHub found that more than 100,000 of the web service’s code repositories contain publicly accessible authentication secrets such as API and cryptographic keys, while thousands of new secrets are leaked each day. North Carolina State University researchers Michael Meli, Matthew McNiece (also from Cisco Systems) and Bradley Reaves detail their findings…

Phishing scam stings Oregon Dept. of Human Services, compromises emails containing resident data

The Oregon Department of Human Services (DHS) was the victim of a phishing campaign earlier this year, resulting in a data breach that reportedly involves the records of up to 1.6 million state residents. According to a March 21 Oregon DHS press release, the incident took place last Jan. 8, when nine separate agency employees…

Despite arrests, FIN7 launched 2018 attack campaigns featuring new malware

Even after several alleged members were arrested last year, FIN7 continues to show signs of life, as evidenced by the recent discovery of an administration panel tool called “Astra” and two new malware samples used in campaigns by the cybercriminal group in 2018. Researchers from Flashpoint who uncovered the threat observed Astra-related activity from May…

The DOJ to investigate Uber breach

Report: Uber employee used data-scraping tool to gather info on Australian competitor

An Uber employee used a data-scraping tool to round up online data concerning an Australian competitor in order to poach drivers from its business, according to a report this week from ABC News in Australia. Reportedly created in 2015, the tool, called Surfcam, was previously reported to have been used against a rival ride-service company…

Facebook patches denial-of-service flaw in its open-source Fizz TLS implementation

Facebook last month patched a critical denial-of-service vulnerability in Fizz, its open-source implementation for Transport Layer Security protocol TLS 1.3, researchers have reported. Unauthenticated remote attackers could exploit the flaw to create an “infinite loop,” causing the web service to be unavailable for other users and thus disrupting service, according to a March 19 blog…

Mozilla’s latest Firefox releases fix 22 vulnerabilities

The Mozilla Foundation yesterday issued version 66 of Firefox and 60.6 of Firefox Extended Support Release (ESR), in the process patching 22 vulnerabilities between them, five of them critical. Four of the five most severe flaws were found in both the standard and ESR versions of the web browser. This includes CVE-2019-9790, a use-after-free vulnerability…

Next post in Vulnerabilities