Bradley Barth SC Media | Page 70 of 80

Bradley Barth

Senior Reporter

Most recent articles by Bradley Barth

Attackers exploit GDPR compliance plug-in for WordPress

A WordPress plug-in that’s supposed to help with GDPR compliance contains a dangerous privilege escalation vulnerability that attackers have been actively exploiting to compromise websites. Known as the WP GDPR Compliance plug-in, the software module helps ensure compliance with Europe’s General Data Protection Regulation by providing tools through which site visitors can permit use of their…

Google’s first Android security transparency report highlights dangers of third-party app stores

Android users who download from Google Play are less likely to install potentially harmful apps than those who download from unofficial third-party stores, according to the inaugural edition of Google’s quarterly Android Ecosystem Security Transparency Report. The data published in the online report last Thursday was collected from users who enabled the Google Play Protect…

Report: NIST to use IBM’s Watson AI system to score vulnerabilities

The U.S. National Institute of Standards and Technology (NIST) reportedly plans to replace its method of scoring publicly disclosed vulnerabilities with a new automated process leveraging IBM’s Watson artificial intelligence system. The agency expects Watson to supplant its current Common Vulnerability Scoring System (CVSS) process for most bugs by October 2019, according to a report…

A flaw that allowed users to break through the passcode screen was eliminated in iOS 7.0.2.

Group FaceTime for iOS exposes users’ full contact info

A researcher has apparently found a way to exploit the new Group FaceTime feature in iOS 12.1 in order to access iPhone users’ contact information. The Hacker News has reported that Spanish researcher Jose Rodriguez made the discovery just hours after the release of version 12.1 last Oct. 31, and subsequently created a video of his…

WirelessRouter2

IoT botnet BCMUPnP_Hunter targets routers with vulnerable UPnP feature

A large-scale botnet malware operation has been targeting router equipment running vulnerable versions of the Broadcom Universal Plug and Play (UPnP) feature. Active since at least September 2018, malicious campaign appears to be infecting devices for the likely purpose of converting them into spam bots, according to a blog post yesterday from researchers at Qihoo’s…

Cisco fixes two critical bugs, recommends workaround for a third

Cisco Systems yesterday issued 17 security advisories, disclosing vulnerabilities in multiple products, including at least three critical flaws. One of them, a privileged access bug found in seven models of its Small Business Switches, has not yet been patched, but the company has recommended a workaround to limit its potential for damage. Designated CVE-2018-15439 with…

StatCounter platform compromised to infect gate.io exchange with bitcoin-stealing code

A malicious actor compromised the platform of leading web analytics firm StatCounter in a supply chain attack that targeted the cryptocurrency exchange gate.io with a bitcoin-stealing script. Outside of gate.io, none of the other two million-plus websites using StatCounter’s metrics services appear to have been affected by the malicious JavaScript, even if they downloaded it. That’s because the…

Spyware disguised as Spanish banking apps removed from Google Play

A spyware program fraudulently disguised as a Spanish-language banking app was found last month collecting users’ device data and messages, which were later leveraged in smishing schemes. Advertised as “Movil Secure,” the fake app pretends to be associated with multinational Spanish banking group Banco Bilbao Vizcaya Argentaria (BBVA). Published on Oct. 19, the app was discovered by Trend…

Winnti trojan may help set stage for Skeleton Key attacks, analysts say

Encryption flaws in solid state drives enable unauthorized data access

Researchers from Radboud University Nijmegen in the Netherlands yesterday disclosed a pair of vulnerabilities in the hardware full-disk encryption mechanisms of self-encrypting solid state drives (SSDs) from Samsung and Crucial. The flaws are present in both internal and external storage devices from these manufacturers, and even affect Microsoft Windows environments that use BitLocker for full-disk…

Report: ‘Trump’ most common spam term during run-up to elections

The president himself may not be up for election in 2018, yet “Trump” is the most common term used in election-themed spam campaigns, according to a new report from Proofpoint.  Starting Sept. 27, Proofpoint researchers searched its spam filters for subject lines and email bodies containing various political terms, candidates and power players. In a…

Next post in Cybercrime