Bradley Barth SC Media | Page 72 of 73

Bradley Barth

Senior Reporter

Most recent articles by Bradley Barth

Patched bug could have allowed attackers to remotely disconnect PLC devices from ICS systems

Energy management and automation firm Schneider Electric updated its Modicon M221 programmable logic controller for industrial controls systems after researchers discovered a vulnerability that could allow attackers to remotely disconnect the device. The flaw, designated CVE-2018-7789, is classified as an improper check for unusual or exception conditions. While such conditions wouldn’t normally occur, attackers can deliberately trigger them by sending…

Mozilla Firefox update includes repair for critical memory safety bugs

The Mozilla Foundation on Wednesday issued updates for the classic Firefox web browser and its Extended Support Release, in the process fixing nine vulnerabilities, one deemed critical. Six of the nine errors were discovered in both Firefox and Firefox ESR, while the reminder were located in only the former. The most serious flaw, designated CVE-2018-12376,…

Diluted Freedom Act passes House to privacy advocates' dismay

Facebook and Twitter offer Senators progress report on efforts to thwart foreign influence campaigns

In a Senate Intelligence Committee hearing today, executives from Facebook and Twitter attempted to convince lawmakers that they have successfully stepped up efforts to combat foreign influencers’ attempts to abuse their platforms in order to spread disinformation and sow discord amongst democratic institutions. Facebook also fielded questions related to its oft criticized user data privacy practices, while Google invited scorn by…

Five Eyes nations push for access to encrypted content

Member countries of the Five Eyes signals intelligence alliance last week released a joint statement urging technology companies to voluntarily provide a mechanism for government authorities to review encrypted communications when investigating criminal and terror threats. Presenting a set of principles agreed to by the attorneys general and interior Ministers of the U.S., UK, Australia, Canada and New Zealand, the notification warns companies that…

Plaintiffs in Premera lawsuit allege insurance company willfully destroyed data breach evidence

Attorneys representing the plaintiffs in a federal class-action data breach lawsuit filed against Premera Blue Cross have entered a motion for sanctions against the health insurance organization for allegedly destroying key evidence in the case with willful intent. Filed on Aug. 30 in U.S. District Court in Portland, Ore., the motion claims Premera ordered the spoliation of…

Malware campaign infects thousands of Magento e-commerce sites

Over the last six months, a recently discovered, highly prolific payment card-scraping campaign managed to infect more than 7,000 online stores running on the open-source Magento e-commerce software platform. In an Aug. 30 blog post, Dutch security researcher Willem de Groot reported that the operation involved online payment skimming malware called MagentoCore. Of the 7,339…

APT10

CrowdStrike verifies portions of report linking APT10 activity to Chinese government actors

Researchers with CrowdStrike yesterday partially confirmed reports from the mysterious APT-hunting group Intrusion Truth, verifying several findings that allegedly draw connections between the threat group APT10 and a Chinese foreign intelligence agency. Over the previous two months, Intrusion Truth has issued multiple reports on the group, also known as Stone Panda, linking it to the Tianjin Bureau of China’s Ministry of State Security (MSS). In…

Android spyware BusyGasper has many features, but few known victims

A newly discovered mobile malware implant nicknamed BusyGasper might leave a few Android users breathless, if they knew about the unusual set of features the spyware uses to snoop on them. In an Aug. 29 blog post, Kaspersky Lab researcher Alexey Firsh reports that BusyGasper has existed since at least May 2016. But there’s a good reason it’s…

Next post in APTs/cyberespionage