Bradley Barth SC Media | Page 87 of 89
Bradley Barth

Bradley Barth

Senior Reporter

Most recent articles by Bradley Barth

Imaginary patch? SCADA software company reportedly never actually fixed RCE bug despite issuing update

A vulnerability that was supposedly patched last January in the Advantech WebAccess SCADA software solution for IoT environments was never actually fixed, according to a new report, and as a result the product remains susceptible to remote code execution from unauthenticated attackers. What’s worse, a proof-of-concept exploit for this vulnerability has been publicly available since…

Apache Struts exploit found in Mirai variant may signify shift in attack strategy

Researchers for the first time have discovered a variant of the Mirai Internet of Things botnet that targets an vulnerability found in unpatched versions of the open-source Apache Struts web app development platform. That bug is none other than the infamous CVE-2017-5638, a remote code execution flaw that was exploited in the Equifax data breach, according to…

New Fallout exploit kit peppers malvertising victims with GandCrab, SmokeLoader malware

Attackers are leveraging a newly discovered exploit kit in an international malvertising campaign that’s been observed delivering GandCrab ransomware and the SmokeLoader malicious downloader, as well as engaging victims in social engineering scams. Nicknamed Fallout, the kit exploits a remote code execution vulnerability in outdated versions of the Windows VBScript engine and an arbitrary code…

ProtonVPN and NordVPN reinforce incomplete patch for code execution bug

Two OpenVPN-based virtual private network clients have reportedly updated their software after a researcher discovered that a previous attempt to patch an arbitrary code execution vulnerability was not entirely effective. According to Cisco Systems’ Talos division, the bugs in Switzerland-based ProtonVPN (CVE-2018-4010) and Panama-based NordVPN (CVE-2018- 3952) can allow attackers in Windows environments to use…

Patched bug could have allowed attackers to remotely disconnect PLC devices from ICS systems

Energy management and automation firm Schneider Electric updated its Modicon M221 programmable logic controller for industrial controls systems after researchers discovered a vulnerability that could allow attackers to remotely disconnect the device. The flaw, designated CVE-2018-7789, is classified as an improper check for unusual or exception conditions. While such conditions wouldn’t normally occur, attackers can deliberately trigger them by sending…

Mozilla Firefox update includes repair for critical memory safety bugs

The Mozilla Foundation on Wednesday issued updates for the classic Firefox web browser and its Extended Support Release, in the process fixing nine vulnerabilities, one deemed critical. Six of the nine errors were discovered in both Firefox and Firefox ESR, while the reminder were located in only the former. The most serious flaw, designated CVE-2018-12376,…

Diluted Freedom Act passes House to privacy advocates' dismay

Facebook and Twitter offer Senators progress report on efforts to thwart foreign influence campaigns

In a Senate Intelligence Committee hearing today, executives from Facebook and Twitter attempted to convince lawmakers that they have successfully stepped up efforts to combat foreign influencers’ attempts to abuse their platforms in order to spread disinformation and sow discord amongst democratic institutions. Facebook also fielded questions related to its oft criticized user data privacy practices, while Google invited scorn by…

Five Eyes nations push for access to encrypted content

Member countries of the Five Eyes signals intelligence alliance last week released a joint statement urging technology companies to voluntarily provide a mechanism for government authorities to review encrypted communications when investigating criminal and terror threats. Presenting a set of principles agreed to by the attorneys general and interior Ministers of the U.S., UK, Australia, Canada and New Zealand, the notification warns companies that…

Plaintiffs in Premera lawsuit allege insurance company willfully destroyed data breach evidence

Attorneys representing the plaintiffs in a federal class-action data breach lawsuit filed against Premera Blue Cross have entered a motion for sanctions against the health insurance organization for allegedly destroying key evidence in the case with willful intent. Filed on Aug. 30 in U.S. District Court in Portland, Ore., the motion claims Premera ordered the spoliation of…

Next post in Cybercrime