Robert Abel SC Media

Robert Abel

Content Coordinator/Reporter

Most recent articles by Robert Abel

Researchers demo how machine learning can be used to track Gh0st RAT variants

By

Trend Micro researchers are proposing machine learning as a new way to combat threat actors using techniques including polymorphism, encryption, and obfuscation and other tactics to disguise their attacks. Researchers tested the theory by observing cluster network flows from Gh0st RAT variants in an effort to better spot network anomalies and intrusions and found that…

Bitcoin scammers impersonate Elon Musk, hack Target’s Twitter account

By

Scammers impersonating Elon Musk managed to hack the verified Twitter accounts of Target and several others in a cryptocurrency fraud scheme promising huge Bitcoin giveaways Tuesday morning. Hackers were briefly able to get ahold of the Target Twitter page for about a half hour when they used the big-box retailer’s account to promote “the biggest crypto-giveaway…

Plans include an open standard that would shrink users' dependency on passwords.

Biometrics and AI firm team up for first U.S. biometric database amidst criticism

By

Biometrics firm SureID and AI-startup firm Robbie.AI are teaming up to launch the first U.S. biometric database. SureID has a nationwide network of fingerprint enrollment kiosks while Robbie.AI uses technology to authenticate using AI-based facial recognition and behavioral prediction that could be combined to create a nationwide biometric databased for consumer focused initiatives, according to…

Adobe Utah facility

Recently patched Adobe ColdFusion bug exploited by Chinese APT

By

A suspected Chines APT group exploited the recently patched ColdFusion vulnerability in the wild by compromising a vulnerable ColdFusion server after directly uploading a China Chopper webshell. The targeted servers hadn’t been updated with the patch released just two weeks earlier. Volexity researchers observed the active exploitation of the newly patched CVE-2018-15961 flaw, a critical…

Companies, customers will avoid you after a breach, survey says

By

A recent study found customers would cease engaging with a brand after it experienced a breach and that overall, most respondents were unwilling to pay extra for the protection of their personal data. Ping Identity 2018 Consumer Survey: Attitudes and Behavior in a Post-Breach Era report found that following a breach, 78 percent of people…

Huntsville Hospital in Alabama notifies job applicants of data breach

By

Huntsville Hospital in Alabama is reporting the information of job applicants who applied to the facility may be at risk after a breach at a recruiting firm it uses. The hospital’s online application vendor Jobscience, a cloud computing firm that helps staffing and recruiting organizations, experienced a breach which could affect thousands across the country.…

WooCommerce WordPress flaw allowed unique privilege escalation, 4M users affected

By

A file deletion vulnerability in WordPress can be used to exploit millions of WooCommerce shops. WooCommerce is a free eCommerce WordPress plugin and the vulnerability allows shop managers to delete certain files on the server and then take over any administrator account, according to a RIPS Technology blog post. Shop managers are employees of the store…

Drone vulnerability could compromise enterprise data

By

Check Point Researchers developed an attack to hijack DJI drone user accounts that may contain the user’s sensitive information as well as access to the device itself. Researchers developed an XSS attack that could be posted on a DJI forum that is used by hundreds of thousands of DJI customers, to intercept the identifying token…

Secret Service warns of USPS ‘Informed Delivery’ scam

By

The U.S. Secret Service is warning of cybercriminals using the U.S. Postal Service (USPS) “Informed Delivery” feature to commit various identity theft and credit card fraud schemes. The features sends a scanned image of incoming mail to the recipients email address before it arrives later that day. An internal alert obtained by KrebsOnSecurity and sent by…

Oracle’s VirtualBox vulnerability leaked by disgruntled researcher

By

An independent researcher who was disgruntled with traditional bug bounty methods took it upon himself to leak the details of an exploit in Oracle’s Virtual Box without first informing Oracle. Sergey Zelenyuk discovered a flaw that would allow him to escape from the virtual environment of the guest machine to reach the Ring 3 privilege layer…

Next post in News