Posts From CCME

The UK’s National Cyber Security Centre (NCSC) has teamed up with international allies to issue guidelines on how organizations can stay safe from malicious cyber-actors. The joint cybersecurity advisory “Technical Approaches to Uncovering and Remediating Malicious Activity” was published today

A third (33%) of companies in the digital supply chain expose unsafe network services to the internet, putting sensitive data at risk, according to a new report published today by RiskRecon and the Cyentia Institute. Following an assessment of millions

As of September, all publicly trusted TLS certificates must have a lifespan of 398 days or fewer. According to a statement from Apple from March, where it announced it was “reducing the maximum allowed lifetimes of TLS server certificates” as

Corporate CEOs could soon be personally liable if they fail to adequately secure IT systems connected to the physical world, Gartner has warned. The analyst firm predicted that as many as 75% of business leaders could be held liable by

Researchers discovered multiple vulnerabilities in the MAGMI Magento plugin that could lead to remote code execution on a vulnerable Magento site. Tenable published a research advisory for two vulnerabilities impacting the Magento Mass Import (MAGMI) plugin. The flaws were discovered

Although often relegated to the sidelines, the use of log files and the implementation of a strong log management strategy is vital for ensuring the performance and stability of business applications while also adding an additional layer of security through

The head of the US Cybersecurity and Infrastructure Security Agency (CISA) has been forced to deny Russian reports that US voter registration information has been circulating on the dark web. Russian newspaper Kommersant claimed in a story yesterday that a

Cisco warned users that the hackers actively exploited a bug in carrier-grade-routers, and it was a zero-day vulnerability affecting the Internetwork Operating System (IOS) that boats with its networking devices. The security experts termed the vulnerability as CVE-2020-3566, and it

Hackers breached Norway ‘s Parliament, Stortinget, and accessed to email for a small number of parliamentary representatives and employees. Norway’s parliament announced Tuesday that it was the target of a major cyber-attack that allowed hackers to access emails and data

A number of ministers have had their email accounts hacked in a cyber-attack on Norway’s parliament, the Storting. The Norwegian parliament’s director, Marianne Andreassen, confirmed that threat actors had targeted the parliament last week. “This has been a significant attack,”

Cybersecurity services company BlueVoyant has today announced a range of high profile appointments across its board of directors and advisory board. With immediate effect, Deborah Plunkett and Ariel Litvin have joined the firm’s board of directors while Ronald Moultrie has

The American Payroll Association (APA) has issued a data breach notification after being hit by a skimming attack. Threat actors installed skimming malware on both the login web page of the APA website and the checkout section of the association’s

Cyber-criminals are regularly mimicking the domain names of mainstream global brands to scam consumers, a practice known as cyber-squatting, according to a new study by Palo Alto Networks. It found that the types of domains most commonly impersonated for malicious

A suspected Iranian state-backed group appears to have been moonlighting to drive additional income, according to a new report from CrowdStrike. The security vendor claimed that the newly discovered Pioneer Kitten has been active since at least 2017 and is

Researchers from JPCERT/CC observed that the world’s most dangerous APT hackers attack Japanese organization with different malware for during and after the intrusion on the targeted network. Lazarus is also known as Hidden Cobra is a North Korean APT hacker

Wire transfer losses from Business Email Compromise (BEC) have soared by over 48% from the previous quarter to hit an average of more than $80,000, according to Agari. The security vendor’s findings were revealed in the latest Phishing Activity Trends