Posts From CCME
Researchers devised a new technique to hide malware in the security Intel SGX enclaves, making it impossible to detect by several security technologies. Security researchers devised a new technique to hide malware in the security Intel SGX enclaves. Intel Software
Dark Web Seller Remove Listings after Data Dump
The dark web seller identified as gnosticplayers on Dream Market has removed all listings that were previously up for sale, which reportedly included upwards of 620 million account records. “All my listings have been removed, to avoid them being bought
Expert discovered a privilege escalation vulnerability in default installations of Ubuntu Linux that resides in the snapd API. Security researcher Chris Moberly discovered a vulnerability in the REST API for Canonical’s snapd daemon that could allow attackers to gain root
UK Firms Are Drowning in Breaches
The vast majority of UK businesses have suffered data breaches over the past 12 months, many of them multiple times, according to new research from Carbon Black. The endpoint security vendor’s second UK Threat Report is based on interviews with
A major cyber-attack has hit email provider VFEmail in what the company is calling a “catastrophic attack,” which has destroyed all data in the US, including backups. The company issued an alert via its website and social media accounts on
620 million accounts stolen from 16 hacked websites (Dubsmash, Armor Games, 500px, Whitepages, ShareThis) available for sale on the dark web The Register revealed in exclusive that some 617 million online account details stolen from 16 hacked websites are available
Enterprises have been urged to patch a serious flaw in runc, the default runtime for Docker and Kubernetes, and ensure they have SELinux enabled. Aleksa Sarai — one of the maintainers for runc — made the initial announcement on Tuesday,
“The security discussion starts with risk, but what has become very apparent at the board level is that most don’t really understand what’s in front of them.” These were the words of Ali Neil, director international security, Verizon, speaking at
The 0patch experts released a micropatch to address an in Adobe Reader zero-day that allows maliciously PDF docs to call home and send over the victim’s NTLM hash. The 0patch experts released a micropatch to address a zero-day vulnerability in
Gootkit: Unveiling the Hidden Link with AZORult
Cybaze-Yoroi ZLAB revealed interesting a hidden connection between the AZORult toolkit and specific Gootkit payload. Introduction In the last days, a huge attack campaign hit several organizations across the Italian cyberspace, as stated on bulletin N020219 the attack waves tried
Phishing, Humans Root of Most Healthcare Attacks
Across healthcare organizations in the US, malicious actors are successfully leveraging phishing attacks to initially gain access to networks, according to findings from the 2019 HIMSS Cybersecurity Survey published by the Healthcare Information and Management Systems Society (HIMSS). The study,
Information Warfare a Top Cyber-Threat in 2019
Predicting threats that are yet to come is always tricky, but a new report published by Booz Allen, 2019 Cyberthreat Outlook, identifies eight key threats to watch as the year advances. In addition to combing through thousands of intelligence reports
Experts from Safety Detective discovered thousands of refrigeration systems made by Resource Data Management (RDM) exposed to remote attacks. Thousands of instances of a temperature control system made by Resource Data Management (RDM) are exposed to remote attacks because they
Google has released a new extension for Chrome dubbed Password Checkup that will alert users if their username/password combinations were leaked online as part of a dump after a data breach. Last week Google released Password Checkup a Chrome extension
Mumsnet Privacy Snafu Exposes User Info
Mumsnet has suffered a serious data leak affecting potentially thousands of users after a software glitch during an IT system migration to the cloud. Justine Roberts, founder and CEO of the popular parenting forum, explained in a blog post late
Converged IT and OT to Advance Security Maturity
The convergence of IT, operational technology (OT) and industrial internet of things (IIoT) has raised concerns about cybersecurity, safety and data privacy for many organizations, according to a new Ponemon Institute study. Released today in partnership with TUV Rheinland OpenSky,