Charlie Osborne reports: A severe “hole” in the Qualcomm Secure World virtual processor, now patched, has been disclosed by researchers. According to cybersecurity researchers from Check Point, the Secure World safe compartment — used to house sensitive data in our mobile devices — could be exploited to leak financial information. Read more on ZDNet.
Category: Business Sector
UK Info Commish quietly urged court to swat away 100k Morrisons data breach sueball
Gareth Corfield reports: The UK’s Information Commissioner urged the Court of Appeal to side with Morrisons in the supermarket’s battle to avoid liability for the theft and leaking of nearly 100,000 employees’ payroll details – despite not having read the employees’ legal arguments. A letter (PDF) sent to the Court of Appeal in May 2018…
Prank Call Service PrankDial Exposed 138 Million Records Online
Jeremiah Fowler reports: On October 28th I discovered a non-password protected database that contained millions of log files. Upon further research, the records all contained information that identified PrankDial.com as the owner of the data. I immediately sent a responsible disclosure notice and the database was closed for public access shortly after. According to their…
Mexico’s Pemex Oil Suffers Ransomware Attack, $4.9 Million Demanded
Lawrence Abrams reports: Mexico’s state-owned oil company, Pemex, has suffered a DoppelPaymer ransomware attack that demanded $4.9 million USD in order to decrypt their files. On Sunday, November 10th, Pemex was hit with a ransomware attack that the company states affected less than 5% of their computers. Workers reported, though, that internal memos told them not to initially…
Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin
Brian Krebs reports: Orvis, a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on Pastebin.com for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator accounts and database servers, KrebsOnSecurity has learned. Orvis says the exposure was…
Major ASP.NET hosting provider recovering from ransomware attack
Catalin Cimpanu recently reported: SmarterASP.NET, an ASP.NET hosting provider with more than 440,000 customers, was hit yesterday by ransomware. The company is the third major web hosting firm this year that went down because hackers breached their network and encrypted data on customer servers. Read more on ZDNet. In an update yesterday, Duncan Riley reported…