VMWare to Aquire Carbon Black

VMware has announced its intent to acquire Carbon Black. For those who aren't aware, Carbon Black is focused on endpoint security. This is certainly an interesting move, and it will be interesting to see how this all plays out (will VMWare leverage this to provide a complete solution to customers?).

Further details at https://www.scmagazine.com/home/security-news/vmware-to-acquire-carbon-black/.

Lenovo Software Privilege Escalation

In another case of software installed by a vendor onto laptops which allows for compromise of said laptop due to vulnerabilities in the software, this time by Lenovo. This has been given the CVE CVE-2019-6177. Kudos to Pen Test Partners for the great work they are doing and for finding this.

Further details at https://www.theregister.co.uk/2019/08/23/lenovo_solution_centre_cve_2019_6177/.

Turns out some works at a Ukrainian nuclear power plant connected systems from the power plant to the Internet. Why? So that they could mine crypto-currency. This is not being taken lightly by the Ukrainian authorities, the Ukrainian Secret Service (SBU) is leading the investigation into this incident.

Further details at https://www.zdnet.com/article/employees-connect-nuclear-plant-to-the-internet-so-they-can-mine-cryptocurrency/