Category: Kamban
VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest. The most severe flaw patched today is CVE-2024-22267, a use-after-free flaw in the vbluetooth device demoed by the STAR Labs SG and Theori teams. “A malicious actor with local administrative privileges on…
Read More
As part of the 2024 Women of the Channel, CRN is highlighting 100 women at solution provider organizations whose insight and influence in their respective companies help drive channel success. CRN’s Women of the Channel list is an annual honoring of the impressive accomplishments of women within the channel. The Solution Provider Power 100, which…
Read More
Google has released emergency security updates for the Chrome browser to address a high-severity zero-day vulnerability tagged as exploited in attacks. This fix comes only three days after Google addressed another zero-day vulnerability in Chrome, CVE-2024-4671, caused by a use-after-free weakness in the Visuals component. The latest bug is tracked as CVE-2024-4761. It is an…
Read More
A new package mimicked the popular ‘requests’ library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks. Discovered by Phylum, the campaign involves several steps and obfuscation layers, including using steganography in a PNG image file to covertly install the Sliver payload on…
Read More
Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks. In security advisories published today, Apple once again said they’re aware of reports that this vulnerability “may have been actively exploited.” The flaw is a memory corruption issue in Apple’s RTKit real-time…
Read More
The Federal Communications Commission (FCC) has named its first officially designated robocall threat actor ‘Royal Tiger,’ a move aiming to help international partners and law enforcement more easily track individuals and entities behind repeat robocall campaigns. Royal Tiger, a group of bad actors operating from India, the United Kingdom, the United Arab Emirates, and the…
Read More
A cybercriminal using the name “salfetka” claims to be selling the source code of INC Ransom, a ransomware-as-a-service (RaaS) operation launched in August 2023. INC has previously targeted the U.S. division of Xerox Business Solutions (XBS), Yamaha Motor Philippines, and, more recently, Scotland’s National Health Service (NHS). Simultaneously with the alleged sale, the INC Ransom operation is undergoing changes that…
Read More
Since April, millions of phishing emails have been sent through the Phorpiex botnet to conduct a large-scale LockBit Black ransomware campaign. As New Jersey’s Cybersecurity and Communications Integration Cell (NJCCIC) warned on Friday, the attackers use ZIP attachments containing an executable that deploys the LockBit Black payload, which encrypts the recipients’ systems if launched. The LockBit…
Read MoreSince April, a new large-scale LockBit Black ransomware campaign has sent millions of phishing emails via the Phorpiex botnet. As New Jersey’s Cybersecurity and Communications Integration Cell (NJCCIC) warned on Friday, the attackers use ZIP attachments containing an executable that deploys the LockBit Black payload, which encrypts the recipients’ systems if launched. The LockBit Black encryptor…
Read More
Thorbecke most recently worked for well-being platform maker Virgin Pulse as it completed a $3 billion merger. ConnectWise has tapped Rik Thorbecke, an executive who most recently worked for well-being platform maker Virgin Pulse as it completed a $3 billion merger, as its new chief financial officer. Thorbecke, who assumes his role on Monday and…
Read More