Category: Kamban

Microsoft has fixed a known issue preventing the Microsoft Photos app from starting on some Windows 11 22H2 and 23H2 systems. The bug only appears after updating to Microsoft Photos app version 2024.11050.29009.0 and above via the Windows Store (on or after June 4, 2024). “On launching the app, it might display a spinning circle,…

Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments. Tracked as CVE-2024-20401, this arbitrary file write security flaw in the SEG content scanning and message filtering features is caused by an absolute path traversal weakness…

Microsoft says the Windows 11 2023 Update has entered the broad deployment phase and is now available to all seekers on eligible systems. Also known as Windows 11 23H2, this latest release will now be offered to all Windows devices not configured to defer feature updates and unaffected by compatibility holds. “Windows 11, version 23H2,…

We’re now more than halfway through 2024, and it’s clear that the year is already shaping up to set new records for ransomware, with a wide range of high-profile organizations coming under attack. Therefore, it’s more important than ever for businesses to ensure they have the right tools in place to protect against these threats.…

The notorious FIN7 hacking group has been spotted selling its custom “AvNeutralizer” tool, used to evade detection by killing enterprise endpoint protection software on corporate networks. FIN7 is believed to be a Russian hacking group that has been active since 2013, initially focusing on financial fraud by hacking organizations and stealing debit and credit cards.…

Microsoft is rolling out inbound SMTP DANE with DNSSEC for Exchange Online in public preview, a new capability to boost email integrity and security. As the Exchange team explained on Wednesday, DNS-based Authentication of Named Entities (DANE) for SMTP and Domain Name System Security Extensions (DNSSEC) work together to defend against downgrade and man-in-the-middle (MiTM)…

Cisco has fixed a maximum severity vulnerability that allows attackers to change any user’s password on vulnerable Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers, including administrators. The flaw also impacts SSM On-Prem installations earlier than Release 7.0, known as Cisco Smart Software Manager Satellite (SSM Satellite). As a Cisco Smart Licensing component,…

A threat actor has leaked a database containing the personal information of 442,519 Life360 customers collected by abusing a flaw in the login API. Known only by their ’emo’ handle, they said the unsecured API endpoint used to steal the data provided an easy way to verify each impacted user’s email address, name, and phone…

As the landscape of modern work changes, with its distributed teams and quickly evolving cloud-based technologies, maintaining access controls is an increasingly Sisyphean task. The process of achieving and maintaining IT compliance certifications is the perfect microcosm of this challenge: The work involved in identifying and designating assets as “in scope” for each regulation has…