Category: Kamban
QNAP has released security patches for a second zero-day bug exploited by security researchers during last week’s Pwn2Own hacking contest. This critical SQL injection (SQLi) vulnerability, tracked as CVE-2024-50387, was found in QNAP’s SMB Service and is now fixed in versions 4.15.002 or later and h4.15.002 and later. The zero-day flaw was patched one week…
Read More
The North Korean state-sponsored hacking group tracked as ‘Andariel’ has been linked to the Play ransomware operation, using the RaaS to work behind the scenes and evade sanctions. A report from Palo Alto Networks and its Unit 42 researchers claims that Andariel might be either an affiliate of Play or acting as an initial access broker…
Read More
A new version of the FakeCall malware for Android hijacks outgoing calls from a user to their bank, redirecting them to the attacker’s phone number instead. The goal of the latest version remains to steal people’s sensitive information and money from their bank accounts. FakeCall (or FakeCalls) is a banking trojan with a focus on…
Read More
CRN staff compiled the top partner-friendly products that launched or were significantly updated over the last year. Now it’s up to solution providers to choose the winners. Application Performance and Observability As more applications run in hybrid-cloud and multi-cloud environments, maintaining application performance has becoming a more complex task. Application performance management and observability tools…
Read More
A large-scale malicious operation named “EmeraldWhale” scanned for exposed Git configuration files to steal over 15,000 cloud account credentials from thousands of private repositories. According to Sysdig, who discovered the campaign, the operation involves using automated tools that scan IP ranges for exposed Git configuration files, which may include authentication tokens. These tokens are then used to…
Read More
The Federal Bureau of Investigation (FBI) is warning of multiple schemes taking advantage of the upcoming U.S. general election to scam people out of their money or personal data. The fraudsters exploit the elevated legitimate activity surrounding the elections to scam people by impersonating real candidates and political movements. In most cases, the goal of…
Read More
In today’s digital landscape, businesses that handle sensitive data or provide critical services to other organizations face increasing scrutiny regarding their security and operational practices. A SOC audit is one of the most important ways to demonstrate the robustness of these practices. But what exactly is a SOC audit, and how can your organization prepare…
Read More
Free unofficial patches are now available for a new Windows Themes zero-day vulnerability that allows attackers to steal a target’s NTLM credentials remotely. NTLM has been extensively exploited in NTLM relay attacks, where threat actors force vulnerable network devices to authenticate against servers under their control, and pass-the-hash attacks, where they exploit system vulnerabilities or deploy…
Read More
Over 22,000 CyberPanel instances exposed online to a critical remote code execution (RCE) vulnerability were mass-targeted in a PSAUX ransomware attack that took almost all instances offline. This week, security researcher DreyAnd disclosed that CyberPanel 2.3.6 (and likely 2.3.7) suffers from three distinct security problems that can result in an exploit allowing unauthenticated remote root access…
Read More
Among the highlights of the XChange Best of Breed conference were a number of lessons for the AI era from the top CEOs in the business, including a massive infrastructure upgrade opportunity, a shift by more partners into the MSSP market and the continued rise of the marketplace model. Here’s a look at the 10…
Read More