Category: Kamban

​Transport for London, the city’s public transportation agency, revealed today that its staff has limited access to systems and email due to measures implemented in response to a Sunday cyberattack. On Monday, the transport authority reported the incident to relevant government agencies (including the National Cyber Security Centre and the National Crime Agency). It is now…

Image: MidjourneyAmerican car rental giant Avis notified customers that unknown attackers breached one of its business applications last month and stole some of their personal information. According to data breach notification letters sent to impacted customers on Wednesday and filed with California’s Office of the Attorney General, the company took action to stop the unauthorized…

​After Office 2024 launches in October, Microsoft will disable ActiveX controls by default in Word, Excel, PowerPoint, and Visio client apps. ActiveX is a legacy software framework introduced in 1996 that enables developers to create interactive objects that can be embedded in Office documents. Redmond will start by turning off ActiveX controls in documents opened…

A new Android malware named SpyAgent uses optical character recognition (OCR) technology to steal cryptocurrency wallet recovery phrases from screenshots stored on the mobile device. A cryptocurrency recovery phrase, or seed phrase, is a series of 12-24 words that acts as a backup key for a cryptocurrency wallet. These phrases are used to restore access…

SonicWall is warning that a recently fixed access control flaw tracked as CVE-2024-40766 in SonicOS is now “potentially” exploited in attacks, urging admins to apply patches as soon as possible. “This vulnerability is potentially being exploited in the wild. Please apply the patch as soon as possible for affected products. The latest patch builds are available…

Enterprise Ransomware Protection: Why It Matters A ransomware attack can be one of the most damaging types of cybercrime any business can face. And this is a threat that every company must be prepared to deal with sooner or later. Data from Statista shows that as of 2023, more than 72 percent of businesses worldwide…

In the first half of 2024, we observed 396 undisclosed ransomware attacks on the manufacturing industry – amounting to 17% of all undisclosed attacks we recorded during this period. This trend underscores the growing targeting of this sector by ransomware groups. In this article, we will examine some of the largest attacks to date, explore…

Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers. OFBiz is a suite of customer relationship management (CRM) and enterprise resource planning (ERP) business applications that can also be used as a Java-based web framework…

Microsoft announced today that it has partnered with StopNCII to proactively remove harmful intimate images and videos from Bing using digital hashes people create from their sensitive media. StopNCII is a project operated by the Revenge Porn Helpline that allows people to create digital hashes of their intimate pictures and videos without uploading the media from…

Yet, another critical severity vulnerability has been discovered in LiteSpeed Cache, a caching plugin for speeding up user browsing in over 6 million WordPress sites. The flaw, tracked as CVE-2024-44000 and categorized as an unauthenticated account takeover issue, was discovered by Patchstack’s Rafie Muhammad on August 22, 2024. A fix was made available yesterday with the…