Category: Kamban

QNAP has fixed a critical zero-day vulnerability exploited by security researchers on Thursday to hack a TS-464 NAS device during the Pwn2Own Ireland 2024 competition. Tracked as CVE-2024-50388, the security flaw is caused by an OS command injection weakness in HBS 3 Hybrid Backup Sync version 25.1.x, the company’s disaster recovery and data backup solution.…

Imagine yourself or your organization caught up in a ransomware attack. You’d quickly realize how limited your options are. Attackers generally present two grim choices: they’ll either release your sensitive data to the public or refuse to unlock the encrypted data unless you meet their demands. In most ransomware incidents, it boils down to a…

In today’s digital landscape, businesses face an increasing number of sophisticated cyber threats. To combat these challenges, many organizations are turning to managed endpoint detection and response (EDR) solutions. But what exactly is managed EDR, and how can it benefit your business?   What is Managed Endpoint Detection and Response? Before we discuss the benefits,…

The United States announced charges today against Maxim Rudometov, a Russian national, for being the suspected developer and administrator of the RedLine malware operation, one of the most prolific infostealers over the past few years. These infostealers, marketed to cybercriminals and sold via subscriptions, enable attackers to steal credentials and financial data and bypass multi-factor…

San Francisco, CA, 29 October 2024 – BlackFog, the leader in ransomware prevention and anti data exfiltration (ADX), today announced new Service Organization Control (SOC) 2 Type II and TX-RAMP certifications. Based on a reliable and well-established framework, these comprehensive certifications underscore BlackFog’s dedication to meeting the highest standards of data security and privacy for…

A researcher has released a tool to bypass Google’s new App-Bound encryption cookie-theft defenses and extract saved credentials from the Chrome web browser. The tool, named ‘Chrome-App-Bound-Encryption-Decryption,’ was released by cybersecurity researcher Alexander Hagenah after he noticed that others were already figuring out similar bypasses. Although the tool achieves what multiple infostealer operations have already added…

Microsoft announced today that inbound SMTP DANE with DNSSEC for Exchange Online, a new capability to boost email security and integrity, is now generally available. The company announced in September 2023 a public preview that would roll out from March to July 2024. However, it was forced to delay it because of “necessary security investments”…

A hybrid espionage/influence campaign conducted by the Russian threat group ‘UNC5812’ has been uncovered, targeting Ukrainian military recruits with Windows and Android malware. According to Google’s threat intelligence, the campaign impersonated a “Civil Defense” persona along with a website and dedicated Telegram channel to distribute malware through a fake recruitment avoidance app dubbed “Sunspinner” by…

Free, a major internet service provider (ISP) in France, confirmed over the weekend that hackers breached its systems and stole customer personal information. The company, which says it had over 22.9 million mobile and fixed subscribers at the end of June, is the second-largest telecommunications company in France and a subsidiary of the Iliad Group,…