Category: Kamban

The malicious PoorTry kernel-mode Windows driver used by multiple ransomware gangs to turn off Endpoint Detection and Response (EDR) solutions has evolved into an EDR wiper, deleting files crucial for the operation of security solutions and making restoration harder. Though Trend Micro had warned about this functionality added on Poortry since May 2023, Sophos has…

Image: MidjourneyThe APT33 Iranian hacking group has used new Tickler malware to backdoor the networks of organizations in the government, defense, satellite, oil and gas sectors in the United States and the United Arab Emirates. As Microsoft security researchers observed, the threat group (also tracked as Peach Sandstorm and Refined Kitten), which operates on behalf…

DICK’S Sporting Goods, the largest chain of sporting goods retail stores in the United States, disclosed that confidential information was exposed in a cyberattack detected last Wednesday. Founded in 1948, DICK’S operates 857 stores across the United States and has reported $12.98 billion in revenue in 2023. As of February 2024, the Fortune 500 company…

Google has more than doubled payouts for Google Chrome security flaws reported through its Vulnerability Reward Program, with the maximum possible reward for a single bug now exceeding $250,000. Starting today, the search giant will differentiate memory corruption vulnerabilities depending on the quality of the report and the researcher’s drive to find the full impact of…

An Iran-based hacking group known as Pioneer Kitten is breaching defense, education, finance, and healthcare organizations across the United States and working with affiliates of several ransomware operations to extort the victims. The threat group (also tracked as Fox Kitten, UNC757, and Parisite) has been active since at least 2017 and is believed to have…

Fortra is warning of a critical hardcoded password flaw in FileCatalyst Workflow that could allow attackers unauthorized access to an internal database to steal data and gain administrator privileges. The hardcoded password can be used by anyone to remotely access an exposed FileCatalyst Workflow HyperSQL (HSQLDB) database, gaining unauthorized access to potentially sensitive information. Additionally,…

The one-of-a-kind security conference is just a few weeks away. This is it. Time to register. Right now. Security practitioners: It’s go time. mWISE™ runs from September 18 – 19 in Denver, just a few weeks from today. This is the moment to book your travel, choose your sessions, and start feeling the excitement.  If you…

DICK’S Sporting Goods, the largest chain of sporting goods retail stores in the United States, disclosed that confidential information was exposed in a cyberattack detected last Wednesday. Founded in 1948, DICK’S operates 857 stores across the United States and has reported $12.98 billion in revenue in 2023. As of February 2024, the Fortune 500 company…

Young Consulting is sending data breach notifications to 954,177 people who had their information exposed in a BlackSuit ransomware attack on April 10, 2024. Young Consulting (now Connexure) is an Atlanta-based software solutions provider specializing in the employer stop-loss marketplace, assisting insurance carriers, brokers, and third-party administrators in managing, marketing, underwriting, and administering stop-loss insurance…