Category: Kamban

CISA and the FBI confirmed that Chinese hackers compromised the “private communications” of a “limited number” of government officials after breaching multiple U.S. broadband providers. The attackers also stole other information from the companies’ compromised systems, including information related to customer call records and law enforcement requests. “Specifically, we have identified that PRC-affiliated actors have…

Suspected Russian hackers were caught exploiting a recently patched Windows vulnerability as a zero-day in ongoing attacks targeting Ukrainian entities. The security flaw (CVE-2024-43451) is an NTLM Hash Disclosure spoofing vulnerability reported by ClearSky security researchers, which can be exploited to steal the logged-in user’s NTLMv2 hash by forcing connections to a remote attacker-controlled server.…

The business contact information for 122 million people circulating since February 2024 is now confirmed to have been stolen from a B2B demand generation platform. The data comes from DemandScience (formerly Pure Incubation), a B2B demand generation company that aggregates data. Data aggregation is the process of collecting, compiling, and organizing data from public sources to…

The U.S. Department of Justice has unsealed the indictment against two suspected Snowflake hackers, who breached more than 165 organizations using the services of the Snowflake cloud storage company. Connor Riley Moucka and John Erin Binns are accused of using credentials, obtained with the help of info-stealing malware, to hijack Snowflake accounts that were not…

Today is Microsoft’s November 2024 Patch Tuesday, which includes security updates for 89 flaws, including four zero-days, two of which are actively exploited. This Patch Tuesday fixed four critical vulnerabilities, which include two remote code execution and two elevation of privileges flaws. The number of bugs in each vulnerability category is listed below: 26 Elevation…

Google is adding a new AI-powered scam protection feature that monitors phone call conversations on Google Pixel devices to detect patterns that warn when the caller may be a scammer. Google has also added a new real-time protection feature to Google Play Protect that detects when unsafe apps are found on Google Play. The features…

Bitdefender has released a decryptor for the ‘ShrinkLocker’ ransomware strain, which uses Windows’ built-in BitLocker drive encryption tool to lock victim’s files. Discovered in May 2024 by researchers at cybersecurity company Kaspersky, ShrinkLocker lacks the sophistication of other ransomware families but integrates features that can maximize the damage of an attack. According to Bitdefender’s analysis, the malware appears…

​Microsoft has fixed several bugs that cause install, upgrade, and Blue Screen of Death (BSOD) issues on Windows Server 2025 devices with a high core count. The symptoms include Windows Server 2025 installation or upgrading processes failing or hanging, as well as server boot and restarts taking as much as three hours (or even more…

Microsoft has disclosed a high-severity Exchange Server vulnerability that allows attackers to forge legitimate senders on incoming emails and make malicious messages a lot more effective. The security flaw (CVE-2024-49040) impacts Exchange Server 2016 and 2019, and was discovered by Solidlab security researcher Vsevolod Kokorin, who reported it to Microsoft earlier this year. “The problem…