Category: Kamban

The U.S. Marshals Service (USMS) denies its systems were breached by the Hunters International ransomware gang after being listed as a new victim on the cybercrime group’s leak site on Monday. “USMS is aware of the allegations and has evaluated the materials posted by individuals on the dark web, which do not appear to derive…

Microsoft has released the optional KB5041587 preview cumulative update for Windows 11 23H2 and 22H2, which adds sharing to Android devices and fixes multiple File Explorer issues. The August 2024 non-security preview update improves Windows sharing capabilities, enabling users to easily share content with their Android devices using the Windows share window. “To do this,…

Notion has announced it will exit the Russian market and is terminating all workspaces and accounts identified linked to users in the country. In an announcement on its website, Notion says the decision was taken due to U.S.-government imposed restrictions on software service providers, making it practically impossible to continue operating in Russia. “The U.S.…

SafeBreach security researcher Alon Leviev has released his Windows Downdate tool, which can be used for downgrade attacks that reintroduce old vulnerabilities in up-to-date Windows 10, Windows 11, and Windows Server systems. In such attacks, threat actors force up-to-date targeted devices to revert to older software versions, thus reintroducing security vulnerabilities that can be exploited…

The Pidgin messaging app removed the ScreenShareOTR plugin from its official third-party plugin list after it was discovered that it was used to install keyloggers, information stealers, and malware commonly used to gain initial access to corporate networks. The plugin was promoted as a screen-sharing tool for secure Off-The-Record (OTR) protocol and was available for…

Park’N Fly is warning that a data breach exposed the personal and account information of 1 million customers in Canada after hackers breached its network. The threat actors breached the Park’N Fly networks through stolen VPN credentials in mid-July and stole data from the company. On August 1, the company determined that customer information was also…

The Chinese state-backed hacking group Volt Typhoon is behind attacks that exploited a zero-day flaw in Versa Director to upload a custom webshell to steal credentials and breach corporate networks. Versa Director is a management platform ISPs and MSPs use to manage virtual WAN connections created using SD-WAN services. The vulnerability is tracked as CVE-2024-39717…

Hackers relentlessly probe your organization’s digital defenses, hunting for the slightest vulnerability to exploit. And while penetration testing serves as a valuable tool, there might be some areas of risk your testing program is overlooking. The harsh reality is that even the most security-conscious organizations often have blind spots, with portions of their internet-exposed attack…

​A massive QR code phishing campaign abused Microsoft Sway, a cloud-based tool for creating online presentations, to host landing pages to trick Microsoft 365 users into handing over their credentials. The attacks were spotted by Netskope Threat Labs in July 2024 after detecting a dramatic 2,000-fold increase in attacks exploiting Microsoft Sway to host phishing…

https://www.iotinsider.com/podcast/iot-unplugged-s3e7-establishing-priorities-f… Source link lol