Category: Kamban

​​Today, Google released a new Chrome emergency security update to patch a zero-day vulnerability tagged as exploited in attacks. “Google is aware that an exploit for CVE-2024-7971 exists in the wild,” the company said in an advisory published on Wednesday. This high-severity zero-day vulnerability is caused by a type confusion weakness in Chrome’s V8 JavaScript…

SolarWinds has released a hotfix for a critical Web Help Desk vulnerability that allows attackers to log into unpatched systems using hardcoded credentials. Web Help Desk (WHD) is an IT help desk software widely used by government agencies, large corporations, and healthcare and education organizations to automate and streamline help desk management tasks. SolarWinds’ IT management products…

A member of the Russian Karakurt ransomware group has been charged in the U.S. for money laundering, wire fraud, and extortion crimes. An investigation from the FBI uncovered that 33-year old Deniss Zolotarjovs was a member of the Karakurt extortion operation that compromised company systems, stole data, and then demanded a ransom from the victims under…

A 39-year old man from Somerset, Kentucky, was sentenced to 81 months in federal prison for identity theft and faking his own death in government registry systems. A press release from the U.S. Department of Justice (DoJ) informs that Jesse Kipf used stolen credentials to access the Hawaii Death Registry System to register himself as…

​​Today, Google released a new Chrome emergency security update to patch a zero-day vulnerability tagged as exploited attacks. “Google is aware that an exploit for CVE-2024-7971 exists in the wild,” the company said in an advisory published on Wednesday. This high-severity zero-day vulnerability is caused by a type confusion weakness in Chrome’s V8 JavaScript engine.…

Threat actors started to use progressive web applications to impersonate banking apps and steal credentials from Android and iOS users. Progressive web apps (PWA) are cross-platform applications that can be installed directly from the browser and offer a native-like experience through features like push notifications, access to device hardware, and background data syncing. Using this type of…

Microsoft announced today that it will start rolling out its AI-powered Windows Recall feature to Insiders with Copilot+ PCs in October. This AI feature takes screenshots of active windows on your PC, analyzes them on-device using a Neural Processing Unit (NPU) and an AI model, and adds the information to an SQLite database. You can…

Microsoft announced today that it will start rolling out its AI-powered Windows Recall feature to Insiders with Copilot+ PCs in October. This AI feature takes screenshots of active windows on your PC, analyzes them on-device using a Neural Processing Unit (NPU) and an AI model, and adds the information to an SQLite database. You can…

​Taiwanese hardware vendor QNAP has added a Security Center with ransomware protection capabilities to the latest version of its QTS operating system for network-attached storage (NAS) devices. The new Security Center in QTS 5.2 monitors for suspicious file operations to detect and block ransomware threats. If any unusual activity is detected, customers can choose to…

A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts. LiteSpeed Cache is open-source and the most popular WordPress site acceleration plugin, with over 5 million active installations and support for WooCommerce, bbPress, ClassicPress, and Yoast SEO. The unauthenticated privilege escalation vulnerability (CVE-2024-28000)…