Category: Kamban

U.S. and U.K. cyber agencies warned today that APT29 hackers linked to Russia’s Foreign Intelligence Service (SVR) target vulnerable Zimbra and JetBrains TeamCity servers “at a mass scale.” A joint advisory issued by the NSA, the FBI, the U.S. Cyber Command’s Cyber National Mission Force (CNMF), and the U.K.’s NCSC warns network defenders to patch exposed…

Image: Fidelity InvestmentsFidelity Investments, a Boston-based multinational financial services company, disclosed that the personal information of over 77,000 customers was exposed after its systems were breached in August. As one of the largest asset managers in the world, with $14.1 trillion in assets under administration and $5.5 trillion under management, Fidelity employs over 75,000 associates across 11…

The Underground ransomware gang has claimed responsibility for an October 5 attack on Japanese tech giant Casio, which caused system disruptions and impacted some of the firm’s services. Earlier this week, Casio disclosed the attack on its website but withheld details about the incident, saying it had engaged external IT specialists to investigate whether personal data…

GitLab has released security updates to address multiple flaws in Community Edition (CE) and Enterprise Edition (EE), including a critical arbitrary branch pipeline execution flaw. The vulnerability, which is tracked as CVE-2024-9164, allows unauthorized users to trigger Continuous Integration/Continuous Delivery (CI/CD) pipelines on any branch of a repository. CI/CD pipelines are automated processes that perform tasks…

Microsoft is investigating an Outlook bug causing desktop app crashes, high system resource usage, and preventing users from logging into their accounts. While the company said these ongoing issues only affect European customers, users worldwide have since reported experiencing the same sign-in and app instability problems. “We’re investigating an issue in which users in Europe…

BlackFog Wins “AI-based Cybersecurity Innovation of the Year” in 2024 CyberSecurity Breakthrough Awards Program Prestigious Annual Awards Program Recognizes Outstanding Information Security Products and Companies Around the World San Francisco , Oct. 10, 2024 – CyberSecurity Breakthrough, a leading independent market intelligence organization that recognizes the top companies, technologies and products in the global information…

Internet Archive’s “The Wayback Machine” has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records. News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached.…

​Today, CISA revealed that attackers actively exploit a critical FortiOS remote code execution (RCE) vulnerability in the wild. The flaw (CVE-2024-23113) is caused by the fgfmd daemon accepting an externally controlled format string as an argument, which can let unauthenticated threat actors execute commands or arbitrary code on unpatched devices in low-complexity attacks that don’t…

Over 28,000 people from Russia, Turkey, Ukraine, and other countries in the Eurasian region were impacted by a large-scale cryptocurrency-stealing malware campaign. The malware campaign disguises itself as legitimate software promoted via YouTube videos and fraudulent GitHub repositories where victims download password-protected archives that initiate the infection. According to cybersecurity firm Dr. Web, the campaign uses…