Category: Kamban

A vulnerability disclosed 18 years ago, dubbed “0.0.0.0 Day”, allows malicious websites to bypass security in Google Chrome, Mozilla Firefox, and Apple Safari and interact with services on a local network. However, it should be noted that this only affects Linux and macOS devices, and does not work on Windows. For impacted devices, threat actors…

American building security giant ADT confirmed it suffered a data breach after threat actors leaked allegedly stolen customer data on a popular hacking forum. ADT is a public American company that specializes in security and smart home solutions for residential and small business customers. The firm employs 14,300 people, has an annual revenue of $4.98…

4 Types of Ransomware: Recognizing and Understanding the Threat Last year, ransomware cost firms over $1.1 billion in direct payments. This makes it one of the biggest cybersecurity threats facing businesses of all sizes, and in 2024, this threat has shown no signs of slowing down. Although almost half of recorded incidents in 2023 were…

Gambling blockchain Ronin Network suffered a security incident yesterday when white hat hackers exploited an undocumented vulnerability on the Ronin bridge to withdraw 4,000 ETH and 2 million USDC, totaling $12 million. This figure corresponds to the maximum amount of ETH and USDC that can be withdrawn from the bridge via a single transaction, so…

The SEC has concluded its investigation into Progress Software’s handling of the widespread exploitation of a MOVEit Transfer zero-day flaw that exposed data of over 95 million people. In a new FORM 8-K filing with the SEC, Progress Software says that the SEC’s Division of Enforcement will not recommend any enforcement action regarding the security incident.…

CISA and the FBI confirmed today that the Royal ransomware rebranded to BlackSuit and has demanded over $500 million from victims since it emerged more than two years ago. This new information was shared as an update to a joint advisory published in March 2023, which says the BlackSuit gang has been active since September…

A new self-spreading worm named ‘CMoon,’ capable of stealing account credentials and other data, has been distributed in Russia since early July 2024 via a compromised gas supply company website. According to Kaspersky researchers who discovered the campaign, CMoon can perform a broad range of functions, including loading additional payloads, snapping screenshots, and launching distributed…

Researchers have demonstrated a method to bypass an anti-phishing measure in Microsoft 365 (formerly Office 365), elevating the risk of users opening malicious emails. Specifically, the anti-phishing measure that can be hidden is the ‘First Contact Safety Tip,’ which warns email recipients on Outlook when they receive a message from an unfamiliar address. Certitude analysts who…

A new eBook by Cynomi, “What does it take to be a full-fledged Virtual CISO?” lays out exactly how service providers can easily, rapidly, and economically expand their vCISO service offerings to cover the entire range of duties. The Chief Information Security Officer (CISO) position has risen to prominence in recent years due to the risk posed by rampant…