Category: Kamban

​Today, CISA revealed that attackers actively exploit a critical FortiOS remote code execution (RCE) vulnerability in the wild. The flaw (CVE-2024-23113) is caused by the fgfmd daemon accepting an externally controlled format string as an argument, which can let unauthenticated threat actors execute commands or arbitrary code on unpatched devices in low-complexity attacks that don’t…

Read More

Over 28,000 people from Russia, Turkey, Ukraine, and other countries in the Eurasian region were impacted by a large-scale cryptocurrency-stealing malware campaign. The malware campaign disguises itself as legitimate software promoted via YouTube videos and fraudulent GitHub repositories where victims download password-protected archives that initiate the infection. According to cybersecurity firm Dr. Web, the campaign uses…

Read More

Palo Alto Networks warned customers today to patch security vulnerabilities (with public exploit code) that can be chained to let attackers hijack PAN-OS firewalls. The flaws were found in Palo Alto Networks’ Expedition solution, which helps migrate configurations from other Checkpoint, Cisco, or supported vendors. They can be exploited to access sensitive data, such as…

Read More

Mozilla has issued an emergency security update for the Firefox browser to address a critical use-after-free vulnerability that is currently exploited in attacks. The vulnerability, tracked as CVE-2024-9680, and discovered by ESET researcher Damien Schaeffer, is a use-after-free in Animation timelines. This type of flaw occurs when memory that has been freed is still used…

Read More

Microsoft has fixed a known issue that was causing Word to delete some Windows users’ documents instead of saving them. On affected systems, locally saved files were deleted after saving because of this Word bug issue if their filenames included the # symbol or had a capitalized filename extension, such as .DOCX or .RTF. This…

Read More

In today’s cybersecurity landscape, evolving threats require security solutions that match the sophistication of modern threats. As businesses rapidly adopt emerging technologies, their exposure to cyberattacks increases. To mitigate these risks, cybersecurity teams need adaptable and comprehensive tools to protect their digital ecosystems effectively. Security Information and Event Management (SIEM) and Extended Detection and Response…

Read More

A group of pro-Ukrainian hacktivists has claimed responsibility for the September breach of Russian security company Doctor Web (Dr.Web). Dr.Web confirmed last month that its network was breached on September 14, which forced it to disconnect all internal servers and stop pushing virus database updates to customers while investigating the incident. In a Tuesday Telegram…

Read More

An international law enforcement operation led to the arrest of one of the three administrators of the dual dark web market ‘Bohemia/Cannabia,’ known for hosting ads for drug sales and distributed denial of service (DDoS) attacks. The man was arrested at the Schiphol airport in Amsterdam on June 27, 2024, and electronic devices containing incriminating…

Read More

Discord has been suddenly blocked in Russia and Turkey since yesterday due to illegal activity residing on the platform, leaving legitimate users in those countries unable to visit the website or connect to the service. While Discord started as a communication and community-building space for gamers, it has since expanded to include a broad spectrum…

Read More

What Is Big Game Hunting in Cybercrime? Cyberattacks called big game hunting (BGH) involve threat actors targeting big businesses – the “big game” – and demanding huge amounts of money in the form of a ransom. The term derives from “hunting large, dangerous animals,” an allusion to the high risk/high reward of such attacks. They…

Read More