Category: Kamban

An automated scanner has been released to help security professionals scan environments for devices vulnerable to the Common Unix Printing System (CUPS) RCE flaw tracked as CVE-2024-47176. The flaw, which enables attackers to perform arbitrary remote code execution if certain conditions are met, was disclosed late last month by the person who discovered it, Simone…

Microsoft reminded customers today that multiple editions of Windows 11 22H2 and 21H2 have reached their end of servicing. This announcement applies to Windows 11 22H2 Home, Pro, Pro Education, Pro for Workstations, and SE editions released on September 20, 2022. One year after the Home and Pro editions, Windows 11 21H2 Enterprise, Education, and IoT…

An emerging phishing-as-a-service (PhaaS) platform called Mamba 2FA has been observed targeting Microsoft 365 accounts in AiTM attacks using well-crafted login pages. Additionally, Mamba 2FA offers threat actors an adversary-in-the-middle (AiTM) mechanism to capture the victim’s authentication tokens and bypass multi-factor authentication (MFA) protections on their accounts. Mamba 2FA is currently sold to cybercriminals for…

​Microsoft says this month’s Patch Tuesday cumulative updates fix a known issue that causes Windows servers to disrupt Remote Desktop connections in enterprise networks after installing the July Windows Server security updates. Redmond first confirmed this known issue following many reports from Windows admins that the RD Gateway service kept crashing every 30 minutes after…

Today is Microsoft’s October 2024 Patch Tuesday, which includes security updates for 118 flaws, including five publicly disclosed zero-days, two of which are actively exploited. This Patch Tuesday fixed three critical vulnerabilities, all remote code execution flaws. The number of bugs in each vulnerability category is listed below: 28 Elevation of Privilege vulnerabilities 7 Security…

Microsoft has released the KB5044273 cumulative update for Windows 10 22H2 and Windows 10 21H2, which includes nine changes and fixes, including a new Windows Update opt-in notification shown when you log in to the operating system. The Windows 10 KB5044273 update is mandatory as it contains Microsoft’s October 2024 Patch Tuesday security updates. Windows users…

Microsoft has released the KB5044284 and KB5044285 Windows 11 cumulative updates for versions 24H2 and 22H2/23H2 to fix security vulnerabilities and resolve 27 bugs and performance issues. Both are mandatory cumulative updates containing the October 2024 Patch Tuesday security updates for vulnerabilities discovered in previous months. Windows 11 users can install them by going to…

An APT hacking group known as GoldenJackal has successfully breached air-gapped government systems in Europe using two custom toolsets to steal sensitive data, like emails, encryption keys, images, archives, and documents. According to an ESET report, this happened at least two times, one against the embassy of a South Asian country in Belarus in September…

Image: MidjourneyAmerican IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks. As Ivanti revealed on Tuesday, attackers are chaining the three security flaws with another CSA zero-day patched in September. Successful exploitation of these vulnerabilities can let remote attackers run SQL…