Category: Kamban

Roughly nine percent of tested firmware images use non-production cryptographic keys that are publicly known or leaked in data breaches, leaving many Secure Boot devices vulnerable to UEFI bootkit malware attacks. Known as ‘PKfail,’ and now tracked as CVE-2024-8105, the supply chain attack is caused by test Secure Boot master key (Platform Key “PK”), which…

​Microsoft has fixed a known issue that causes Microsoft 365 apps like Outlook, Word, Excel, and OneNote to crash while typing or spell-checking a text. The crashes affect users of Excel for Microsoft 365, Word for Microsoft 365, Outlook for Microsoft 365, PowerPoint for Microsoft 365, and OneNote for Microsoft 365 on Version 2407 Build…

Election cybersecurity is a critical concern as numerous countries, including the US, EU, India, and others, prepare for elections in 2024. With so much at stake, cyberthreats pose a significant risk to the integrity of these democratic processes. Among the primary concerns are ransomware attacks that could steal and leak sensitive voter registration data or…

​CISA has ordered U.S. federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day bug exploited by the Void Banshee APT hacking group. The vulnerability (CVE-2024-43461) was disclosed during this month’s Patch Tuesday, and Microsoft initially classified it as not exploited in attacks. However, Microsoft updated the advisory on Friday to confirm that…

A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices. The flaw is a deserialization of untrusted data issue impacting Ivanti Endpoint Manager before 2022 SU6 and EPM 2024, which was fixed as part of the September 2024…

​Microsoft has announced that Office LTSC (Long Term Servicing Channel) 2024, a volume-licensed and perpetual version of Office for Windows and macOS users, is now available for commercial and government customers. Office LTSC 2024 is designed for organizations with devices without internet connectivity and requiring long-term support, such as specialty systems like medical equipment. It has…

Image: MidjourneyToday, the U.S. Department of the Treasury has sanctioned five executives and one entity linked to the Intellexa Consortium for developing and distributing Predator commercial spyware. Intellexa Consortium is a network of decentralized companies that developed and sold highly intrusive spyware products marketed under the “Predator” brand. Predator spyware has allowed Intellexa customers worldwide —…

Google is updating the post-quantum cryptography used in the Chrome browser to protect against TLS attacks using quantum computers and to mitigate store-now-decrypt-later attacks. The upcoming change will swap Kyber used in hybrid key exchanges to a newer, and slightly modified version, renamed as Module Lattice Key Encapsulation Mechanism (ML-KEM). This change comes roughly five months…

D-Link has fixed critical vulnerabilities in three popular wireless router models that allow remote attackers to execute arbitrary code or access the devices using hardcoded credentials. The impacted models are popular in the consumer networking market, especially among users looking for high-end WiFi 6 routers (DIR-X) and mesh networking systems (COVR). The bulletin lists five…