Category: Kamban

Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances. The flaw was initially discovered and fixed in Docker Engine v18.09.1, released in January 2019, but for some reason, the fix wasn’t carried forward in later…

Microsoft has fixed a known Windows 10 update issue that broke Microsoft Connected Cache (MCC) node discovery on enterprise networks. The fix is included with the KB5040525 July 2024 preview update for Windows 10 22H2 released yesterday, which also comes with fixes for WDAC issues causing memory leaks and app failures, “This issue was resolved…

American cybersecurity company KnowBe4 says a person it recently hired as a Principal Software Engineer turned out to be a North Korean state actor who attempted to install information-stealing on its devices. The firm detected and stopped the malicious actions in time, so no data breach occurred. However, the case highlights the continued threat posed…

Google Chrome now warns when downloading risky password-protected files and provides improved alerts with more information about potentially malicious downloaded files. These new, more detailed warning messages help users quickly learn the nature of the danger presented by each file downloaded from the Internet. For this, Google introduced a two-tier download warning system that uses AI-powered…

Register today for mWISE™, the unique cybersecurity conference from Mandiant, now part of Google Cloud. Built by practitioners for practitioners, mWISE runs from September 18 – 19, 2024 in Denver, Colorado. Now that the mWISE session catalog is out, it’s time to take a closer look at the topics. Organizers have posted the session catalog,…

CrowdStrike released a Preliminary Post Incident Review (PIR) on the faulty Falcon update explaining that a bug allowed bad data to pass its Content Validator and cause millions of Windows systems to crash on July 19, 2024. The cybersecurity company explained that the issue was caused by a problematic content configuration update meant to gather…

The entire database for the notorious BreachForums v1 hacking forum was released on Telegram Tuesday night, exposing a treasure trove of data, including members’ information, private messages, cryptocurrency addresses, and every post on the forum. This data comes from a database backup allegedly sold by Conor Fitzpatrick, aka Pompompurin. In 2022, after the RaidForums hacking…

Microsoft warned that some Windows devices will boot into BitLocker recovery after installing the July 2024 Windows security updates. The BitLocker Windows security feature mitigates the risk of data theft or information exposure from lost, stolen, or inappropriately decommissioned devices by encrypting the storage drives. Windows computers can automatically enter BitLocker recovery mode following various…

BlackFog marks the next chapter of growth with Brenda Robb as President, John Sarantakes as CRO, and Mark Griffith as VP of Strategic Sales San Francisco, CA—July 24, 2024– BlackFog, the leader in ransomware protection and anti data exfiltration (ADX), today announced it has made new appointments to strengthen its leadership team as it witnesses…

The Chinese hacking group tracked as ‘Evasive Panda’ was spotted using new versions of the Macma backdoor and the Nightdoor Windows malware. Symantec’s threat hunting team spotted the cyber espionage attacks targeting organizations in Taiwan and an American non-governmental organization in China. In the latter case, Evasive Panda (aka ‘Daggerfly’ or ‘Bronze Highland’) exploited a…