Category: Kamban

U.K.’s National Crime Agency says it arrested a 17-year-old teenager who is suspected of being connected to the cyberattack on Transport for London, the city’s public transportation agency. “A teenager has been arrested in Walsall by the National Crime Agency, as part of the investigation into a cyber security incident affecting Transport for London (TfL),”…

Transport for London (TfL) has determined that the cyberattack on September 1 impacts customer data, including names, contact details, email addresses, and home addresses. The urban transportation agency had informed the public on September 2 about an ongoing cybersecurity incident, assuring customers that at the time there was no evidence of data being compromised. Last Friday, TfL staff…

GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions. The release is for versions 17.3.2, 17.2.5, and 17.1.7 for both GitLab Community Edition (CE) and Enterprise Edition (EE), and patches a total of 18 security issues as part of the bi-monthly…

Members of the North Korean hacker group Lazarus posing as recruiters are baiting Python developers with coding test project for password management products that include malware. The attacks are part of the ‘VMConnect campaign’ first detected in August 2023, where the threat actors targeted software developers with malicious Python packages uploaded onto the PyPI repository.…

Starting October 1st, WordPress.org accounts that can push updates and changes to plugins and themes will be required to activate two-factor authentication (2FA) on their accounts. The decision is part of the platform’s plugin review team effort to reduce the risk of unauthorized access, which could lead to supply-chain attacks. “Accounts with commit access can push…

A cybersecurity researcher is urging users to upgrade Adobe Acrobat Reader after a fix was released yesterday for a remote code execution zero-day with a public in-the-wild proof-of-concept exploit. The flaw is tracked as CVE-2024-41869 and is a critical use after free vulnerability that could lead to remote code execution when opening a specially crafted PDF…

Criminal IP (criminalip.io), a distinguished leader in Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, announced that it has successfully integrated its IP address-related risk detection data with IPLocation.io, one of the most visited IP analysis and lookup tools on the internet. Through the integration, IPLocation.io (iplocation.io), a prominent IP address geolocation tracker…

Six Chinese nationals and a Singaporean have been arrested on Monday in Singapore for their alleged role in malicious cyber activities committed in connection with a “global syndicate.” During raids on Monday, the police arrested six of the men and seized electronic devices with hacking tools installed and ready for carrying out cyberattacks, stolen personally identifiable information (PII),…

5 Upcoming Ransomware Variants and Groups to Watch In 2024 Ransomware has continued to evolve with the emergence of new and sophisticated threats. While established groups like LockBit and BlackCat still dominate a significant portion of reported attacks, new players and variants are increasingly making their presence felt. This article looks into five notable ransomware…