Category: Kamban

Cybercriminals use Facebook business pages and advertisements to promote fake Windows themes that infect unsuspecting users with the SYS01 password-stealing malware. Trustwave researchers who observed the campaigns said the threat actors also promote fake downloads for pirated games and software, Sora AI, 3D image creator, and One Click Active. While using Facebook advertisements to push information-stealing…

Microsoft has confirmed that Windows Server updates from last month’s Patch Tuesday break some Microsoft 365 Defender features that use the network data reporting service. Redmond describes Microsoft 365 Defender (now known as Defender XDR) as a pre-and post-breach enterprise defense suite that helps coordinate detection, prevention, investigation, and response across an organization’s endpoints, identities, email, and…

Microsoft has resolved a known issue caused by the June 2024 KB5039302 preview update, causing update problems when using Windows Update automation scripts on Windows 11 systems. This issue impacts only client platforms (Windows 11 23H2 and Windows 11 22H2) in enterprise environments. Home customers using Home or Pro editions managed via Windows Automatic Updates…

Threat actors are quick to weaponize available proof-of-concept (PoC) exploits in actual attacks, sometimes as quickly as 22 minutes after exploits are made publicly available. That is according to Cloudflare’s Application Security report for 2024, which covers activity between May 2023 and March 2024 and highlights emerging threat trends. Cloudflare, which currently processes an average…

The Monetary Authority of Singapore (MAS) has announced a new requirement impacting all major retail banks in the country to phase out the use of one-time passwords (OTPs) within the next three months. This initiative was agreed upon between the government and the Association of Banks in Singapore (ABS) to protect consumers against phishing and…

AT&T is warning of a massive data breach where threat actors stole the call logs for approximately 109 million customers, or nearly all of its mobile customers, from an online database on the company’s Snowflake account. The company confirmed to BleepingComputer that the data was stolen from the Snowflake account between April 14 and April…

Image: MidjourneyNetgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting (XSS) and authentication bypass vulnerabilities in several WiFi 6 router models. The stored XSS security flaw (fixed in firmware version 1.0.0.72 and tracked as PSV-2023-0122) impacts the XR1000 Nighthawk gaming router. While the company didn’t disclose any…

A wave of coordinated DNS hijacking attacks targets decentralized finance (DeFi) cryptocurrency domains using the Squarespace registrar, redirecting visitors to phishing sites hosting wallet drainers. DNS hijacking is when an attacker modifies a target’s Domain Name System records to redirect traffic from a legitimate website to one under their control, such as phishing pages. These attacks…

Pharmacy giant Rite Aid confirmed a data breach after suffering a cyberattack in June, which was claimed by the RansomHub ransomware operation. Rite Aid is the third-largest drugstore chain in the United States, employing over 6,000 pharmacists (out of a total workforce of over 45,000) in more than 1,700 retail pharmacy stores across 16 states.…