Category: Kamban

Hackers have already started to exploit the critical severity vulnerability that affects LiteSpeed Cache, a WordPress plugin used for accelerating response times, a day after technical details become public. The security issue is tracked as CVE-2024-28000 and allows escalating privileges without authentication in all versions of the WordPress plugin up to 6.3.0.1. The vulnerability stems from…

The Qilin ransomware group has been using a new tactic and deploys a custom stealer to steal account credentials stored in Google Chrome browser. The credential-harvesting techniques has been observed by the Sophos X-Ops team during incident response engagements and marks an alarming change on the ransomware scene. Attack overview The attack that Sophos researchers analyzed…

Microsoft has confirmed and fixed a known issue causing performance issues, boot problems, and freezes on Windows Server 2019 systems after installing the August 2024 security updates. The company acknowledged the issue following widespread reports from Windows admins saying that servers on their environments were experiencing performance issues and massive lags, becoming unusable after installing…

A new Android malware named NGate can steal money from payment cards by relaying to an attacker’s device the data read by the near-field communication (NFC) chip. Specifically, NGate enables attackers to emulate victims’ cards and make unauthorized payments or withdrawal cash from ATMs.. The campaign has been active since November 2023 and is linked to a recent…

Microsoft has confirmed the August 2024 Windows security updates are causing Linux booting issues on dual-boot systems with Secure Boot enabled. The issue is caused by a Secure Boot Advanced Targeting (SBAT) update applied to block Linux boot loaders unpatched against the CVE-2022-2601 GRUB2 Secure Boot bypass vulnerability. “Resulting from this issue, your device might fail…

​​Today, Google released a new Chrome emergency security update to patch a zero-day vulnerability tagged as exploited in attacks. “Google is aware that an exploit for CVE-2024-7971 exists in the wild,” the company said in an advisory published on Wednesday. This high-severity zero-day vulnerability is caused by a type confusion weakness in Chrome’s V8 JavaScript…

SolarWinds has released a hotfix for a critical Web Help Desk vulnerability that allows attackers to log into unpatched systems using hardcoded credentials. Web Help Desk (WHD) is an IT help desk software widely used by government agencies, large corporations, and healthcare and education organizations to automate and streamline help desk management tasks. SolarWinds’ IT management products…

A member of the Russian Karakurt ransomware group has been charged in the U.S. for money laundering, wire fraud, and extortion crimes. An investigation from the FBI uncovered that 33-year old Deniss Zolotarjovs was a member of the Karakurt extortion operation that compromised company systems, stole data, and then demanded a ransom from the victims under…

A 39-year old man from Somerset, Kentucky, was sentenced to 81 months in federal prison for identity theft and faking his own death in government registry systems. A press release from the U.S. Department of Justice (DoJ) informs that Jesse Kipf used stolen credentials to access the Hawaii Death Registry System to register himself as…