Category: Kamban

​​Today, Google released a new Chrome emergency security update to patch a zero-day vulnerability tagged as exploited attacks. “Google is aware that an exploit for CVE-2024-7971 exists in the wild,” the company said in an advisory published on Wednesday. This high-severity zero-day vulnerability is caused by a type confusion weakness in Chrome’s V8 JavaScript engine.…

Threat actors started to use progressive web applications to impersonate banking apps and steal credentials from Android and iOS users. Progressive web apps (PWA) are cross-platform applications that can be installed directly from the browser and offer a native-like experience through features like push notifications, access to device hardware, and background data syncing. Using this type of…

Microsoft announced today that it will start rolling out its AI-powered Windows Recall feature to Insiders with Copilot+ PCs in October. This AI feature takes screenshots of active windows on your PC, analyzes them on-device using a Neural Processing Unit (NPU) and an AI model, and adds the information to an SQLite database. You can…

Microsoft announced today that it will start rolling out its AI-powered Windows Recall feature to Insiders with Copilot+ PCs in October. This AI feature takes screenshots of active windows on your PC, analyzes them on-device using a Neural Processing Unit (NPU) and an AI model, and adds the information to an SQLite database. You can…

​Taiwanese hardware vendor QNAP has added a Security Center with ransomware protection capabilities to the latest version of its QTS operating system for network-attached storage (NAS) devices. The new Security Center in QTS 5.2 monitors for suspicious file operations to detect and block ransomware threats. If any unusual activity is detected, customers can choose to…

A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts. LiteSpeed Cache is open-source and the most popular WordPress site acceleration plugin, with over 5 million active installations and support for WooCommerce, bbPress, ClassicPress, and Yoast SEO. The unauthenticated privilege escalation vulnerability (CVE-2024-28000)…

According to user reports following this month’s Patch Tuesday, the August 2024 Windows security updates are breaking dual boot on some Linux systems with Secure Boot enabled. This issue is caused by Microsoft’s decision to apply a Secure Boot Advanced Targeting (SBAT) update to block Linux boot loaders unpatched against the CVE-2022-2601 GRUB2 Secure Boot…

Phrack #71 has been released online and is available to read for free. This issue is the first to be released since 2021, marking a new chapter in the influential online magazine’s history. Phrack is an underground online magazine first launched in 1985 as a text file distributed through Bulletin Board Systems (BBS) and later…

Welcome to this week’s edition of the “Bi-Weekly Cyber Roundup” by Canary Trap. At Canary Trap, it is our mission to keep you up-to-date with the most crucial news in the world of cybersecurity and this bi-weekly publication is your gateway to the latest news. This week’s newsletter covers a range of critical cybersecurity issues,…

A critical vulnerability affecting multiple versions of GitHub Enterprise Server could be exploited to bypass authentication and enable an attacker to gain administrator privileges on the machine. The security issue is identified as CVE-2024-6800 and received a 9.5 severity rating as per the CVSS 4.0 standard. It is described as an XML signature wrapping problem that occurs…