Category: Kamban

Recently-disrupted LockBit ransomware group, in what appears to be a desperate attempt to make a comeback, claimed this week that it had hit US Federal Reserve, the central bank of the United States. The tall claim was followed up with LockBit stating it had stolen 33 terabytes of sensitive banking information belonging to Americans and that negotiations were…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published research looking into 172 key open-source projects and whether they are susceptible to memory flaws. The report, cosigned by CISA, the Federal Bureau of Investigation (FBI), as well as Australian (ASD, ACSC) and Canadian organizations (CCCS), is a follow-up to the ‘Case for Memory Safe Roadmaps‘…

The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue admin users and manipulate data on the application database. FileCatalyst Workflow is a web-based file exchange and sharing platform supporting large file sizes. It’s used by organizations worldwide to accelerate data transfers and collaborate in…

The June 2024 optional update for Windows 11 is now available. The latest update, KB5039302, is for Windows 11 version 22H2 and newer and brings several new features and fixes. Since this is an optional update, it doesn’t introduce major new features but focuses on improving quality and fixing bugs. This update advances Windows 11…

Threat actors are already trying to exploit a critical authentication bypass flaw in Progress MOVEit Transfer, less than a day after the vendor disclosed it. MOVEit Transfer is a managed file transfer (MFT) solution used in enterprise environments to securely transfer files between business partners and customers using the SFTP, SCP, and HTTP protocols. The…

The June 2024 optional update for Windows 10 is now available. Today’s update brings KB5039299 for Windows 10 version 22H2 with up to ten bug fixes or changes. This update bumps Windows 10 22H2 to Build 19045.4598. Since this is an optional release, it doesn’t add new features but has several quality improvements. For example, Microsoft has patched an…

A novel Android attack vector from a piece of malware tracked as Snowblind is abusing a security feature to bypass existing anti-tampering protections in apps that handle sensitive user data. Snowblind’s goal is to repackage a target app to make them unable to detect abuse of accessibility services that allow it to obtain user input…

A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts with administrative privileges on websites running them. The attack was discovered by the Wordfence Threat Intelligence team yesterday, but the malicious injections appear to have occurred towards the end of last week,…

Over 100,000 sites have been impacted in a supply chain attack by the Polyfill.io service after a Chinese company acquired the domain and the script was modified to redirect users to malicious and scam sites. A polyfill is code, such as JavaScript, that adds modern functionality to older browsers that do not usually support it. For example, it…

The Medusa banking trojan for Android has re-emerged after almost a year of keeping a lower profile in campaigns targeting France, Italy, the United States, Canada, Spain, the United Kingdom, and Turkey. The new activity has been tracked since May and relies on more compact variants that require fewer permissions and come with fresh features…