Category: Kamban

​After Office 2024 launches in October, Microsoft will disable ActiveX controls by default in Word, Excel, PowerPoint, and Visio client apps. ActiveX is a legacy software framework introduced in 1996 that enables developers to create interactive objects that can be embedded in Office documents. Redmond will start by turning off ActiveX controls in documents opened…

A new Android malware named SpyAgent uses optical character recognition (OCR) technology to steal cryptocurrency wallet recovery phrases from screenshots stored on the mobile device. A cryptocurrency recovery phrase, or seed phrase, is a series of 12-24 words that acts as a backup key for a cryptocurrency wallet. These phrases are used to restore access…

SonicWall is warning that a recently fixed access control flaw tracked as CVE-2024-40766 in SonicOS is now “potentially” exploited in attacks, urging admins to apply patches as soon as possible. “This vulnerability is potentially being exploited in the wild. Please apply the patch as soon as possible for affected products. The latest patch builds are available…

Enterprise Ransomware Protection: Why It Matters A ransomware attack can be one of the most damaging types of cybercrime any business can face. And this is a threat that every company must be prepared to deal with sooner or later. Data from Statista shows that as of 2023, more than 72 percent of businesses worldwide…

In the first half of 2024, we observed 396 undisclosed ransomware attacks on the manufacturing industry – amounting to 17% of all undisclosed attacks we recorded during this period. This trend underscores the growing targeting of this sector by ransomware groups. In this article, we will examine some of the largest attacks to date, explore…

Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers. OFBiz is a suite of customer relationship management (CRM) and enterprise resource planning (ERP) business applications that can also be used as a Java-based web framework…

Microsoft announced today that it has partnered with StopNCII to proactively remove harmful intimate images and videos from Bing using digital hashes people create from their sensitive media. StopNCII is a project operated by the Revenge Porn Helpline that allows people to create digital hashes of their intimate pictures and videos without uploading the media from…

Yet, another critical severity vulnerability has been discovered in LiteSpeed Cache, a caching plugin for speeding up user browsing in over 6 million WordPress sites. The flaw, tracked as CVE-2024-44000 and categorized as an unauthenticated account takeover issue, was discovered by Patchstack’s Rafie Muhammad on August 22, 2024. A fix was made available yesterday with the…

Image: MidjourneyThe United States and its allies have linked a group of Russian military intelligence hackers (tracked as Cadet Blizzard and Ember Bear) to Unit 29155 of Russia’s Main Directorate of the General Staff of the Armed Forces. In a joint advisory published today, the Russian hackers, known for deploying WhisperGate data-wiping malware in Ukraine…

Hackers are targeting other hackers with a fake OnlyFans tool that claims to help steal accounts but instead infects threat actors with the Lumma stealer information-stealing malware. The operation, discovered by Veriti Research, constitutes a characteristic example of the blurred lines between being a predator or prey in the world of cybercrime, where ironic twists…