Category: Kamban

A group of suspected Chinese cyberespionage actors named ‘Velvet Ant’ are deploying custom malware on F5 BIG-IP appliances to gain a persistent connection to the internal network and steal data. According to a Sygnia report who discovered the intrusion after they were called in to investigate the cyberattack, Velvet Ant established multiple footholds using various…

A 22-year-old British national allegedly linked to the Scattered Spider hacking group and responsible for attacks on 45 U.S. companies has been arrested in Palma de Mallorca, Spain. The suspect is suspected of being a leader of a cybercrime gang dedicated to stealing data and cryptocurrencies from organizations and then extorting them for not publishing…

A new speculative execution attack named “TIKTAG” targets ARM’s Memory Tagging Extension (MTE) to leak data with over a 95% chance of success, allowing hackers to bypass the security feature. The paper, co-signed by a team of Korean researchers from Samsung, Seoul National University, and the Georgia Institute of Technology, demonstrates the attack against Google Chrome…

Microsoft has announced new cybersecurity enhancements for Outlook personal email accounts as part of its ‘Secure Future Initiative,’ including the deprecation of basic authentication (username + password) by September 16, 2024. The software giant also announced the end of support for ‘Mail’ and ‘Calendar’ apps on Windows, the deprecation of Outlook Light, and removing users’ ability…

ASUS has released a new firmware update that addresses a vulnerability impacting seven router models that allow remote attackers to log in to devices. The flaw, tracked as CVE-2024-3080 (CVSS v3.1 score: 9.8 “critical”), is an authentication bypass vulnerability allowing unauthenticated, remote attackers to take control of the device. ASUS says the issue impacts the following router…

Image: Midjourney A newly discovered Linux malware dubbed ‘DISGOMOJI’ uses the novel approach of utilizing emojis to execute commands on infected devices in attacks on government agencies in India. The malware was discovered by cybersecurity firm Volexity, which believes it is linked to a Pakistan-based threat actor known as ‘UTA0137.’ “In 2024, Volexity identified a…

Image: Keytronic PCBA manufacturing giant Keytronic is warning it suffered a data breach after the Black Basta ransomware gang leaked 530GB of the company’s stolen data two weeks ago. Key Tronic, better known as Keytronic, is an American technology company that initially started as an Original Equipment Manufacturer (OEM) of keyboards and mice but is now one of…

Mozilla Firefox finally allows you to further protect local access to stored credentials in the browser’s password manager using your device’s login, including a password, fingerprint, pin, or other biometrics. To be clear, this new feature does not protect against information-stealing malware but rather prevents people with physical or remote access to the device from…

NHS England revealed today that multiple London hospitals impacted by last week’s Synnovis ransomware attack were forced to cancel hundreds of planned operations and appointments. Formerly known as Viapath, Synnovis was established as GSTS Pathology in 2009 and switched to the Synnovis brand in October 2022. The organization was established as a partnership between SYNLAB…