Category: Kamban

The Toronto District School Board (TDSB) is warning that it suffered a ransomware attack on its software testing environment and is now investigating whether any personal information was exposed. TDSB is Canada’s largest school board and the fourth largest in North America, responsible for the administration and management of 473 elementary, 110 secondary, and five…

U.S. food chain giant Panera Bread is notifying employees of a data breach after unknown threat actors stole their sensitive personal information in a March ransomware attack. The company and its franchises own 2,160 cafes under the names Panera Bread or Saint Louis Bread Co, spread across 48 states in the U.S. and Ontario, Canada. In breach notification…

Update June 13, 13:01 EDT: GrapheneOS says CVE-2024-32896 is the same as CVE-2024-29748. Google added a new CVE ID to track the Pixel fix for CVE-2024-29748, a vulnerability exploited by several forensics companies, as BleepingComputer reported in April. “It was exploited by forensics companies against users with apps like Wasted and Sentry trying to wipe the device when…

A proof-of-concept (PoC) exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been released, elevating the risk of being exploited in attacks. The exploit was developed by security researcher Sina Kheirkha, who also published a detailed post on his site. The post showcased that the flaw is practically more straightforward to…

YouTube reportedly now injects ads directly into video streams to make it more difficult for ad blockers to block advertisements. The report comes from SponsorBlock, a third-party browser extension that crowdsources data about which video segments contain sponsored content and skips them. SponsorBlock reports that server-side ad injection will break its functionality, though solutions are…

A new phishing campaign uses HTML attachments that abuse the Windows search protocol (search-ms URI) to push batch files hosted on remote servers that deliver malware. The Windows Search protocol is a Uniform Resource Identifier (URI) that enables applications to open Windows Explorer to perform searches using specific parameters. While most Windows searches will look at…

Amazon Web Services (AWS) has introduced FIDO2 passkeys as a new method for multi-factor authentication (MFA) to enhance account security and usability. Additionally, as announced last October, the internet company reminds us that ‘root’ AWS accounts must enable MFA by the end of July 2024. Passkeys on AWS FIDO2 passkeys are physical (hardware keys) or…

Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been targeted in attacks as a zero-day. Tracked as CVE-2024-32896, this elevation of privilege (EoP) flaw in the Pixel firmware has been rated a high-severity security issue. “There are indications that CVE-2024-32896 may be under…

Welcome to this week’s edition of the “Bi-Weekly Cyber Roundup” by Canary Trap. At Canary Trap, it is our mission to keep you up-to-date with the most crucial news in the world of cybersecurity and this bi-weekly publication is your gateway to the latest news. In this week’s roundup, we will bring you up to…

A new phishing kit has been released that allows red teamers and cybercriminals to create progressive web Apps (PWAs) that display convincing corporate login forms to steal credentials. A PWA is a web-based app created using HTML, CSS, and JavaScript that can be installed from a website like a regular desktop application. Once installed, the…