Category: Kamban

Image: Midjourney Today, the Cybersecurity and Infrastructure Security Agency (CISA) warned that criminals are impersonating its employees in phone calls and attempting to deceive potential victims into transferring money. This is part of a broader trend in which fraudsters are trying to legitimize their scams by using government employees’s titles and names. “The Cybersecurity and…

Safety and location services company Life360 says it was the target of an extortion attempt after a threat actor breached and stole sensitive information from a Tile customer support platform. Life360 provides real-time location tracking, crash detection, and emergency roadside assistance services to more than 66 million members worldwide. In December 2021, it acquired Bluetooth…

Microsoft has announced that the DirectAccess remote access solution is now deprecated and will be removed in a future release of Windows, recommending companies migrate to the ‘Always On VPN’ for enhanced security and continued support. DirectAccess is a bidirectional remote access technology introduced by Microsoft in Windows 7 and Windows Server 2008 R2, providing domain-joined…

The Ukraine cyber police have arrested a 28-year-old Russian man in Kyiv for working with Conti and LockBit ransomware operations to make their malware undetectable by antivirus software and conducting at least one attack himself. The investigation was backed by information shared by the Dutch police who responded to a ransomware attack on a Dutch multinational,…

The Black Basta ransomware operation is suspected of exploiting a Windows privilege escalation vulnerability (CVE-2024-26169) as a zero-day before a fix was made available. The flaw is a high-severity issue (CVSS v3.1: 7.8) in the Windows Error Reporting Service, allowing attackers to elevate their privileges to SYSTEM. Microsoft fixed the flaw on March 12, 2024,…

A Unified Communication Certificate (UCC), also known as a Multi-Domain SSL or SAN certificate, offers a streamlined and cost-effective solution. Originally designed for Microsoft Exchange and Office Communication servers, UCC SSL certificates allow you to secure up to 250 domains with a single certificate.  This article explores the benefits and workings of UCC SSL certificates.…

Pure Storage, a leading provider of cloud storage systems and services, confirmed on Monday that attackers breached its Snowflake workspace and gained access to what the company describes as telemetry information. While the exposed information also included customer names, usernames, and email addresses, it did not contain credentials for array access or any other data…

The TellYouThePass ransomware gang has been exploiting the recently patched CVE-2024-4577 remote code execution vulnerability in PHP to deliver webshells and execute the encryptor payload on target systems. Attacks started on June 8, less than 48 hours after the release of security updates by PHP’s maintainers, and relied on publicly available exploit code. TellYouThePass ransomware is…

Image: Midjourney A never-before-seen Windows malware named ‘Warmcookie’ is distributed through fake job offer phishing campaigns to breach corporate networks. According to Elastic Security Labs, which discovered the new threat, Warmcookie is capable of extensive machine fingerprinting, screenshot capturing, and the deployment of additional payloads. The campaign is currently underway, and the threat actors create new…

Image: Midjourney The Dutch Military Intelligence and Security Service (MIVD) warned today that the impact of a Chinese cyber-espionage campaign unveiled earlier this year is “much larger than previously known.” As the MIVD disclosed in February in a joint report with the General Intelligence and Security Service (AIVD), Chinese hackers exploited a critical FortiOS/FortiProxy remote…