Category: Kamban

Ariane Systems self check-in systems installed at thousands of hotels worldwide are vulnerable to a kiosk mode bypass flaw that could allow access to guests’ personal information and the keys for other rooms. These terminals allow people to book and check into the hotel themselves, handle the payment process via a POS subsystem, print invoices, and provision RFID…

Club Penguin fans hacked a Disney Confluence server to steal information about their favorite game but wound up walking away with 2.5 GB of internal corporate data, BleepingComputer has learned. Club Penguin was a multiplayer online game (MMO) from 2005 to 2018, featuring a virtual world where players could engage in games, activities, and chat…

Chinese state-sponsored actors have been targeting a government agency since at least March 2023 in a cyberespionage campaign that researchers track as Crimson Palace. According to a report from cybersecurity company Sophos, the campaign relied on new malware variants and three different activity clusters that indicate a coordinated attack. While initial access could not be determined,…

A ransomware attack that hit pathology services provider Synnovis on Monday and impacted several major NHS hospitals in London has now been linked to the Qilin ransomware operation. Ciaran Martin, the first CEO of the UK’s National Cyber Security Centre (NCSC), said that Qilin is likely behind the incident, which has locked Synnovis out of its systems…

Kali Linux has released version 2024.2, the first version of 2024, with eighteen new tools and fixes for the Y2038 bug. Kali Linux is a distribution created for cybersecurity professionals and ethical hackers to perform penetration testing, security audits, and research against networks. As is typical for the year’s first version, the Kali Team has…

Security researchers analyzing the relatively new RansomHub ransomware-as-a-service believe that it has evoloved from the currently defunct Knight ransomware project. RansomHub has a short history and operated mainly as a data theft and extortion group that sells stolen files to the highest bidder. The gang grabbed attention in mid-April when it leaked stolen data from United Health subsidiary Change Healthcare…

Northern Minerals issued an announcement earlier today warning that it suffered a cybersecurity breach resulting in some of its stolen data being published on the dark web. Northern Minerals is an Australian company focused on the exploration and development of heavy rare earth elements (HRE), specifically dysprosium and terbium, used in electronics, batteries, and aircraft. It…

Over the past week, attackers have hijacked high-profile TikTok accounts belonging to multiple companies and celebrities, exploiting a zero-day vulnerability in the social media’s direct messages feature. Zero-day vulnerabilities are security flaws with no official patch or public information detailing the underlying weakness. After being compromised, user accounts belonging to Sony, CNN, and Paris Hilton…

American Radio Relay League (ARRL) has shared more information about a May cyberattack that took its Logbook of the World offline and caused some members to become frustrated over the lack of information. ARRL is the national association for amateur radio in the United States, representing amateur radio interests to government regulatory bodies and promoting events and…