Category: Kamban

​Cox Communications has fixed an authorization bypass vulnerability that enabled remote attackers to abuse exposed backend APIs to reset millions of modems’ settings and steal customers’ sensitive personal information. Cox is the largest private broadband company in the U.S., providing internet, television, and phone services over fiber-powered networks to almost seven million homes and businesses…

A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the Have I Been Pwned data breach notification service, allowing anyone to check if their accounts have been compromised. Cybersecurity researchers collected these credentials from numerous Telegram cybercrime channels, where the…

​Security researchers at Tenable discovered what they describe as a high-severity vulnerability in Azure Service Tag that could allow attackers to access customers’ private data. Service Tags are groups of IP addresses for a specific Azure service used for firewall filtering and IP-based Access Control Lists (ACLs) when network isolation is needed to safeguard Azure…

Cloud security is a crucial component of the digital era. With that in mind, the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) collaborated to issue five joint cybersecurity bulletins on best practices aimed at enhancing security for cloud services. These bulletins address critical aspects such as identity and access management, key…

Researchers have published a proof-of-concept (PoC) exploit script demonstrating a chained remote code execution (RCE) vulnerability on Progress Telerik Report Servers. The Telerik Report Server is an API-powered end-to-end encrypted report management solution organizations use to streamline the creation, sharing, storage, distribution, and scheduling of reports. Cybersecurity researcher Sina Kheirkha developed the exploit with the…

Verizon customers using Android phones report that they receive blurry images through text messages on different services and apps, with no response from Verizon as to why. Verizon Communications is the second-largest wireless carrier and the largest LTE network operator in the United States, estimated to serve nearly 145 million subscribers. Some report that the…

NET::ERR_CERT_COMMON_NAME_INVALID is an error that occurs in web browsers when there is a mismatch in the domain name and common name. A common name is the fully qualified domain name (FQDN) of the SSL Certificate. SSL certificates are issued to initiate HTTPS protocol. The protocol is responsible for encryption functions. Through encryption, all communications and…

AI platform Hugging Face says that its Spaces platform was breached, allowing hackers to access authentication secrets for its members. Hugging Face Spaces is a repository of AI apps created and submitted by the community’s users, allowing other members to demo them. “Earlier this week our team detected unauthorized access to our Spaces platform, specifically…

Spanish police have dismantled a network of illegal media content distribution that, since the start of its operations in 2015, has made over $5,700,000. The investigation began in November 2022 following a complaint submitted by the Alliance for Creativity and Entertainment (ACE), which reported two web pages for violations of intellectual property rights. Those sites hosted…

Google is continuing with its plan to phase out Manifest V2 extensions in Chrome starting in early June 2024, weakening the abilities of ad blockers.  Google says this decision was made based on the community’s progress and feedback, which were deemed satisfactory to continue without further delays. Starting June 3, 2024, with Chrome version 127,…