April 15, 2024 at 09:04AM Palo Alto Networks is addressing a zero-day vulnerability that has been exploited since March 26th to backdoor PAN-OS firewalls. The flaw affects certain firewalls and can be exploited remotely to gain root code execution. Hotfixes have been released, and additional security measures are available. The active exploitation has been confirmed … Read more
April 15, 2024 at 06:54AM Palo Alto Networks has released hotfixes for a zero-day vulnerability (CVE-2024-3400) targeted by state-sponsored actors. Vulnerable firewalls allow remote attackers to execute code with root privileges. Initial mitigations were issued, and more hotfixes are expected. Exploited devices facilitated data exfiltration and deployment of a new Python backdoor. Links to BianLian/Lazarus … Read more
April 15, 2024 at 04:21AM Palo Alto Networks has released hotfixes to address a critical security flaw (CVE-2024-3400) in PAN-OS software that is actively exploited. The flaw allows unauthenticated attackers to execute arbitrary code with root privileges on firewalls. This impacts specific PAN-OS versions and cloud-deployed firewall VMs. Threat actors have been leveraging the flaw, … Read more
April 13, 2024 at 05:27AM Threat actors have been actively exploiting a critical zero-day flaw (CVE-2024-3400) in Palo Alto Networks PAN-OS software, allowing unauthorized code execution. Dubbed Operation MidnightEclipse, the attack involves creating cron jobs to run commands from an external server, triggering a Python-based backdoor. The actor UTA0218 displays advanced capabilities and likely state-backing. … Read more
April 11, 2024 at 07:45AM TA547, a threat actor, has initiated an invoice-themed phishing campaign targeting German organizations with the Rhadamanthys information stealer. This marks the first instance of TA547 using Rhadamanthys, possibly with a language model-generated PowerShell script. The group has also evolved into an initial access broker for ransomware attacks, employing geofencing tricks … Read more
April 7, 2024 at 01:43PM Home Depot confirmed a data breach caused by a third-party SaaS vendor’s mistake, exposing limited employee data potentially used for phishing attacks. The data leak affects about 10,000 employees, potentially leading to targeted phishing efforts. IntelBroker, a known threat actor, leaked the data on a hacking forum. Home Depot advises … Read more
April 4, 2024 at 07:03PM Visa issued a security alert warning about increased detections of the JsOutProx malware targeting financial institutions in South and Southeast Asia, the Middle East, and Africa. The malware provides remote access and can execute various malicious activities. Mitigation actions and indicators of compromise were recommended, and the campaign involved phishing … Read more
April 3, 2024 at 05:06PM A security vendor reports that a China-linked threat actor gained access to a router configuration database, posing a significant risk of completely disrupting coverage. Based on the meeting notes, it is apparent that a China-linked threat actor had access to a router configuration database that posed a significant risk of … Read more
April 3, 2024 at 02:57PM The U.S. Department of State is investigating a cyber incident where documents were allegedly stolen from a government contractor, Acuity. The leaked data includes information belonging to the Five Eyes intelligence alliance. The threat actor, known as IntelBroker, has been linked to other cyber incidents involving government agencies and organizations, … Read more
March 27, 2024 at 01:15AM China-linked APT groups have targeted ASEAN member countries in a cyber espionage campaign. Mustang Panda used phishing emails and malware to attack entities during the ASEAN-Australia Special Summit. Trend Micro also uncovered a new threat actor called Earth Krahang targeting 116 entities across 35 countries. Leaked documents from I-Soon revealed … Read more