April 20, 2024 at 05:07PM Threat actors are exploiting a GitHub flaw to distribute malware through URLs connected to a Microsoft repository, giving the files an appearance of legitimacy. This vulnerability can be abused with any public repository on GitHub, allowing for convincing lures. Despite attempts by McAfee and others to address this issue, the … Read more
April 19, 2024 at 03:03PM MITRE Corporation confirmed a state-backed hacking group breached its systems in January 2024 using two Ivanti VPN zero-days. The breach affected the NERVE network used for research. MITRE notified affected parties, authorities, and is restoring operational alternatives. The investigation found no impact on core systems and partners’ systems. CISA issued … Read more
April 19, 2024 at 11:30AM Around 22,500 Palo Alto GlobalProtect firewall devices are likely vulnerable to the critical CVE-2024-3400 flaw, which allows unauthenticated attackers to execute commands with root privileges. Palo Alto Networks released patches between April 14-18, 2024, addressing the vulnerability. Threat actors have actively exploited the flaw, with many unpatched systems remaining possibly … Read more
April 19, 2024 at 08:04AM The US government has issued guidance to enhance election infrastructure resilience against malign influence operations from China, Russia, and Iran. Tactics include using fake online accounts, enlisting individuals to promote narratives, and laundering influence through proxy entities. The agencies advise debunking narratives, securing systems, and working with trusted sources to … Read more
April 18, 2024 at 02:15AM Microsoft Threat Intelligence team has observed threat actors exploiting vulnerabilities in the OpenMetadata platform to access Kubernetes workloads for cryptocurrency mining. These flaws, discovered by Alvaro Muñoz, enable authentication bypass and code execution. Threat actors conduct reconnaissance activities, establish command-and-control communications, and deploy crypto-mining malware. Users are urged to update … Read more
April 17, 2024 at 10:01AM Cisco’s Talos unit warns of mass brute-force attacks targeting VPN services, web application authentication interfaces, and SSH services. The attacks, originating from Tor exit nodes, use generic and valid usernames, affecting various services. Cisco observed a significant increase in these attacks and has added the associated IP addresses to its … Read more
April 16, 2024 at 02:38PM A critical vulnerability, tracked as CVE-2024-3400, has been actively exploited in Palo Alto Networks’ PAN-OS firewall software. Threat actors can execute arbitrary code as root via command injection, impacting PAN-OS 10.2, 11.0, and 11.1. Palo Alto Networks is releasing hotfixes, urging users to disable certain features and providing threat prevention … Read more
April 16, 2024 at 12:14PM Cisco warns about a global large-scale brute force attack targeting VPN and SSH services on various devices. The attack involves a mix of valid and generic employee usernames, started on March 18, 2024, and uses anonymization tools. It targets a range of services and lacks a specific focus, with possible … Read more
April 12, 2024 at 07:36AM Palo Alto Networks warns of a severe OS command injection vulnerability (CVE-2024-3400) in PAN-OS GlobalProtect, allowing arbitrary code execution with root privileges on affected firewalls. Remediation patches are expected by the end of the week. Customers are advised to check and apply mitigations to prevent exploitation. Volexity is credited for … Read more
April 11, 2024 at 09:24AM The US Cyber Command (USCYBERCOM) conducted ‘hunt forward’ operations in over a dozen countries last year, aiming to monitor and deter adversaries. General Timothy D. Haugh, commander of USCYBERCOM, shared this information with the Senate Committee on Armed Services. These missions led to the public release of 90 malware samples … Read more