vulnerability

Palo Alto Networks Shares Remediation Advice for Hacked Firewalls

by

April 25, 2024 at 10:15AM Palo Alto Networks shared remediation instructions for organizations affected by the CVE-2024-3400 firewall vulnerability. They advise updating to the latest PAN-OS hotfix for unsuccessful exploitation attempts. Companies detecting potential exfiltration or interactive command execution should perform private data resets and factory resets, respectively. The zero-day exploit has seen increasing exploitation … Read more

State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage

by

April 25, 2024 at 03:01AM A new state-sponsored malware campaign, named ArcaneDoor by Cisco Talos, used two zero-day flaws in Cisco networking gear to deploy custom malware for covert data collection. The U.S. CISA added the vulnerabilities to its KEV catalog, requiring federal agencies to apply fixes by May 1, 2024. The campaign exemplifies increased … Read more

CrushFTP Patches Exploited Zero-Day Vulnerability

by

April 22, 2024 at 09:33AM CrushFTP issued patches for a zero-day vulnerability affecting versions 9, 10, and 11. The flaw could allow an unauthenticated attacker to access system files. DMZ server users are protected. Version 10.71 and 11.1.0 have patches. Customers on version 9 should upgrade. The vulnerability has been exploited in the wild, and … Read more

Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack

by

April 20, 2024 at 01:57AM Palo Alto Networks has disclosed a critical security flaw, CVE-2024-3400, in PAN-OS being actively exploited by threat actors. The flaw allows unauthenticated remote shell command execution via a two-stage attack. The company has expanded patches to cover affected software versions and recommends applying hotfixes to mitigate potential threats. CISA has … Read more

Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks

by

April 20, 2024 at 01:57AM Users of CrushFTP are urged to update to version 11.1 following the discovery of a security flaw that has been exploited. Customers in a DMZ restricted environment are protected. The vulnerability, discovered by Simon Garrelou, allows users to download system files. CrowdStrike observed targeted exploits in the wild, mainly on … Read more

CrushFTP warns users to patch exploited zero-day “immediately”

by

April 19, 2024 at 06:36PM CrushFTP issued a private memo warning about an actively exploited zero-day vulnerability. It enables attackers to escape the user’s file system and download system files. While servers using a DMZ perimeter network are protected, customers are urged to patch immediately. The vulnerability, reported on April 19th, affects CrushFTP versions 9 … Read more

22,500 Palo Alto firewalls “possibly vulnerable” to ongoing attacks

by

April 19, 2024 at 11:30AM Around 22,500 Palo Alto GlobalProtect firewall devices are likely vulnerable to the critical CVE-2024-3400 flaw, which allows unauthenticated attackers to execute commands with root privileges. Palo Alto Networks released patches between April 14-18, 2024, addressing the vulnerability. Threat actors have actively exploited the flaw, with many unpatched systems remaining possibly … Read more

Cisco discloses root escalation flaw with public exploit code

by

April 17, 2024 at 01:28PM Cisco has issued patches for a high-severity vulnerability in its Integrated Management Controller (IMC), allowing local attackers to escalate privileges to root using crafted CLI commands. The flaw, tracked as CVE-2024-20295, affects various Cisco devices and has a public exploit code available. Cisco has also observed recent zero-day attacks on … Read more

Exploit code for Palo Alto Networks zero-day now public

by

April 17, 2024 at 09:40AM Researchers have released proof-of-concept (PoC) exploits for a critical vulnerability in Palo Alto Networks’ PAN-OS used in GlobalProtect gateways. The PoCs were issued shortly after the vendor began releasing hotfixes. Exploits can lead to remote code execution and may affect a large number of organizations. Patching is strongly recommended. Key … Read more

Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign

by

April 17, 2024 at 07:12AM Cybersecurity researchers have uncovered a new campaign exploiting a vulnerability in Fortinet FortiClient EMS devices, allowing unauthorized code execution. The campaign, tracked by Forescout as Connect:fun, utilizes ScreenConnect and Metasploit Powerfun. Organizations are urged to patch the CVE-2023-48788 vulnerability, monitor for suspicious activity, and use a web application firewall for … Read more