Platformization is key to reduce cybersecurity complexity

Organizations are facing security complexity challenges as they juggle an average of 83 different security solutions from 29 vendors, according to a report by IBM and Palo Alto Networks. It also shows 7 out of 10 surveyed companies with a high degree o… Continue reading Platformization is key to reduce cybersecurity complexity

Palo Alto Networks Addresses Impact of BIOS, Bootloader Vulnerabilities on Its Firewalls

Eclypsium warns that Palo Alto Networks firewalls are impacted by BIOS and bootloader flaws, but the vendor says users should not be concerned.
The post Palo Alto Networks Addresses Impact of BIOS, Bootloader Vulnerabilities on Its Firewalls appeared f… Continue reading Palo Alto Networks Addresses Impact of BIOS, Bootloader Vulnerabilities on Its Firewalls

Researchers reveal exploitable flaws in corporate VPN clients

Researchers have discovered vulnerabilities in the update process of Palo Alto Networks (CVE-2024-5921) and SonicWall (CVE-2024-29014) corporate VPN clients that could be exploited to remotely execute code on users’ devices. CVE-2024-5921 CVE-202… Continue reading Researchers reveal exploitable flaws in corporate VPN clients

Active network of North Korean IT front companies exposed

An analysis of the websites belonging to companies that served as a front for getting North Korean IT workers remote jobs with businesses worldwide has revealed an active network of such companies originating in China. Unearthing North Korean IT front … Continue reading Active network of North Korean IT front companies exposed

2,000 Palo Alto Networks devices compromised in latest attacks

Attackers have compromised around 2,000 Palo Alto Networks firewalls by leveraging the two recently patched zero-days (CVE-2024-0012 and CVE-2024-9474), Shadowserver Foundation’s internet-wide scanning has revealed. Compromised devices are predom… Continue reading 2,000 Palo Alto Networks devices compromised in latest attacks

Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910)

A vulnerability (CVE-2024-5910) in Palo Alto Networks Expedition, a firewall configuration migration tool, is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Thursday. About CVE-2024-59… Continue reading Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910)

North Korean hackers pave the way for Play ransomware

North Korean state-sponsored hackers – Jumpy Pisces, aka Andariel, aka Onyx Sleet – have been spotted burrowing into enterprise systems, then seemingly handing matters over to the Play ransomware group. Timeline of the attack (Source: Palo … Continue reading North Korean hackers pave the way for Play ransomware

Palo Alto Networks extends security into harsh industrial environments

The convergence of IT and operational technology (OT) and the digital transformation of OT have created new opportunities for innovation and efficiency in critical Industrial Automation and Control Systems. However, these advancements also broaden the … Continue reading Palo Alto Networks extends security into harsh industrial environments

Windows users targeted with fake human verification pages delivering malware

For a while now, security researchers have been warning about fake human verification pages tricking Windows users into inadvertently installing malware. A recently exposed campaign showed how some users end up on these pages. Beware of fake human veri… Continue reading Windows users targeted with fake human verification pages delivering malware