Collaborate Disseminate
Researchers have discovered vulnerabilities in the update process of Palo Alto Networks (CVE-2024-5921) and SonicWall (CVE-2024-29014) corporate VPN clients that could be exploited to remotely execute code on users’ devices. CVE-2024-5921 CVE-202… Continue reading Researchers reveal exploitable flaws in corporate VPN clients
An analysis of the websites belonging to companies that served as a front for getting North Korean IT workers remote jobs with businesses worldwide has revealed an active network of such companies originating in China. Unearthing North Korean IT front … Continue reading Active network of North Korean IT front companies exposed
Attackers have compromised around 2,000 Palo Alto Networks firewalls by leveraging the two recently patched zero-days (CVE-2024-0012 and CVE-2024-9474), Shadowserver Foundation’s internet-wide scanning has revealed. Compromised devices are predom… Continue reading 2,000 Palo Alto Networks devices compromised in latest attacks
A critical security vulnerability in Palo Alto Networks’ Expedition tool is being actively exploited by hackers. CISA urges… Continue reading CISA Urges Patching of Critical Palo Alto Networks’ Expedition Tool Vulnerability
A vulnerability (CVE-2024-5910) in Palo Alto Networks Expedition, a firewall configuration migration tool, is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Thursday. About CVE-2024-59… Continue reading Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910)
North Korean state-sponsored hackers – Jumpy Pisces, aka Andariel, aka Onyx Sleet – have been spotted burrowing into enterprise systems, then seemingly handing matters over to the Play ransomware group. Timeline of the attack (Source: Palo … Continue reading North Korean hackers pave the way for Play ransomware
The convergence of IT and operational technology (OT) and the digital transformation of OT have created new opportunities for innovation and efficiency in critical Industrial Automation and Control Systems. However, these advancements also broaden the … Continue reading Palo Alto Networks extends security into harsh industrial environments
For a while now, security researchers have been warning about fake human verification pages tricking Windows users into inadvertently installing malware. A recently exposed campaign showed how some users end up on these pages. Beware of fake human veri… Continue reading Windows users targeted with fake human verification pages delivering malware
Palo Alto Networks has fixed medium- and high-severity vulnerabilities in PAN-OS, Cortex XDR, ActiveMQ Content Pack, and Prisma Access Browser.
The post Palo Alto Networks Patches Dozens of Vulnerabilities appeared first on SecurityWeek.
Continue reading Palo Alto Networks Patches Dozens of Vulnerabilities
Security researchers at Palo Alto Networks discover a threat actor extorting organizations after compromising their cloud environments using inadvertently exposed environment variables.
The post Cloud Misconfigurations Expose 110,000 Domains to Extorti… Continue reading Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign