Tag Palo Alto Networks

November 10, 2024

Palo Alto Networks Provides Remediation Steps for Exploited Critical Vulnerability in PAN-OS On April 26, 2024, Palo Alto Networks released guidance to address a severe security vulnerability in PAN-OS that is currently being actively exploited. Identified as CVE-2024-3400, this flaw has a CVSS score of 10.0 and could allow attackers to execute unauthenticated remote shell commands on affected devices. The issue has been patched in various versions of PAN-OS 10.2.x, 11.0.x, and 11.1.x. Evidence indicates that the vulnerability has been leveraged as a zero-day exploit since at least March 26, 2024, by a threat group known as UTA0218. This operation, dubbed Operation MidnightEclipse, involves deploying a Python-based backdoor named UPSTYLE, which can execute commands through specially designed requests. Although these intrusions have not been definitively linked to any known threat actor or organization, observers suspect they may be the work of a state-sponsored hacking group, given the sophistication of the tactics used and the nature of the targets involved. Updated remediation advice has been provided by Palo Alto Networks.

Palo Alto Networks has released essential remediation guidance in response to a critical security vulnerability affecting its PAN-OS software, which is currently under active exploitation. This vulnerability, identified as CVE-2024-3400 and rated with a maximum CVSS score of 10.0, poses a significant risk by allowing unauthenticated remote command execution on…

November 5, 2024

Confused Libra Redirects Attention to SaaS and Cloud for Extortion and Data Theft Tactics

The cyber threat actor known as Muddled Libra has been identified as actively targeting software-as-a-service (SaaS) applications and cloud service providers (CSPs) with the intent to exfiltrate confidential information. This malicious activity underscores an increasing trend where organizations store diverse sets of data within SaaS platforms and leverage CSP services,…

November 3, 2024

Navigating the Intricacies of the AI Supply Chain: Ensuring Pipeline Security Webinar.

Recent developments in AI security highlight the escalating complexity of the AI supply chain, a critical aspect often overlooked in cybersecurity discussions. This emerging area involves numerous interconnected components, including data sources, machine learning models, application programming interfaces (APIs), and the underlying infrastructure, all situated within increasingly dynamic cloud environments.…

November 2, 2024

CISA Issues Warning About Actively Exploited Apache Flink Security Flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a significant security vulnerability affecting Apache Flink to its Known Exploited Vulnerabilities (KEV) catalog. This announcement, made on Thursday, highlights the potential risks associated with an open-source framework widely used for unified stream processing and batch processing, amid reports…

November 1, 2024

North Korean Hackers Collaborate with Play Ransomware in Worldwide Cyber Assault

North Korean State-Sponsored Group Partners with Ransomware Actors in Recent Cyberattack A recent report from Palo Alto Networks’ Unit 42 highlights alarming developments in the cybersecurity landscape, revealing a collaboration between the North Korean state-sponsored threat group known as Jumpy Pisces and the financially motivated Play ransomware group. This incident…

November 1, 2024

RedTail Crypto-Mining Malware Targets Vulnerability in Palo Alto Networks Firewall

RedTail Malware Targets Palo Alto Networks Firewalls in Latest Cyber Attack Recently, cybersecurity analysts have identified an alarming development involving the RedTail cryptocurrency mining malware, which has integrated a newly disclosed vulnerability affecting Palo Alto Networks firewalls into its repertoire of exploits. This vulnerability, cataloged as CVE-2024-3400, has received a…

October 30, 2024

Iranian Hackers Initiate Devastating Cyber Attacks Targeting Israeli Technology and Education Industries

Israeli Higher Education and Tech Sectors Targeted in Sophisticated Cyber Attacks Israeli higher education and technology institutions have faced a wave of cyber attacks that began in January 2023, with attackers aiming to deploy previously unknown wiper malware. These targeted breaches included attempted data theft and the installation of malware…

October 28, 2024

Mustang Panda Hackers Target Philippine Government Amid Rising South China Sea Tensions

Recent reports reveal that the Mustang Panda hacking group, linked to China, has executed a cyberattack aimed at a government entity in the Philippines. This incident occurs amidst escalating tensions between the Philippines and China concerning territorial disputes in the South China Sea, highlighting the geopolitical implications of cybersecurity in…

October 26, 2024

North Korean Cybercriminals Distributing Malware Through Phony Interviews

Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime Hackers Breach Software Libraries to Distribute Malware Akshaya Asokan (asokan_akshaya) • October 25, 2024 Recent investigations by security experts have revealed a disturbing trend involving backdoored software packages found within the NPM library, indicative of an ongoing cyber operation…