Recent reports reveal that the Mustang Panda hacking group, linked to China, has executed a cyberattack aimed at a government entity in the Philippines. This incident occurs amidst escalating tensions between the Philippines and China concerning territorial disputes in the South China Sea, highlighting the geopolitical implications of cybersecurity in…
Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime Hackers Breach Software Libraries to Distribute Malware Akshaya Asokan (asokan_akshaya) • October 25, 2024 Recent investigations by security experts have revealed a disturbing trend involving backdoored software packages found within the NPM library, indicative of an ongoing cyber operation…
A significant extortion campaign has emerged, targeting various organizations by exploiting publicly accessible environment variable files (commonly ending in .env) that contain sensitive credentials for cloud and social media applications. This alarming trend underscores the vulnerabilities in data security practices across industries. According to a report by Palo Alto Networks’…
OpenSSH Vulnerability Exposes Critical Risk to Linux Systems In a significant development for cybersecurity, the maintainers of OpenSSH have issued urgent security updates addressing a severe vulnerability that may allow unauthenticated remote code execution with root-level access on glibc-based Linux systems. This vulnerability, designated CVE-2024-6387 and dubbed "regreSSHion," resides within…
The Mispadu banking Trojan has been identified as leveraging a recently patched vulnerability in Windows SmartScreen to target users in Mexico. This malware, which first appeared in 2019, has evolved into a new variant that cybercriminals are utilizing to gain unlawful access to sensitive information. According to a report from…
Palo Alto Networks has issued critical security updates in response to five vulnerabilities affecting its products, including a significant flaw that poses an authentication bypass risk. This vulnerability, identified as CVE-2024-5910, has been assigned a high CVSS score of 9.3 and pertains to a missing authentication issue in the Expedition…
Palo Alto Networks has issued an urgent warning regarding a critical vulnerability affecting its PAN-OS software utilized in GlobalProtect gateways, noting that this flaw is currently being actively exploited in the wild. Designated as CVE-2024-3400, this vulnerability carries a maximum CVSS score of 10.0, underscoring its potential severity and urgency…
A significant cyber threat has emerged, characterized by the exploitation of a recently uncovered zero-day vulnerability in Palo Alto Networks PAN-OS software. This flaw has been active since March 26, 2024, well before its public disclosure, which occurred yesterday. Unit 42, a division of Palo Alto Networks, has initiated a…
Palo Alto Networks has issued urgent hotfixes in response to a critical security vulnerability affecting its PAN-OS software that is currently being exploited in live environments. This vulnerability, identified as CVE-2024-3400, has received the highest severity rating with a CVSS score of 10.0. It involves a command injection flaw within…
