The NSA AISC recently released a cybersecurity information sheet called “Deploying AI Systems Securely”. This sheet was developed in partnership with CISA, the FBI, ASD ACSC, CCCS, NCSC-NZ, and NCSC-UK. The guidance provides best practices for deploying and operating externally developed artificial intelligence (AI) systems and aims to: Improve the …

LightSpy mobile espionage campaign, which focuses on targets in Southern Asia and probably India, potentially indicating a renewed focus and grow tensions in the region. VirusTotal submissions from India suggest potential victims within its borders, aligning with recent warnings by Apple on detections within the same country. Technical Details: Infection …

Palo Alto Networks released hotfixes to fix a serious security flaw in PAN-OS software, being actively exploited. The CVE-2024-3400 vulnerability has a critical CVSS score of 10.0. It is a command injection flaw in the  globalProtect feature that allows an unauthenticated attacker to run any code with root privileges on …

Checkmarx researchers found that hackers are using GitHub search results to distribute long-lasting malware to developers’ computers. The attackers in this campaign make harmful repositories with popular names and topics. They use techniques like automated updates and fake stars to improve search rankings. “By leveraging GitHub Actions, the attackers automatically …

Google Cloud and Palo Alto Networks to announce the release of Google Cloud Next-Generation Firewall (NGFW) Enterprise. The managed firewall service, powered by Palo Alto Networks security technology, provides strong threat prevention features needed for cloud-based business operations. Google Cloud NGFW Enterprise provides advanced Layer 7 security features to protect …

The Bitdefender GravityZone Update Server is vulnerable to server-side request forgery (SSRF) because of an incorrect regular expression. Bitdefender’s GravityZone: Bitdefender’s GravityZone Update Server has a critical vulnerability with a CVSS score of 8.1. It could allow an attacker remote network access to compromise the server with low privileges. Bitdefender …

A critical zero-day vulnerability in Palo Alto Networks’ PAN-OS software. It is being used by attackers, but there are no patches to fix it yet. Palo Alto Networks issued an alert on April 12, 2024, thanking cybersecurity firm Volexity for discovering the flaw. There is a command injection vulnerability in …

CISA has launched a new initiative, making its advanced malware analysis system, Malware Next-Gen, available to the public. Malware Next-Gen is a new and innovative way to find and fight against cyber threats and harmful software. This new platform allows governments, private organizations, security researchers, and individuals to submit malware …

Palo Alto Networks released security updates to high severity vulnerabilities in its PAN-OS operating system. The company fixed the following DoS vulnerabilities: CVE-2024-3385 – A vulnerability in the PAN-OS software of Palo Alto Networks allows remote attackers to reboot hardware firewalls. Continuous attacks can lead to a DoS situation by …

CISA has ordered U.S. federal agencies to address risks from the breach of multiple Microsoft email accounts by the Russian APT29 hacking group. Emergency Directive 24-02 requires Federal Civilian Executive Branch (FCEB) agencies to investigate affected emails, reset any compromised credentials, and secure privileged Microsoft Azure accounts. CISA reports that …