Friday , November 22 2024

infosecbulletin

CISA, FBI Joint Guidance on Deploying AI Systems Securely

CISA

The NSA AISC recently released a cybersecurity information sheet called “Deploying AI Systems Securely”. This sheet was developed in partnership with CISA, the FBI, ASD ACSC, CCCS, NCSC-NZ, and NCSC-UK. The guidance provides best practices for deploying and operating externally developed artificial intelligence (AI) systems and aims to: Improve the …

Read More »

Blackberry blogs
“LightSpy” campaign targets Southern Asia, Possibly India

LightSpy

LightSpy mobile espionage campaign, which focuses on targets in Southern Asia and probably India, potentially indicating a renewed focus and grow tensions in the region. VirusTotal submissions from India suggest potential victims within its borders, aligning with recent warnings by Apple on detections within the same country. Technical Details: Infection …

Read More »

Palo Alto Releases Urgent Fixes for PAN-OS Vulnerability

palo alto network

Palo Alto Networks released hotfixes to fix a serious security flaw in PAN-OS software, being actively exploited. The CVE-2024-3400 vulnerability has a critical CVSS score of 10.0. It is a command injection flaw in the  globalProtect feature that allows an unauthenticated attacker to run any code with root privileges on …

Read More »

Hackers Manipulate GitHub Search to Deliver Malware to developer

flow chart

Checkmarx researchers found that hackers are using GitHub search results to distribute long-lasting malware to developers’ computers. The attackers in this campaign make harmful repositories with popular names and topics. They use techniques like automated updates and fake stars to improve search rankings. “By leveraging GitHub Actions, the attackers automatically …

Read More »

Google Cloud and Palo Alto Networks joins for Cloud-Native NGFW Service

Google cloud

Google Cloud and Palo Alto Networks to announce the release of Google Cloud Next-Generation Firewall (NGFW) Enterprise. The managed firewall service, powered by Palo Alto Networks security technology, provides strong threat prevention features needed for cloud-based business operations. Google Cloud NGFW Enterprise provides advanced Layer 7 security features to protect …

Read More »

ALERT
Bitdefender Critical Vulns Let Attackers Gain Control Over System

The Bitdefender GravityZone Update Server is vulnerable to server-side request forgery (SSRF) because of an incorrect regular expression. Bitdefender’s GravityZone: Bitdefender’s GravityZone Update Server has a critical vulnerability with a CVSS score of 8.1. It could allow an attacker remote network access to compromise the server with low privileges. Bitdefender …

Read More »

ZERO DAY ALERT
Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack

Palo alto

A critical zero-day vulnerability in Palo Alto Networks’ PAN-OS software. It is being used by attackers, but there are no patches to fix it yet. Palo Alto Networks issued an alert on April 12, 2024, thanking cybersecurity firm Volexity for discovering the flaw. There is a command injection vulnerability in …

Read More »

CISA Opens Malware Analysis Tool For Public Use

CISA has launched a new initiative, making its advanced malware analysis system, Malware Next-Gen, available to the public. Malware Next-Gen is a new and innovative way to find and fight against cyber threats and harmful software. This new platform allows governments, private organizations, security researchers, and individuals to submit malware …

Read More »

CISA immediately orders agencies to mitigate risk impacted by Microsoft hack

CISA

CISA has ordered U.S. federal agencies to address risks from the breach of multiple Microsoft email accounts by the Russian APT29 hacking group. Emergency Directive 24-02 requires Federal Civilian Executive Branch (FCEB) agencies to investigate affected emails, reset any compromised credentials, and secure privileged Microsoft Azure accounts. CISA reports that …

Read More »