Palo Alto Networks released hotfixes to fix a serious security flaw in PAN-OS software, being actively exploited. The CVE-2024-3400 vulnerability has a critical CVSS score of 10.0. It is a command injection flaw in the  globalProtect feature that allows an unauthenticated attacker to run any code with root privileges on …

Checkmarx researchers found that hackers are using GitHub search results to distribute long-lasting malware to developers’ computers. The attackers in this campaign make harmful repositories with popular names and topics. They use techniques like automated updates and fake stars to improve search rankings. “By leveraging GitHub Actions, the attackers automatically …

Google Cloud and Palo Alto Networks to announce the release of Google Cloud Next-Generation Firewall (NGFW) Enterprise. The managed firewall service, powered by Palo Alto Networks security technology, provides strong threat prevention features needed for cloud-based business operations. Google Cloud NGFW Enterprise provides advanced Layer 7 security features to protect …

The Bitdefender GravityZone Update Server is vulnerable to server-side request forgery (SSRF) because of an incorrect regular expression. Bitdefender’s GravityZone: Bitdefender’s GravityZone Update Server has a critical vulnerability with a CVSS score of 8.1. It could allow an attacker remote network access to compromise the server with low privileges. Bitdefender …

A critical zero-day vulnerability in Palo Alto Networks’ PAN-OS software. It is being used by attackers, but there are no patches to fix it yet. Palo Alto Networks issued an alert on April 12, 2024, thanking cybersecurity firm Volexity for discovering the flaw. There is a command injection vulnerability in …

CISA has launched a new initiative, making its advanced malware analysis system, Malware Next-Gen, available to the public. Malware Next-Gen is a new and innovative way to find and fight against cyber threats and harmful software. This new platform allows governments, private organizations, security researchers, and individuals to submit malware …

Palo Alto Networks released security updates to high severity vulnerabilities in its PAN-OS operating system. The company fixed the following DoS vulnerabilities: CVE-2024-3385 – A vulnerability in the PAN-OS software of Palo Alto Networks allows remote attackers to reboot hardware firewalls. Continuous attacks can lead to a DoS situation by …

CISA has ordered U.S. federal agencies to address risks from the breach of multiple Microsoft email accounts by the Russian APT29 hacking group. Emergency Directive 24-02 requires Federal Civilian Executive Branch (FCEB) agencies to investigate affected emails, reset any compromised credentials, and secure privileged Microsoft Azure accounts. CISA reports that …

ESET researchers found a spying campaign targeting Android users. The campaign uses fake messaging apps that include XploitSPY malware. The campaign, called eXotic Visit, has been active from November 2021 to the end of 2023. Malicious Android apps were distributed through targeted campaigns using dedicated websites and the Google Play …

CISA issued nine advisories about Industrial Control Systems (ICS) on April 11, 2024. These advisories give important information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-102-01 Siemens SIMATIC S7-1500 ICSA-24-102-02 Siemens SIMATIC WinCC ICSA-24-102-03 Siemens RUGGEDCOM APE1808 before V11.0.1 ICSA-24-102-04 Siemens RUGGEDCOM APE1808 ICSA-24-102-05 Siemens Scalance W1750D ICSA-24-102-06 …