Palo Alto Networks released security updates to high severity vulnerabilities in its PAN-OS operating system. The company fixed the following DoS vulnerabilities: CVE-2024-3385 – A vulnerability in the PAN-OS software of Palo Alto Networks allows remote attackers to reboot hardware firewalls. Continuous attacks can lead to a DoS situation by …

CISA has ordered U.S. federal agencies to address risks from the breach of multiple Microsoft email accounts by the Russian APT29 hacking group. Emergency Directive 24-02 requires Federal Civilian Executive Branch (FCEB) agencies to investigate affected emails, reset any compromised credentials, and secure privileged Microsoft Azure accounts. CISA reports that …

ESET researchers found a spying campaign targeting Android users. The campaign uses fake messaging apps that include XploitSPY malware. The campaign, called eXotic Visit, has been active from November 2021 to the end of 2023. Malicious Android apps were distributed through targeted campaigns using dedicated websites and the Google Play …

CISA issued nine advisories about Industrial Control Systems (ICS) on April 11, 2024. These advisories give important information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-102-01 Siemens SIMATIC S7-1500 ICSA-24-102-02 Siemens SIMATIC WinCC ICSA-24-102-03 Siemens RUGGEDCOM APE1808 before V11.0.1 ICSA-24-102-04 Siemens RUGGEDCOM APE1808 ICSA-24-102-05 Siemens Scalance W1750D ICSA-24-102-06 …

Apple warned users in 91 other countries about a possible “mercenary spyware attack”. Apple notified Reuters that the company found evidence of attackers attempting to remotely compromise iPhones. Mercenary spyware attacks are rare but much more sophisticated than regular cybercriminal activity or malware, as stated in the email. Apple also …

CISA has launched a new malware analysis system called Malware Next-Gen. It allows organizations to submit malware samples and suspicious artifacts for analysis, helping CISA to better support partners by automating analysis of new malware and improving cyber defense efforts. Network defenders need timely and useful information about malware, including …

Google has launched an updated version of Find My Device, which helps people keep track of their numerous devices more easily. This new version also allows users to track their phones even when they are turned off or have run out of battery. Android users with devices other than phones …

Microsoft fixed two zero-day vulnerabilities in April 2024 Patch Tuesday, but they didn’t label them as such at first. CVE-2024-26234 is a vulnerability that involves a malicious driver being signed with a valid Microsoft Hardware Publisher Certificate. It was discovered by Sophos X-Ops in December 2023 and reported by team …

Microsoft released a patch on Tuesday, April 2024. It includes security updates for 150 flaws and 67 remote code execution bugs. Only three important vulnerabilities were fixed by Patch Tuesday. However, there are more than sixty-seven remote code execution bugs. The majority of these bugs are located in Microsoft SQL …

Fortinet has released security updates for various products, including OS and FortiProxy, to fix vulnerabilities that could allow a cyber threat actor to take control of a system. CISA encourages users and administrators to take the following steps for enhanced security: FR-IR-23-345 FortiClientMac – Lack of configuration file validation: An …