Uncategorized

Palo Alto Networks released a security advisory about vulnerabilities in its Expedition migration tool that could expose sensitive data and enable unauthorized actions on affected systems. Expedition, formerly the Migration Tool, is a free tool that helps users migrate to the Palo Alto Networks NGFW platform and provides a temporary …

Cybersecurity professionals serve as the first line of defense against hackers, hacktivists, and ransomware groups. To combat these cyber threats, there is an ever-growing need for skilled individuals who can effectively identify and mitigate cyber risks. As we enter 2025, both aspiring cybersecurity experts and seasoned professionals must stay informed …

Proposed new cybersecurity rules for healthcare institutions will focus on how they protect user data under HIPAA, as stated by a White House official. Anne Neuberger, deputy national security adviser for cyber and emerging technology, told “The security rule [under HIPAA] was first published in 2003 and it was last …

Palo Alto Networks has revealed a high severity vulnerability in PAN-OS software that may lead to a denial-of-service (DoS) issue on affected devices. The vulnerability CVE-2024-3393 (CVSS score: 8.7) affects PAN-OS versions 10.X and 11.X, and Prisma Access with PAN-OS versions 10.2.8 or later and before 11.2.3. It has been …

A newly discovered vulnerability called “G-Door” enables malicious actors to bypass Microsoft 365 security by exploiting unmanaged Google Docs accounts. This flaw poses a serious threat to organizations using Microsoft 365’s Conditional Access policies. The G-Door vulnerability stems from the ability to create personal or workspace Google accounts using a …

CISA has issued Binding Operational Directive (BOD) 25-01, requiring federal civilian agencies to improve the security of their Microsoft 365 cloud environments. This directive is part of CISA’s effort to reduce risks from cloud misconfigurations and weak security controls that have been targeted in recent cyberattacks. BOD 25-01 introduces Secure …

The Irish Data Protection Commission fined Meta €251 million ($263.6 million) for GDPR violations related to a 2018 data breach that affected 29 million Facebook accounts. The breach occurred when unauthorized parties exploited user access tokens, exposing sensitive information like names, email addresses, phone numbers, and physical locations, including data …

TechCrunch reports that Byte Federal, a major Bitcoin ATM operator in the U.S., has experienced a data breach affecting the personal information of thousands of customers. A Florida-based company recently reported to the Maine attorney general that hackers tried to access data from about 58,000 customers. The breached information includes …

Google has announced Vanir, an open-source tool for detecting and fixing security vulnerabilities, publicly available for developers. Vanir is a source code-based static analysis tool that automatically identifies the list of missing security patches in the target system. By default, Vanir pulls up-to-date CVEs from Open Source Vulnerabilities (OSV) together …

A bootloader vulnerability in Cisco NX-OS affects over 100 switches, enabling attackers to bypass image signature checks. Cisco issued security patches for the vulnerability CVE-2024-20397 (CVSS score of 5.2) in NX-OS software’s bootloader, which could allow attackers to bypass image signature verification. “A vulnerability in the bootloader of Cisco NX-OS …