CISA alerts active exploitation of Palo Alto networks vuln

CISA has added a patched critical security flaw in Palo Alto Networks Expedition to its Known Exploited Vulnerabilities catalog due to signs of active exploitation.

The vulnerability CVE-2024-5910 (CVSS score: 9.3) involves missing authentication in the Expedition migration tool, potentially allowing an admin account takeover.

• Alert
• Vulnerabilities

CISA Warns of 3 Critical Vulnerabilities in Industrial Control Systems

By infosecbulletin / Monday , November 11 2024

On November 7, 2024, CISA released advisories about 3 critical security issues, vulnerabilities, and exploits related to Industrial Control Systems...

Read More

• Cyber Attack
• Social media
• Vulnerabilities

Cyberattack Disrupts Israel’s Gas and Payment Systems

By infosecbulletin / Monday , November 11 2024

A cyberattack on an Israeli clearing company on Sunday left some people unable to use their credit cards for shopping...

Read More

• International

Russia blocks thousands websites using Cloudflare’s privacy service

By infosecbulletin / Monday , November 11 2024

Russia's media censor, Roskomnadzor, has blocked thousands of local websites using Cloudflare's encryption feature that enhances online privacy and security....

Read More

• Alert
• Cyber Attack
• Data Breach
• International
• Vulnerabilities

Hacker to sale Indian Gov.t email credentials

By infosecbulletin / Sunday , November 10 2024

Advertisement for selling the credentials of allegedly belonging to Indian government emails surfaced on the dark web marketplace. A hacker...

Read More

• Alert
• Cyber Attack
• Hot Topic
• National
• Vulnerabilities

Cyberattacks increase 105% in third quarter of 2024 in Bangladesh

By infosecbulletin / Saturday , November 9 2024

Bangladesh faced a 105% rise in cyber incidents from the second to the third quarter of 2024, making it one...

Read More

• Uncategorized

Developers alert: Malicious ‘fabrice’ Package Steals AWS Credentials

By infosecbulletin / Friday , November 8 2024

The Socket Research Team has discovered a malicious package named "fabrice," pretending to be the legitimate fabric SSH automation library....

Read More

• Alert
• Vulnerabilities

CISA alerts active exploitation of Palo Alto networks vuln

By infosecbulletin / Friday , November 8 2024

CISA has added a patched critical security flaw in Palo Alto Networks Expedition to its Known Exploited Vulnerabilities catalog due...

Read More

• Vulnerabilities

Critical bug in Cisco UWRB access points to run commands as root

By infosecbulletin / Thursday , November 7 2024

Cisco has fixed a critical vulnerability, CVE-2024-20418, that allowed unauthenticated remote attackers to gain root access on Ultra-Reliable Wireless Backhaul...

Read More

• Cyber Attack

“ToxicPanda” banking trojan from Asia hit Europe and LATAM

By infosecbulletin / Wednesday , November 6 2024

In late October 2024, Cleafy’s Threat Intelligence team noticed a surge in a new Android malware known as TgToxic. However,...

Read More

• Vulnerabilities

(CVE–2023-46747)
Hacker exploit Critical F5 BIG -IP Vulnerability in Bangladesh: CIRT report

By infosecbulletin / Wednesday , November 6 2024

Cyber Threat Intelligence Unit of BGD e-GOV CIRT found evidence of compromise linked to the vulnerability in F5 BIG-IP systems...

Read More

“Palo Alto Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data,” CISA said in an alert.

The shortcoming impacts all versions of Expedition prior to version 1.2.92, which was released in July 2024 to plug the problem.

There are currently no reports on how the vulnerability is being weaponized in real-world attacks, but Palo Alto Networks has since revised its original advisory to acknowledge that it’s “aware of reports from CISA that there is evidence of active exploitation.”

Also added to the KEV catalog are two other flaws, including a privilege escalation vulnerability in the Android Framework component (CVE-2024-43093) that Google disclosed this week as having come under “limited, targeted exploitation.”

CVE-2024-51567 is a critical security flaw (CVSS score: 10.0) in CyberPanel that lets remote, unauthorized attackers execute root commands. It has been fixed in version 2.3.8.