InfoSecBulletin Cybersecurity for mankind
A critical zero-day vulnerability in Palo Alto Networks’ PAN-OS software. It is being used by attackers, but there are no patches to fix it yet. Palo Alto Networks issued an alert on April 12, 2024, thanking cybersecurity firm Volexity for discovering the flaw. There is a command injection vulnerability in …
Read More »TimeLine Layout
April, 2024
-
12 April
CISA Opens Malware Analysis Tool For Public Use
CISA has launched a new initiative, making its advanced malware analysis system, Malware Next-Gen, available to the public. Malware Next-Gen is a new and innovative way to find and fight against cyber threats and harmful software. This new platform allows governments, private organizations, security researchers, and individuals to submit malware …
Read More » -
12 April
PALO ALTO NETWORKS FIXED MULTIPLE DOS BUGS
Palo Alto Networks released security updates to high severity vulnerabilities in its PAN-OS operating system. The company fixed the following DoS vulnerabilities: CVE-2024-3385 – A vulnerability in the PAN-OS software of Palo Alto Networks allows remote attackers to reboot hardware firewalls. Continuous attacks can lead to a DoS situation by …
Read More » -
12 April
CISA immediately orders agencies to mitigate risk impacted by Microsoft hack
CISA has ordered U.S. federal agencies to address risks from the breach of multiple Microsoft email accounts by the Russian APT29 hacking group. Emergency Directive 24-02 requires Federal Civilian Executive Branch (FCEB) agencies to investigate affected emails, reset any compromised credentials, and secure privileged Microsoft Azure accounts. CISA reports that …
Read More » -
12 April
ESET RESEARCH
“eXotic” spyware espionage campaign targets India and Pakistan
ESET researchers found a spying campaign targeting Android users. The campaign uses fake messaging apps that include XploitSPY malware. The campaign, called eXotic Visit, has been active from November 2021 to the end of 2023. Malicious Android apps were distributed through targeted campaigns using dedicated websites and the Google Play …
Read More » -
11 April
CISA Releases Nine Industrial Control Systems Advisories
CISA issued nine advisories about Industrial Control Systems (ICS) on April 11, 2024. These advisories give important information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-102-01 Siemens SIMATIC S7-1500 ICSA-24-102-02 Siemens SIMATIC WinCC ICSA-24-102-03 Siemens RUGGEDCOM APE1808 before V11.0.1 ICSA-24-102-04 Siemens RUGGEDCOM APE1808 ICSA-24-102-05 Siemens Scalance W1750D ICSA-24-102-06 …
Read More » -
11 April
Apple alerts 92 nations to mercenary spyware attacks
Apple warned users in 91 other countries about a possible “mercenary spyware attack”. Apple notified Reuters that the company found evidence of attackers attempting to remotely compromise iPhones. Mercenary spyware attacks are rare but much more sophisticated than regular cybercriminal activity or malware, as stated in the email. Apple also …
Read More » -
10 April
CISA Announces Malware Next-Gen Analysis
CISA has launched a new malware analysis system called Malware Next-Gen. It allows organizations to submit malware samples and suspicious artifacts for analysis, helping CISA to better support partners by automating analysis of new malware and improving cyber defense efforts. Network defenders need timely and useful information about malware, including …
Read More » -
10 April
Here’s How
Phone turn off or battery dies, Google track you now
Google has launched an updated version of Find My Device, which helps people keep track of their numerous devices more easily. This new version also allows users to track their phones even when they are turned off or have run out of battery. Android users with devices other than phones …
Read More » -
10 April
Microsoft fixes two Windows zero-days exploited in attacks
Microsoft fixed two zero-day vulnerabilities in April 2024 Patch Tuesday, but they didn’t label them as such at first. CVE-2024-26234 is a vulnerability that involves a malicious driver being signed with a valid Microsoft Hardware Publisher Certificate. It was discovered by Sophos X-Ops in December 2023 and reported by team …
Read More »
