FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
There are new available articles, click to refresh the page.
☐ β˜† βœ‡ The Hacker News

CISA Warns of Actively Exploited Apache Flink Security Vulnerability

By: Newsroom β€” May 23rd 2024 at 16:44
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, an open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2020-17519, the issue relates to a case of improper access control that
☐ β˜† βœ‡ The Hacker News

Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack

By: Newsroom β€” April 26th 2024 at 10:18
Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation. The vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), could be weaponized to obtain unauthenticated remote shell command execution on susceptible devices. It has been addressed in
☐ β˜† βœ‡ The Hacker News

Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack

By: Newsroom β€” April 20th 2024 at 05:53
Palo Alto Networks has shared more details of a critical security flaw impacting PAN-OS that has come under active exploitation in the wild by malicious actors. The company described the vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), as "intricate" and a combination of two bugs in versions PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 of the software. "In
☐ β˜† βœ‡ The Hacker News

Palo Alto Networks Releases Urgent Fixes for Exploited PAN-OS Vulnerability

By: Newsroom β€” April 15th 2024 at 08:17
Palo Alto Networks has released hotfixes to address a maximum-severity security flaw impacting PAN-OS software that has come under active exploitation in the wild. Tracked as CVE-2024-3400 (CVSS score: 10.0), the critical vulnerability is a case of command injection in the GlobalProtect feature that an unauthenticated attacker could weaponize to execute arbitrary code with root
☐ β˜† βœ‡ The Hacker News

Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack

By: Newsroom β€” April 13th 2024 at 08:25
Threat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March 26, 2024, nearly three weeks before it came to light yesterday. The network security company's Unit 42 division is tracking the activity under the name Operation MidnightEclipse, attributing it as the work of a single threat actor of
☐ β˜† βœ‡ The Hacker News

Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack

By: Newsroom β€” April 12th 2024 at 08:56
Palo Alto Networks is warning that a critical flaw impacting PAN-OS software used in its GlobalProtect gateways is being actively exploited in the wild. Tracked as CVE-2024-3400, the issue has a CVSS score of 10.0, indicating maximum severity. "A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct
☐ β˜† βœ‡ The Hacker News

Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks

By: Newsroom β€” April 9th 2024 at 05:46
Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked as CVE-2024-3272 (CVSS score: 9.8) and CVE-2024-3273 (CVSS score: 7.3), the vulnerabilities impact legacy D-Link products that have reached end-of-life (EoL) status. D-Link, in
☐ β˜† βœ‡ The Hacker News

3 Things CISOs Achieve with Cato

By: The Hacker News β€” March 14th 2024 at 10:24
Being a CISO is a balancing act: ensuring organizations are secure without compromising users’ productivity. This requires taking multiple elements into consideration, like cost, complexity, performance and user experience. CISOs around the globe use Cato SSE 360, as part of the Cato SASE Cloud platform to balance these factors without compromise. This article details how CISOs are
☐ β˜† βœ‡ The Hacker News

Researchers Highlight Google's Gemini AI Susceptibility to LLM Threats

By: Newsroom β€” March 13th 2024 at 10:14
Google's Gemini large language model (LLM) is susceptible to security threats that could cause it to divulge system prompts, generate harmful content, and carry out indirect injection attacks. The findings come from HiddenLayer, which said the issues impact consumers using Gemini Advanced with Google Workspace as well as companies using the LLM API. The first vulnerability involves
☐ β˜† βœ‡ The Hacker News

New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion

By: Newsroom β€” March 1st 2024 at 10:56
Cybersecurity researchers have discovered a new Linux variant of a remote access trojan (RAT) called BIFROSE (aka Bifrost) that uses a deceptive domain mimicking VMware. "This latest version of Bifrost aims to bypass security measures and compromise targeted systems," Palo Alto Networks Unit 42 researchers Anmol Maurya and Siddharth Sharma said. BIFROSE is one of the long-standing
☐ β˜† βœ‡ The Hacker News

Hands-On Review: SASE-based XDR from Cato Networks

By: The Hacker News β€” February 5th 2024 at 11:12
Companies are engaged in a seemingly endless cat-and-mouse game when it comes to cybersecurity and cyber threats. As organizations put up one defensive block after another, malicious actors kick their game up a notch to get around those blocks. Part of the challenge is to coordinate the defensive abilities of disparate security tools, even as organizations have limited resources and a dearth of
☐ β˜† βœ‡ The Hacker News

Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches

By: Newsroom β€” January 13th 2024 at 10:45
Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. The issue, tracked as CVE-2024-21591, is rated 9.8 on the CVSS scoring system. β€œAn out-of-bounds write vulnerability in J-Web of Juniper Networks Junos OS SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a
☐ β˜† βœ‡ The Hacker News

Google Cloud Resolves Privilege Escalation Flaw Impacting Kubernetes Service

By: Newsroom β€” December 28th 2023 at 13:20
Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already has access to a Kubernetes cluster to escalate their privileges. "An attacker who has compromised the Fluent Bit logging container could combine that access with high privileges required by Anthos Service Mesh (on clusters that have enabled it) to
☐ β˜† βœ‡ The Hacker News

Cost of a Data Breach Report 2023: Insights, Mitigators and Best Practices

By: The Hacker News β€” December 21st 2023 at 10:53
John Hanley of IBM Security shares 4 key findings from the highly acclaimed annual Cost of a Data Breach Report 2023 What is the IBM Cost of a Data Breach Report? The IBM Cost of a Data Breach Report is an annual report that provides organizations with quantifiable information about the financial impacts of breaches. With this data, they can make data driven decisions about how they implement
☐ β˜† βœ‡ The Hacker News

Design Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access

By: Newsroom β€” November 28th 2023 at 12:34
Cybersecurity researchers have detailed a "severe design flaw" in Google Workspace's domain-wide delegation (DWD) feature that could be exploited by threat actors to facilitate privilege escalation and obtain unauthorized access to Workspace APIs without super admin privileges. "Such exploitation could result in theft of emails from Gmail, data exfiltration from Google Drive, or other
☐ β˜† βœ‡ The Hacker News

Hackers Could Exploit Google Workspace and Cloud Platform for Ransomware Attacks

By: Newsroom β€” November 16th 2023 at 11:18
A set of novel attack methods has been demonstrated against Google Workspace and the Google Cloud Platform that could be potentially leveraged by threat actors to conduct ransomware, data exfiltration, and password recovery attacks. "Starting from a single compromised machine, threat actors could progress in several ways: they could move to other cloned machines withΒ GCPWΒ installed, gain access
☐ β˜† βœ‡ The Hacker News

Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations

By: Newsroom β€” November 13th 2023 at 05:58
Cybersecurity researchers have discovered what they say is malicious cyber activity orchestrated by two prominent Chinese nation-state hacking groups targeting 24 Cambodian government organizations. "This activity is believed to be part of a long-term espionage campaign," Palo Alto Networks Unit 42 researchersΒ saidΒ in a report last week. "The observed activity aligns with geopolitical goals of
☐ β˜† βœ‡ The Hacker News

Offensive and Defensive AI: Let’s Chat(GPT) About It

By: The Hacker News β€” November 7th 2023 at 10:21
ChatGPT: Productivity tool, great for writing poems, and… a security risk?! In this article, we show how threat actors can exploit ChatGPT, but also how defenders can use it for leveling up their game. ChatGPT is the most swiftly growing consumer application to date. The extremely popular generative AI chatbot has the ability to generate human-like, coherent and contextually relevant responses.
❌