Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation
While it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE-2024-3400 would be possible by disabling the devices’ telemetry, it has now been confirmed that this mitigation is ineffectual. “Device tele.....»»
Ivanti CEO pledges to “fundamentally transform” its hard-hit security model
Part of the reset involves AI-powered documentation search and call routing. Enlarge (credit: Getty Images) Ivanti, the remote-access company whose remote-access products have been battered by severe exploits in recent m.....»»
Apple worries DMA has lowered the cost of iPhone exploits
Apple has been forced by the EU to allow app purchases and installs without the App Store. The effort to enable the capabilities as securely as possible has been massive. The details continue to evolve based on developer arms regulatory feedback, and.....»»
Never-before-seen Linux malware gets installed using 1-day exploits
Discovery means that NerbianRAT is cross-platform used by for-profit threat group. Enlarge (credit: Getty Images) Researchers have unearthed Linux malware that circulated in the wild for at least two years before being i.....»»
Notorious NSO Group exploits flaw to send malicious messages and more
Old court documents were hiding a previously unknown flaw that allowed data exfiltration......»»
SiCat: Open-source exploit finder
SiCat is an open-source tool for exploit research designed to source and compile information about exploits from open channels and internal databases. Its primary aim is to assist in cybersecurity, enabling users to search the internet for potential.....»»
The fight against commercial spyware misuse is heating up
Though there are organizations out there investigating how commercial spyware is misused to target journalists, human rights defenders and dissidents, the growing market related to the development and sale of this type of software and the exploits us.....»»
FritzFrog botnet exploits Log4Shell, PwnKit vulnerabilities
The FritzFrog cryptomining botnet has new potential for growth: a recently analyzed variant of the bot is exploiting the Log4Shell (CVE-2021-44228) and PwnKit (CVE-2021-4034) vulnerabilities for lateral movement and privilege escalation. The FritzFro.....»»
8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers
The 8220 gang has been leveraging an old Oracle WebLogic Server vulnerability (CVE-2020-14883) to distribute malware, the Imperva Threat Research team has found. About 8220 Active since 2017, the 8220 gang has been known for deploying cryptocurrency.....»»
Week in review: LockBit exploits Citrix Bleed, Apache ActiveMQ bug exploited for cryptojacking
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: PolarDNS: Open-source DNS server tailored for security evaluations PolarDNS is a specialized authoritative DNS server that allows the operator to pr.....»»
Apple patched several security vulnerabilities in iOS 17.1 and the rest
The latest security patches in iOS 17.1, iPadOS 17.1, macOS Sonoma 14.1 and the other operating system updates cover a range of potential exploits and vulnerabilities.iOS 17.1 has several security patchesApple has shared the security patch notes for.....»»
Data Theorem enhances Cloud Secure platform with ML-based hacker toolkits and visualizations
Data Theorem introduced an attack path analysis of APIs and software supply chain exploits to its cloud-native application protection platform (CNAPP) called Cloud Secure. The new release includes machine learning (ML)-based hacker toolkits and impro.....»»
Update your Apple devices now to fix these dangerous exploits
Three actively exploited vulnerabilities have just been discovered in a huge number of Apple devices. Update yours now to ensure it stays safe from hackers......»»
UAW"s strike strategy exploits leeway created by expired contract
Until the UAW's deals with the Detroit 3 end tonight, it can only call targeted strikes over local issues. The union is calling its unprecedented strategy a "stand-up strike.".....»»
Ransomware group exploits Citrix NetScaler systems for initial access
A known threat actor specializing in ransomware attacks is believed to be behind a recent campaign that targeted unpatched internet-facing Citrix NetScaler systems to serve as an initial foothold into enterprise networks. “Our data indicates st.....»»
macOS Ventura App Management exploit revealed 10 months after discovery
A new exploit has been found for macOS Ventura, one that allows an attacker to bypass App Management, and is being disclosed after failing to be fixed by Apple in ten months.Jeff Johnson is a developer who has found exploits in a variety of online se.....»»
Chrome has a security problem — here’s how Google is fixing it
Google is changing from a bi-weekly to a weekly schedule for its security updates to get ahead of n-day exploits effecting its Chrome browser......»»
Microsoft comes under blistering criticism for “grossly irresponsible” security
Azure looks like a house of cards collapsing due to exploits and vulnerabilities. Enlarge (credit: Drew Angerer | Getty Images) Microsoft has once again come under blistering criticism for the security practices of Azure.....»»
Apple employee reportedly didn’t tell Google about zero-day exploit found in Chrome
As we often report here, it’s common for tech companies to help each other improve their security systems by sharing zero-day exploits found by security researchers. Google, for example, does this a lot. But recently, an Apple employee reportedly.....»»
Millions of Americans’ personal DMV data exposed in massive MOVEit hack
Over 6.5 million residents of two states affected, impact may potentially widen. Enlarge (credit: Getty Images) As part of a massive ongoing cyberattack that exploits flaws in MOVEit file transfer software, the personal.....»»