Category: Uncategorized
-
House Passes Reauthorization of Key US Surveillance Program After Days of Upheaval Over Changes Associated Press
The bill was approved on a bipartisan basis, 273-147, though it will still have to clear the Senate to become law. The post House Passes Reauthorization of Key US Surveillance Program After Days of Upheaval Over Changes appeared first on SecurityWeek. Read More
-

Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack [email protected] (The Hacker News)
Threat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March 26, 2024, nearly three weeks before it came to light yesterday. The network security company’s Unit 42 division is tracking the activity under the name Operation MidnightEclipse, attributing it as the work of a single threat actor ofRead…
-
PAN-OS GlobalProtect Command Injection Vulnerability
The on-going attack on PAN-OS GlobalProtect devices identified as CVE-2024-3400 allows a malicious actor to remotely exploit an unauthenticated OS Command Injection vulnerability. Once established, the attacker can further collect configurations, deliver malware payloads and move laterally and internally.Read More
-
State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls Ionut Arghire
A state-sponsored threat actor has been exploiting a zero-day in Palo Alto Networks firewalls for the past two weeks. The post State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls appeared first on SecurityWeek. Read More
-
PAN-OS Critical Flaw in GlobalProtect Gateway (CVE-2024-3400)
What is the vulnerability/attack? A critical unauthenticated remote code injection vulnerability in the PAN-OS GlobalProtect Gateway was discovered. This vulnerability tracked under CVE-2024-3400 has a CVSS rating of 10.0. The GlobalProtect Gateway provides security solution for roaming users by extending the same next-generation firewall-based policies. According to the vendor advisory, active exploitation is on-going. What…
-
Wiz Acquires Gem Security, Pushes Security Tools Consolidation Ryan Naraine
Financial terms of the translation were not disclosed but reports out of Tel Aviv valued the deal in the range of $350 million. The post Wiz Acquires Gem Security, Pushes Security Tools Consolidation appeared first on SecurityWeek. Read More
-
Pros and cons of 7 breach and attack simulation tools
Post ContentRead More
-
RubyCarp: Insights Into the Longevity of a Romanian Cybercriminal Gang Kevin Townsend
Operational for at least ten years, RubyCarp has its own botnet, its own tools, and its own community of users that concentrate on cryptomining and credential phishing. The post RubyCarp: Insights Into the Longevity of a Romanian Cybercriminal Gang appeared first on SecurityWeek. Read More
-

Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files [email protected] (The Hacker News)
“Test files” associated with the XZ Utils backdoor have made their way to a Rust crate known as liblzma-sys, new findings from Phylum reveal. liblzma-sys, which has been downloaded over 21,000 times to date, provides Rust developers with bindings to the liblzma implementation, an underlying library that is part of the XZ Utils data compression software. TheRead More
-
In Other News: Moscow Sewage Hack, Women in Cybersecurity Report, Dam Security Concerns SecurityWeek News
Noteworthy stories that might have slipped under the radar: Moscow sewage system hacked, a new women in cybersecurity report, PasteHub domain seized by law enforcement. The post In Other News: Moscow Sewage Hack, Women in Cybersecurity Report, Dam Security Concerns appeared first on SecurityWeek. Read More
