From paloaltonetworks.com
Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack
4 4
North Korean IT worker cluster CL-STA-0237 instigated phishing attacks via video apps in Laos, exploiting U.S. IT firms and major tech identities. North Korean IT worker cluster CL-STA-0237 instigated phishing attacks via video apps in Laos, exploiting U.S. IT firms and major tech identities.
#cl #ioc #dprk #unit42 #infosec #itworker #phishing #clsta0237 #beavertail #cybercrime
11h ago
From paloaltonetworks.com
PAN-SA-2024-0015 Important Informational Bulletin: Ensure Access to Management Interface is Secured
3 8
Palo Alto Networks is aware of a claim of a remote code execution vulnerability via the PAN-OS management interface. At this time, we do not know the specifics of the claimed vulnerability. We are act...
on Fri, 1PM
From paloaltonetworks.com
2 2
Multiple vulnerabilities in Palo Alto Networks Expedition allow an attacker to read Expedition database contents and arbitrary files, as well as write arbitrary files to temporary storage locations on...
on Oct 10
From paloaltonetworks.com
2 2
Two ongoing campaigns bear hallmarks of North Korean state-sponsored threat actors, posing in job-seeking roles to distribute malware or conduct espionage.
on Nov 21
From paloaltonetworks.com
Banking on AI to Defend the Financial Services Sector
1 1
Discover how financial institutions leverage AI to combat cyberthreats, enhance fraud detection, and streamline operations. Learn about FinTech security.
on Thu, 1PM
From paloaltonetworks.com
0 1
A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sen...
on Wed, 7PM
From paloaltonetworks.com
CVE-2024-2552 PAN-OS: Arbitrary File Delete Vulnerability in the Command Line Interface (CLI)
0 1
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall.
on Wed, 7PM
From paloaltonetworks.com
CVE-2024-2551 PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet
0 1
A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the...
on Wed, 7PM
From paloaltonetworks.com
CVE-2024-5917 PAN-OS: Server-Side Request Forgery in WildFire
0 1
A server-side request forgery in PAN-OS software enables an unauthenticated attacker to use the administrative web interface as a proxy, which enables the attacker to view internal network resources n...
on Wed, 7PM
From paloaltonetworks.com
0 1
An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect po...
on Wed, 7PM
From paloaltonetworks.com
CVE-2024-9472 PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Traffic
0 1
A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an una...
on Wed, 7PM
From paloaltonetworks.com
CVE-2024-5919 PAN-OS: Authenticated XML External Entities (XXE) Injection Vulnerability
0 1
A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker cont...
on Wed, 7PM
From paloaltonetworks.com
0 1
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. ...
on Wed, 6PM
From paloaltonetworks.com
PAN-SA-2024-0016 Chromium: Monthly Vulnerability Updates
0 1
Palo Alto Networks incorporated the following Chromium security fixes into its products: - https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html - https://chromerelea...
on Wed, 6PM
From paloaltonetworks.com
Global Companies Are Unknowingly Paying North Koreans: Here’s How to Catch Them
0 3
We discuss North Korea's use of IT workers to infiltrate companies, detailing detection strategies like IT asset management and IP analysis to counter this. We discuss North Korea's use of IT workers to infiltrate companies, detailing detection strategies like IT asset management and IP analysis...
on Wed, 2PM
From paloaltonetworks.com
ModeLeak: Privilege Escalation to LLM Model Exfiltration in Vertex AI
0 3
New research reveals two vulnerabilities in Google's Vertex AI that may lead to privilege escalation or data theft through custom jobs or malicious models. New research reveals two vulnerabilities in Google's Vertex AI that may lead to privilege escalation or data theft through custom jobs or...
on Tue, 3PM
From paloaltonetworks.com
Tips & Tricks: How to Secure the Management Access of Your Palo Alto Networks Device
0 2
Protecting your network begins with a secure firewall deployment. It is very important to secure the management interface and management network to prevent exploitation. So even when an attacker or disgruntled (ex-)employee knows the login credentials of your devices, you can still prevent them fr...
on Mon, 4PM
From paloaltonetworks.com
PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent
0 0
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to Cortex XDR Agent. While Cortex XDR Agent may include the affected O...
on Nov 7
From paloaltonetworks.com
Silent Skimmer Gets Loud (Again)
0 0
We discuss a new campaign from the cybercrime group behind Silent Skimmer, showcasing the exploit of Telerik UI vulnerabilities and malware like RingQ loader. We discuss a new campaign from the cybercrime group behind Silent Skimmer, showcasing the exploit of Telerik UI vulnerabilities and...
on Nov 7
From paloaltonetworks.com
IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits
0 0
Mirai is a still-active botnet with new variants. We highlight observed exploitation of IoT vulnerabilities — due to low complexity and high impact.
on Nov 6
From paloaltonetworks.com
Automatically Detecting DNS Hijacking in Passive DNS
0 0
Explore how we detect DNS hijacking by analyzing millions of DNS records daily, using machine learning to identify redirect attempts to malicious servers. Explore how we detect DNS hijacking by analyzing millions of DNS records daily, using machine learning to identify redirect attempts to...
on Nov 5
From paloaltonetworks.com
TA Phone Home: EDR Evasion Testing Reveals Extortion Actor's Toolkit
0 2
A threat actor attempted to use an AV/EDR bypass tool in an extortion attempt. Instead, the tool provided Unit 42 insight into the threat actor.
on Nov 2
From paloaltonetworks.com
Deceptive Delight: Jailbreak LLMs Through Camouflage and Distraction
0 0
We examine an LLM jailbreaking technique called "Deceptive Delight," a technique that mixes harmful topics with benign ones to trick AIs, with a high success rate. We examine an LLM jailbreaking technique called "Deceptive Delight," a technique that mixes harmful topics with benign ones to trick...
on Oct 28
From paloaltonetworks.com
0 0
Discover how North Korean attackers, posing as recruiters, used an updated downloader and backdoor in a campaign targeting tech job seekers. Discover how North Korean attackers, posing as recruiters, used an updated downloader and backdoor in a campaign targeting tech job seekers.
on Oct 28
From paloaltonetworks.com
0 0
Palo Alto Networks and BT combine our best-in-class firewalls with BT’s top-tier Managed Security Services.
on Oct 25
From paloaltonetworks.com
Lynx Ransomware: A Rebranding of INC Ransomware
0 0
Discover recent attacks using Lynx ransomware, a rebrand of INC, targeting multiple crucial sectors in the U.S. and UK with prevalent double-extortion tactics. Discover recent attacks using Lynx ransomware, a rebrand of INC, targeting multiple crucial sectors in the U.S. and UK with prevalent...
on Oct 18
From paloaltonetworks.com
Unit 42 Looks Toward the Threat Frontier: Preparing for Emerging AI Risks
0 0
The Unit 42 Threat Frontier report discusses GenAI's impact on cybersecurity, emphasizing the need for AI-specific defenses and proactive security. The Unit 42 Threat Frontier report discusses GenAI's impact on cybersecurity, emphasizing the need for AI-specific defenses and proactive security.
on Oct 18
From paloaltonetworks.com
Gatekeeper Bypass: Uncovering Weaknesses in a macOS Security Mechanism
0 0
Explore how macOS Gatekeeper's security could be compromised by third-party apps not enforcing quarantine attributes effectively. Explore how macOS Gatekeeper's security could be compromised by third-party apps not enforcing quarantine attributes effectively.
on Oct 17
From paloaltonetworks.com
CVE-2024-9470 Cortex XSOAR: Information Disclosure Vulnerability
0 0
A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data.
on Oct 10
From paloaltonetworks.com
CVE-2024-9469 Cortex XDR Agent: Local Windows User Can Disable the Agent
0 0
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent. This issue may be lev...
on Oct 10
From paloaltonetworks.com
CVE-2024-9471 PAN-OS: Privilege Escalation (PE) Vulnerability in XML API
0 0
A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key...
on Oct 10
From paloaltonetworks.com
CVE-2024-9473 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability
0 0
A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/...
on Oct 10
From paloaltonetworks.com
CVE-2024-9468 PAN-OS: Firewall Denial of Service (DoS) via a Maliciously Crafted Packet
0 0
A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of serv...
on Oct 10
From paloaltonetworks.com
PAN-SA-2024-0011 Chromium: Monthly Vulnerability Updates
0 0
Palo Alto Networks incorporated the following Chromium security fixes into its products: - https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html - https://chromerele...
on Oct 10
From paloaltonetworks.com
No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection
0 0
Four DNS tunneling campaigns identified through a new machine learning tool expose intricate tactics when targeting vital sectors like finance, healthcare and more. Four DNS tunneling campaigns identified through a new machine learning tool expose intricate tactics when targeting vital sectors...
on Oct 5
From paloaltonetworks.com
Palo Alto Networks and Deloitte Expand Strategic Alliance Globally to Drive Platformization
0 0
Providing clients with integrated AI-powered cybersecurity solutions and insights to help enhance security posture, drive operational efficiencies, and address complex challenges NEW YORK and...
on Oct 2
From paloaltonetworks.com
Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning
0 0
Researchers detail the discovery of Swiss Army Suite, an underground tool used for SQL injection scans discovered with a machine learning model. Researchers detail the discovery of Swiss Army Suite, an underground tool used for SQL injection scans discovered with a machine learning model.
on Oct 1
From paloaltonetworks.com
CVE-2024-47076 Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks Products
0 0
The Palo Alto Networks Product Security Assurance team has evaluated CVE-2024-47076, CVE-2024-47177, CVE-2024-47175, and CVE-2024-47176 in the Common UNIX Printing System (CUPS) as they relate to our ...
on Sep 26
From paloaltonetworks.com
Unraveling Sparkling Pisces’s Tool Set: KLogEXE and FPSpy
0 0
We analyze new tools DPRK-linked APT Sparkling Pisces (aka Kimsuky) used in cyberespionage campaigns: KLogExe (a keylogger) and FPSpy (a backdoor variant).
on Sep 26
From paloaltonetworks.com
Investigating Infrastructure and Tactics of Phishing-as-a-Service Platform Sniper Dz
0 0
Delve into the infrastructure and tactics of phishing platform Sniper Dz, which targets popular brands and social media. We discuss its unique aspects and more. Delve into the infrastructure and tactics of phishing platform Sniper Dz, which targets popular brands and social media. We discuss its...
on Sep 25
From paloaltonetworks.com
Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors
0 0
We track a campaign by Gleaming Pisces (Citrine Sleet) delivering Linux or macOS backdoors via Python packages, aiming to infiltrate supply chain vendors. We track a campaign by Gleaming Pisces (Citrine Sleet) delivering Linux or macOS backdoors via Python packages, aiming to infiltrate supply...
on Sep 24
From paloaltonetworks.com
Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool
0 0
Discover Splinter, a new post-exploitation tool with advanced features like command execution and file manipulation, detected by Unit 42 researchers. Discover Splinter, a new post-exploitation tool with advanced features like command execution and file manipulation, detected by Unit 42 researchers.
on Sep 24
From paloaltonetworks.com
Inside SnipBot: The Latest RomCom Malware Variant
0 0
We deconstruct SnipBot, a variant of RomCom malware. Its authors, who target diverse sectors, seem to be aiming for espionage instead of financial gain. We deconstruct SnipBot, a variant of RomCom malware. Its authors, who target diverse sectors, seem to be aiming for espionage instead of financial gain.
on Sep 24
From paloaltonetworks.com
CVE-2024-8689 ActiveMQ Content Pack: Cleartext Exposure of Credentials
0 0
A problem with the ActiveMQ integration for both Cortex XSOAR and Cortex XSIAM can result in the cleartext exposure of the configured ActiveMQ credentials in log bundles.
on Sep 11
From paloaltonetworks.com
PAN-SA-2024-0009 Prisma Access Browser: Monthly Vulnerability Updates
0 0
Prisma Access Browser has incorporated the latest upstream Chromium security fixes listed here: - https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html - https://chro...
on Sep 11
From paloaltonetworks.com
CVE-2024-8686 PAN-OS: Command Injection Vulnerability
0 0
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall.
on Sep 11
From paloaltonetworks.com
CVE-2024-8687 PAN-OS: Cleartext Exposure of GlobalProtect Portal Passcodes
0 0
An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configure...
on Sep 11
From paloaltonetworks.com
CVE-2024-8688 PAN-OS: Arbitrary File Read Vulnerability in the Command Line Interface (CLI)
0 0
An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) wit...
on Sep 11
From paloaltonetworks.com
CVE-2024-8690 Cortex XDR Agent: Local Windows Administrator Can Disable the Agent
0 0
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leverage...
on Sep 11
From paloaltonetworks.com
Phishing Pages Delivered Through Refresh HTTP Response Header
0 0
We detail a rare phishing mechanism using a refresh entry in the HTTP response header for stealth redirects to malicious pages, affecting finance and government sectors. We detail a rare phishing mechanism using a refresh entry in the HTTP response header for stealth redirects to malicious...
on Sep 11