Palo Alto Networks has disclosed a high-severity vulnerability impacting PAN-OS software that could cause a denial-of-service (DoS) condition on susceptible devices.
The flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), impacts PAN-OS versions 10.X and 11.X, as well as Prisma Access running PAN-OS versions. It has been addressed in PAN-OS 10.1.14-h8, PAN-OS 10.2.10-h12, PAN-OS 11.1.5, PAN-OS 11.2.3, and all later PAN-OS versions.
The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol (RDP) configuration files.
The activity, which has targeted governments and armed forces, think tanks, academic researchers, and Ukrainian entities, entails adopting a "rogue RDP" technique that was previously documented by Black Hills Information Security in 2022, Trend Micro said in a report.
A new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users with open-source stealer malware such as Skuld and Blank-Grabber.
"This incident highlights the alarming ease with which threat actors can launch supply chain attacks by exploiting trust and human error within the open source ecosystem, and using readily available commodity malware, public platforms like GitHub for hosting malicious executables, and communication channels like Discord and Telegram for C2 operations to bypass traditional security measures," Socket security researcher Kirill Boychenko said in a report shared with The Hacker News.
Canadian law enforcement authorities have arrested an individual who is suspected to have conducted a series of hacks stemming from the breach of cloud data warehousing platform Snowflake earlier this year.
The individual in question, Alexander "Connor" Moucka (aka Judische and Waifu), was apprehended on October 30, 2024, on the basis of a provisional arrest warrant, following a request by the U.S.
Threat actors exploit Amazon S3 in ransomware attacks, using AWS credentials for data theft.
Gamers searching for game cheats are falling victim to a global malware campaign delivering RedLine Stealer.
New Gorilla botnet launches over 300,000 DDoS attacks globally, exploiting IoT devices and Apache Hadoop flaws.
14 new DrayTek router vulnerabilities, including critical flaws, could allow attackers to take control. Patch now
U.S. seizes 32 Russian propaganda domains influencing U.S. elections, targets Kremlin-backed disinformation efforts.
Chinese hacking group Evasive Panda compromises ISP to push malware, targeting companies through DNS poisoning and insecure update mechanisms.
Cloudflare's TryCloudflare is being exploited by cybercriminals for malware delivery via phishing emails, reports say.
Russian and Moldovan companies targeted by XDSpy phishing campaign, deploying DSDownloader malware, amid escalating cyber conflicts.
OpenSSH vulnerability CVE-2024-6409 found in Red Hat Linux 9 may enable remote code execution. Discover more.
Discover how the 'Indirector' attack threatens Intel CPUs and learn about the 'TIKTAG' vulnerability in Arm processors.
Conceptworld software installers trojanized with data-stealing malware. Users of Notezilla, RecentX, and Copywhiz urged to check for compromise.
Researchers unveil SnailLoad, a new side-channel attack exploiting network latency to infer web activity remotely, achieving up to 98% accuracy in vid
Critical security flaw in Fortra FileCatalyst Workflow allows database tampering. Patch available.
Discover critical vulnerabilities in Mailcow server software allowing remote code execution and XSS attacks.
Arm discloses a critical vulnerability (CVE-2024-4610) in Mali GPU Kernel Drivers. This flaw, actively exploited, affects versions from r34p0 to r40p0
Researchers have discovered several vulnerabilities in popular WordPress plugins that allow attackers to create rogue admin accounts.
#attacks #breach #computer #cyber #data #hack #hacker #hacking #how #information #malware #network #news #ransomware #security #software #the #to #today #updates #vulnerability
