Security News > 2024 > April > Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days

Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days
2024-04-14 08:00

Palo Alto Networks firewalls under attack, hotfixes incoming!Attackers are exploiting a command injection vulnerability affecting Palo Alto Networks' firewalls, the company has warned, and urged customers to implement temporary mitigations and get in touch to check whether their devices have been compromised.

It can handle almost anything, and someone once called it the kitchen sink of PKI. Microsoft patches two actively exploited zero-daysOn this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn't marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro's Zero Day Initiative, has found being leveraged by attackers in the wild.

New Google Workspace feature prevents sensitive security changes if two admins don't approve themGoogle is rolling out multi-party approvals for Google Workspace customers with multiple super admin accounts, the company has announced.

CISA warns about Sisense data breachBusiness intelligence / data analytics software vendor Sisense has apparently suffered a data breach that spurred the company and the US Cybersecurity and Infrastructure Security Agency to push the company's customers to "Reset credentials and secrets potentially exposed to, or used to access, Sisense services."

AI risks under the auditor's lens more than everIn this Help Net Security video, Thomas Teravainen, a Research Specialist at Gartner, discusses how AI-related risks have seen the biggest increases in audit plan coverage in 2024.

Stopping security breaches by managing AppSec postureIn this Help Net Security video, Gopi Rebala, CTO at OpsMx, talks about how managing application security posture can help companies identify, prioritize, and fix vulnerabilities and stop security breaches while enforcing policies to block vulnerable deployments to production environments.


News URL

https://www.helpnetsecurity.com/2024/04/14/week-in-review-palo-alto-networks-firewalls-under-attack-microsoft-patches-two-exploited-zero-days/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-04-09 CVE-2024-29988 Unspecified vulnerability in Microsoft products
SmartScreen Prompt Security Feature Bypass Vulnerability
network
low complexity
microsoft
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 480 75 2308 5127 264 7774