Security News > 2024 > April > Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days
Palo Alto Networks firewalls under attack, hotfixes incoming!Attackers are exploiting a command injection vulnerability affecting Palo Alto Networks' firewalls, the company has warned, and urged customers to implement temporary mitigations and get in touch to check whether their devices have been compromised.
It can handle almost anything, and someone once called it the kitchen sink of PKI. Microsoft patches two actively exploited zero-daysOn this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn't marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro's Zero Day Initiative, has found being leveraged by attackers in the wild.
New Google Workspace feature prevents sensitive security changes if two admins don't approve themGoogle is rolling out multi-party approvals for Google Workspace customers with multiple super admin accounts, the company has announced.
CISA warns about Sisense data breachBusiness intelligence / data analytics software vendor Sisense has apparently suffered a data breach that spurred the company and the US Cybersecurity and Infrastructure Security Agency to push the company's customers to "Reset credentials and secrets potentially exposed to, or used to access, Sisense services."
AI risks under the auditor's lens more than everIn this Help Net Security video, Thomas Teravainen, a Research Specialist at Gartner, discusses how AI-related risks have seen the biggest increases in audit plan coverage in 2024.
Stopping security breaches by managing AppSec postureIn this Help Net Security video, Gopi Rebala, CTO at OpsMx, talks about how managing application security posture can help companies identify, prioritize, and fix vulnerabilities and stop security breaches while enforcing policies to block vulnerable deployments to production environments.
News URL
Related news
- Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400) (source)
- Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- Palo Alto Networks zero-day exploited since March to backdoor firewalls (source)
- Palo Alto Networks fixes zero-day exploited to backdoor firewalls (source)
- Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation (source)
- 22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-09 | CVE-2024-29988 | SmartScreen Prompt Security Feature Bypass Vulnerability network low complexity | 8.8 |