Security News

Palo Alto Networks warns of critical RCE zero-day exploited in attacks
2024-11-15 14:44

Palo Alto Networks is warning that a critical zero-day vulnerability on Next-Generation Firewalls (NGFW) management interfaces, currently tracked as 'PAN-SA-2024-0015,' is actively being exploited...

Cybercriminals hijack DNS to build stealth attack networks
2024-11-15 13:52

Hijacking domains using a ‘Sitting Ducks attack’ remains an underrecognized topic in the cybersecurity community. Few threat researchers are familiar with this attack vector, and knowledge is...

Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465)
2024-11-15 11:09

Attackers have been spotted exploiting two additional vulnerabilities (CVE-2024-9463, CVE-2024-9465) in Palo Alto Networks’ Expedition firewall configuration migration tool, CISA has confirmed on...

CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed
2024-11-15 05:04

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that two more flaws impacting the Palo Alto Networks Expedition have come under active exploitation in the wild....

CISA warns of more Palo Alto Networks bugs exploited in attacks
2024-11-14 22:01

CISA warned today that two more critical security vulnerabilities in Palo Alto Networks' Expedition migration tool are now actively exploited in attacks. [...]

Experts Uncover 70,000 Hijacked Domains in Widespread 'Sitting Ducks' Attack Scheme
2024-11-14 17:36

Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for using them in phishing attacks and investment fraud schemes for...

Microsoft patches Windows zero-day exploited in attacks on Ukraine
2024-11-13 21:33

Suspected Russian hackers were caught exploiting a recently patched Windows vulnerability as a zero-day in ongoing attacks targeting Ukrainian entities. [...]

Critical bug in EoL D-Link NAS devices now exploited in attacks
2024-11-13 18:36

​Attackers now target a critical severity vulnerability with publicly available exploit code that affects multiple models of end-of-life D-Link network-attached storage (NAS) devices. [...]

Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel
2024-11-13 16:09

A threat actor affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks that exclusively target Israeli entities. The activity, linked to...

OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution
2024-11-13 09:28

A security analysis of the OvrC cloud platform has uncovered 10 vulnerabilities that could be chained to allow potential attackers to execute code remotely on connected devices. "Attackers...