Security News

SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation
2024-09-06 15:55

SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as...

Human firewalls are essential to keeping SaaS environments safe
2024-09-06 05:00

Businesses run on SaaS solutions: nearly every business function relies on multiple cloud-based tech platforms and collaborative work tools like Slack, Google Workspace apps, Jira, Zendesk and...

Week in review: SonicWall critical firewalls flaw fixed, APT exploits WPS Office for Windows RCE
2024-09-01 08:00

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766) SonicWall has patched a...

SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766)
2024-08-26 18:28

SonicWall has patched a critical vulnerability (CVE-2024-40766) in its next-gen firewalls that could allow remote attackers unauthorized access to resources and, in specific conditions, to crash...

SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access
2024-08-26 14:33

SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices. The...

BunkerWeb: Open-source Web Application Firewall (WAF)
2024-07-10 04:00

BunkerWeb is an open-source Web Application Firewall distributed under the AGPLv3 free license. The solution's core code is entirely auditable by a third party and the community.

NethSecurity: Open-source Linux firewall
2024-06-03 04:30

NethSecurity is a free, open-source Linux firewall that simplifies network security deployment. It integrates various security features into one platform, including firewalling, intrusion detection and prevention, antivirus, multi-WAN, DNS, and content filtering.

RedTail Crypto-Mining Malware Exploiting Palo Alto Networks Firewall Vulnerability
2024-05-30 14:24

The threat actors behind the RedTail cryptocurrency mining malware have added a recently disclosed security flaw impacting Palo Alto Networks firewalls to its exploit arsenal. The addition of the...

Week in review: PoCs allow persistence on Palo Alto firewalls, Okta credential stuffing attacks
2024-05-05 08:00

Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgradesThere are proof-of-concept techniques allowing attackers to achieve persistence on Palo Alto Networks firewalls after CVE-2024-3400 has been exploited, the company has confirmed on Monday, but they are "Not aware at this time of any malicious attempts to use these persistence techniques in active exploitation of the vulnerability." Okta warns customers about credential stuffing onslaughtCredential stuffing attacks have exploded this April, Okta warns, and advises its customers to use available tools to block access requests originating from residential proxies before authentication takes place.

Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades
2024-04-30 12:44

There are proof-of-concept techniques allowing attackers to achieve persistence on Palo Alto Networks firewalls after CVE-2024-3400 has been exploited, the company has confirmed on Monday, but they are "Not aware at this time of any malicious attempts to use these persistence techniques in active exploitation of the vulnerability." On April 12, Palo Alto Networks warned about limited attacks against internet-exposed firewalls, likely by a state-backed threat actor, who managed to install backdoors, grab sensitive data, and move laterally through target organizations' networks.