The Hacker News
APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data
APT42, an Iranian state-backed hacking group, is leveling up its social engineering tactics. They're posing as journalists and event organizers to bui
Bleeping Computer
Iranian hackers pose as journalists to push backdoor malware
The Iranian state-backed threat actor tracked as APT42 is employing social engineering attacks, including posing as journalists, to breach corporate networks and cloud environments of Western and Middle Eastern targets.
SecurityWeek
Palo Alto Networks Shares Remediation Advice for Hacked Firewalls
Palo Alto Networks has shared remediation instructions for organizations whose firewalls have been hacked via CVE-2024-3400.
DarkReading
Iran Dupes US Military Contractors, Gov't Agencies in Cyber Campaign
A state-sponsored hacking team employed a clever masquerade and elaborate back-end infrastructure as part of a five-year info-stealing campaign that compromised the US State and Treasury Departments, and hundreds of thousands of accounts overall.
DarkReading
Siemens Working on Fix for Device Affected by Palo Alto Firewall Bug
Growing attacks targeting the flaw prompted CISA to include it in the known exploited vulnerabilities catalog earlier this month.
SecurityWeek
Siemens Industrial Product Impacted by Exploited Palo Alto Firewall Vulnerability
Palo Alto Networks firewall vulnerability CVE-2024-3400, exploited as a zero-day, impacts a Siemens industrial product.
CyberSecurity Dive
Palo Alto Networks quibbles over impact of exploited, compromised firewalls
The security vendor downplayed the impact of exploit activity, describing most attempts as unsuccessful, but outside researchers say 6,000 devices are vulnerable.
The Hacker News
MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws
MITRE, a top cybersecurity firm, breached by a nation-state. Zero-days and session hijacking were the weapons.
Latest Hacking News
Palo Alto Networks Patched A Pan-OS Vulnerability Under Attack
A critical zero-day vulnerability in Palo Alto networks Pan-OS firewall has received an emergency fix following active exploitation. The vulnerability lets an attacker execute arbitrary codes on vulnerable devices under specific conditions. Given the active
SecurityWeek
MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days
MITRE R&D network hacked in early January by a state-sponsored threat group that exploited an Ivanti zero-day vulnerability.
SC Magazine
6.2K Palo Alto firewalls still at risk as exploits increase
Proof-of-concept exploits for CVE-2024-3400 are now publicly available.
Cyber Security News
MITRE Hacked - Attackers Compromised R&D Networks Using Ivanti Zero-days
The MITRE Corporation has disclosed that a sophisticated cyber attack recently compromised one of its internal r&d networks.
The Cyber Express
MITRE Hit in Massive Supply Chain Attack: State-Backed Hackers Exploit Zero-Days
The MITRE Corporation revealed on April 19 that it was one of over 1700 organizations compromised by a state-backed hacking
The Hacker News
Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack
A critical vulnerability (CVE-2024-3400) in Palo Alto Networks PAN-OS is being actively exploited by threat actors.
Bleeping Computer
MITRE says state hackers breached its network via Ivanti zero-days
The MITRE Corporation says a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days.
Bleeping Computer
22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks
Approximately 22,500 exposed Palo Alto GlobalProtect firewall devices are likely vulnerable to the CVE-2024-3400 flaw, a critical command injection vulnerability that has been actively exploited in attacks since at least March 26, 2024.
CyberSecurity Dive
Palo Alto Networks warns firewall exploits are spreading
Attempted exploits and attacks linked to the zero-day vulnerability, which has a CVSS of 10, grew after proof of concepts were released.
SecurityWeek
Exploitation of Palo Alto Firewall Vulnerability Picking Up After PoC Release
Palo Alto Networks firewall vulnerability CVE-2024-3400 increasingly exploited after PoC code has been released.
Security Affairs
Researchers released exploit code for actively exploited Palo Alto PAN-OS bug
Researchers released an exploit code for the actively exploited vulnerability CVE-2024-3400 in Palo Alto Networks' PAN-OS.
CyberSecurity Dive
Palo Alto Networks fixes maximum severity, exploited CVE in firewalls
The security vendor said a “limited number of attacks” were linked to the exploited vulnerability. Volexity observed exploits dating back to March 26.
DarkReading
Palo Alto Network Issues Hot Fixes for Zero-Day Bug in Its Firewall OS
A likely sophisticated threat actor is leveraging the bug to deploy a Python backdoor for stealing data and executing other malicious actions.
HACKRead
Palo Alto Patches 0-Day (CVE-2024-3400) Exploited by Python Backdoor
Palo Alto Networks has released patches for a 0-day vulnerability (CVE-2024-3400) that threatened to leave firewalls exposed to cyberattacks.
Infosecurity News
Palo Alto Networks Zero-Day Flaw Exploited in Targeted Attacks
Designated CVE-2024-3400 and with a CVSS score of 10.0, the flaw enables unauthorized actors to execute arbitrary code on affected firewalls
Security Affairs
CISA adds Palo Alto Networks PAN-OS Command Injection flaw to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Palo Alto Networks PAN-OS Command Injection flaw to its Known Exploited Vulnerabilities catalog.
Bleeping Computer
Palo Alto Networks fixes zero-day exploited to backdoor firewalls
Palo Alto Networks has started releasing hotfixes for a zero-day vulnerability that has been actively exploited since March 26th to backdoor PAN-OS firewalls.
Security Affairs
Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor
Threat actors have been exploiting the recently disclosed zero-day in Palo Alto Networks PAN-OS since March 26, 2024.
SecurityWeek
Palo Alto Networks Releases Fixes for Firewall Zero-Day as First Attribution Attempts Emerge
Palo Alto Networks has started releasing hotfixes for the firewall zero-day CVE-2024-3400, which some have linked to North Korea’s Lazarus.
The Hacker News
Palo Alto Networks Releases Urgent Fixes for Exploited PAN-OS Vulnerability
Palo Alto Networks has issued critical hotfixes for a severe security vulnerability in PAN-OS, which is being actively exploited.
The Record
Palo Alto Networks releases fixes for zero-day as attackers swarm VPN vulnerability
The company released hotfixes for the vulnerability affecting GlobalProtect VPN, which carries the highest severity score possible of 10.
Bleeping Computer
Palo Alto Networks zero-day exploited since March to backdoor firewalls
Suspected state-sponsored hackers have been exploiting a zero-day vulnerability in Palo Alto Networks firewalls tracked as CVE-2024-3400 since March 26, using the compromised devices to breach internal networks, steal data and credentials.
The Hacker News
Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack
Hackers have been exploiting a severe flaw (CVE-2024-3400) in Palo Alto Networks' software that began nearly three weeks before discovery.
Ars Technica
“Highly capable” hackers root corporate networks by exploiting firewall 0-day
No patch yet for unauthenticated code-execution bug in Palo Alto Networks firewall.
SecurityWeek
State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls
A state-sponsored threat actor has been exploiting a zero-day in Palo Alto Networks firewalls for the past two weeks.
Bleeping Computer
Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks
Today, Palo Alto Networks warns that an unpatched critical command injection vulnerability in its PAN-OS firewall is being actively exploited in attacks.
Infosecurity News
Palo Alto Networks Warns About Critical Zero-Day in PAN-OS
A fix for CVE-2024-3400 is scheduled on April 4, Palo Alto Networks announced
SecurityWeek
Palo Alto Networks Warns of Exploited Firewall Vulnerability
Palo Alto Networks warns of limited exploitation of a critical command injection vulnerability leading to code execution on firewalls.
The Hacker News
Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack
Critical security flaw found in Palo Alto Networks firewalls. Hackers are already taking advantage.
SC Magazine
Palo Alto Networks PAN-OS critical 0-day exploited; hotfixes available
The max severity (CVSS 10) bug enables command injection through the GlobalProtect feature.
The Record
Palo Alto Networks warns of zero-day in VPN product
The company released an advisory about a vulnerability in the popular GlobalProtect VPN product that was unknown to security researchers until this week.
SecurityWeek
Ivanti CEO Vows Cybersecurity Makeover After Zero-Day Blitz
Ivanti chief executive Jeff Abbott vows a complete overhaul of core engineering, security and vulnerability management practices.
SC Magazine
Ivanti promises to address its bug problem after security failures
With its appliances repeatedly targeted by cyberespionage gangs, Ivanti's CEO has pledged a “new era” where security is paramount.
CyberSecurity Dive
CISA asserts no data stolen during Ivanti-linked attack on the agency
Threat actors gained access to and potentially compromised two CISA systems weeks after the agency applied Ivanti’s initial mitigation measures.
The Record
CISA forced to take two systems offline last month after Ivanti compromise
Hackers breached the systems of the Cybersecurity and Infrastructure Security Agency (CISA) in February through vulnerabilities in Ivanti products, officials said.
Infosecurity News
Five Eyes Warn of Ivanti Vulnerabilities Exploitation
Government agencies from the Five Eyes coalition said that Ivanti’s own tools are not sufficient to detect compromise
CyberScoop
Ivanti integrity checker tool needs latest update to work, Five Eyes alert warns
The software company pushed back on the joint advisory, which comes following multiple directives from CISA this year prodding agencies to patch against Ivanti exploits.
SecurityWeek
Chinese Cyberspies Use New Malware in Ivanti VPN Attacks
Chinese threat actors target Ivanti VPN appliances with new malware designed to persist system upgrades.
DarkReading
Iran-Backed Charming Kitten Stages Fake Webinar Platform to Ensnare Targets
The latest ploy by the APT also known as Charming Cypress targets policy experts in the Middle East, Europe, and the US.
Cyber Security News
Hackers launched 250,000+ Attacks to Exploit Ivanti VPN 0-Day
Ivanti Connect Secure vulnerabilities were disclosed in January 2024 as a potential gateway for threat actors to penetrate into corporate networks.
The Hacker News
Iranian Hackers Target Middle East Policy Experts with New BASICSTAR Backdoor
The Iranian cyberespionage group Charming Kitten is using fake webinars and a new 'BASICSTAR' backdoor to target experts in Middle Eastern policy.
DarkReading
Volt Typhoon Hits Multiple Electric Utilities, Expands Cyber Activity
'Voltzite,' the APT's subset that focuses on OT networks and critical infrastructure, has also compromised targets in Africa.
Cyber Security News
CharmingCypress Use Poisoned VPN Apps to Install Backdoor
CharmingCypress frequently uses novel social-engineering techniques in its phishing efforts, like emailing people & long-lasting discussions
CyberScoop
Volt Typhoon targeted emergency management services, per report
Dragos researchers found that the China-sponsored hacking group has been attacking electric utilities since 2023.
The Record
Ivanti publishes urgent warning about new vulnerability
The issue is yet another chapter in Ivanti’s weeks-long scramble to address vulnerabilities that have been exploited by hackers.
HACKRead
Chained Exploits, Stolen VPN Access: Hackers Target Ivanti Users Despite Patches
The zero-day vulnerability, CVE-2024-21893 (CVSS score 8.2), disclosed by Ivanti on 31 January 2024, is now being actively exploited in the wild.
CyberSecurity Dive
Ivanti VPNs face renewed threat activity after initial patch release and new CVEs
After weeks of mitigation efforts, CISA ordered federal civilian agencies to disconnect the devices.
Ars Technica
Agencies using vulnerable Ivanti products have until Saturday to disconnect them
Things were already bad with two critical zero-days. Then Ivanti disclosed a new one.
CyberScoop
CISA orders Ivanti devices targeted by Chinese hackers be disconnected
An updated emergency directive includes instructions on how to bring affected devices back online securely.
SecurityWeek
CISA Sets 48-hour Deadline for Removal of Insecure Ivanti Products
In an unprecedented move, CISA is directing federal agencies to disconnect insecure Ivanti VPN products within 48 hours.
HACKRead
Ivanti VPN Flaws Exploited to Spread KrustyLoader Malware
Cybersecurity concerns are rising as hackers try to exploit zero-day vulnerabilities in Ivanti VPN devices to deploy malware and crypto miners.
SecurityWeek
After Delays, Ivanti Patches Zero-Days and Confirms New Exploit
Ivanti documented a new zero-day and belatedly ships patches; Mandiant is reporting "broad exploitation activity" against the vulnerabilities
Bleeping Computer
Ivanti warns of new Connect Secure zero-day exploited in attacks
Today, Ivanti warned of two more vulnerabilities impacting Connect Secure, Policy Secure, and ZTA gateways, one of them a zero-day bug already under active exploitation.
CyberSecurity Dive
Delayed Ivanti patch arrives after weeks of exploitation
The company also disclosed two additional high-severity vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure.
Security Affairs
Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware
Threat actors are exploiting recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) VPN devices to deliver KrustyLoader.
The Hacker News
Chinese Hackers Exploiting VPN Flaws to Deploy KrustyLoader Malware
Chinese nation-state hacker group UTA0178 weaponized Ivanti VPN vulnerabilities to deploy the Rust-based KrustyLoader, cryptocurrency miners.
SC Magazine
One of two new high-severity bugs in Ivanti exploited in the wild
Mandiant and CISA say security teams should prioritize the bugs as Ivanti released patches Jan. 31.
The Record
Two new Ivanti bugs discovered as CISA warns of hackers bypassing mitigations
IT company Ivanti said this week that it discovered two new vulnerabilities affecting its products while investigating bugs discovered earlier in the month.
Infosecurity News
Rust Payloads Exploiting Ivanti 0-Days Linked to Sliver Toolkit
After analyzing the Rust payloads exploiting Ivanti ConnectSecure vulnerabilities, Synacktiv found they all enabled a post-exploitation toolkit
SecurityWeek
Ivanti Struggling to Hit Zero-Day Patch Release Schedule
Ivanti is struggling to hit its own timeline for the delivery of patches for critical -- and already exploited -- flaws in VPN appliances.
Cyber Security News
Mass Exploitation of Ivanti VPN Exposes Corporate Networks to Hack Attacks
According to the reports shared with Cyber Security News, there were more than 26000 unique internet-facing Ivanti VPN Connect Secure hosts.
Ars Technica
Mass exploitation of Ivanti VPNs is infecting networks around the globe
Orgs that haven't acted yet should, even if it means suspending VPN services.
SecurityWeek
Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation
Apple pushes out fresh versions of its iOS and macOS platforms to fix WebKit vulnerabilities being exploited as zero-day in the wild.
Bleeping Computer
Ivanti: VPN appliances vulnerable if pushing configs after mitigation
Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities.
Infosecurity News
CISA Emergency Directive Orders Action on Ivanti Zero-Days
US security agency CISA orders all civilian federal agencies to take immediate steps to mitigate two Ivanti zero-day flaws
The Hacker News
CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits
CISA issues emergency directive against two major zero-day actively exploited flaws in Ivanti products.
CyberScoop
CISA issues emergency directive for federal agencies to patch Ivanti VPN vulnerabilities
The agency says the bug is being actively exploited and poses a risk to federal networks.
SecurityWeek
CISA Issues Emergency Directive on Ivanti Zero-Days
The US government’s cybersecurity agency CISA ramps up the pressure on organizations to mitigate two exploited Ivanti VPN vulnerabilities.
Bleeping Computer
CISA emergency directive: Mitigate Ivanti zero-days immediately
CISA issued this year's first emergency directive ordering Federal Civilian Executive Branch (FCEB) agencies to immediately mitigate two Ivanti Connect Secure and Ivanti Policy Secure zero-day flaws in response to widespread and active exploitation by multiple threat actors.
SecurityWeek
Ivanti EPMM Vulnerability Targeted in Attacks as Exploitation of VPN Flaws Increases
The number of Ivanti VPN appliances compromised through exploitation of recent flaws increases and another bug is added to exploited list.
CyberSecurity Dive
Ivanti Connect Secure exploitation accelerates as Moody’s calls impact credit negative
A suspected state-linked hacker is manipulating an integrity tool used to check systems as customers still await an initial patch.
The Hacker News
U.S. Cybersecurity Agency Warns of Actively Exploited Ivanti EPMM Vulnerability
A critical flaw (CVE-2023-35082) in Ivanti EPMM is being exploited in the wild, giving attackers access to your data.
The Record
Ivanti vulnerabilities are being exploited widely, CISA says in emergency directive
CISA warned that two bugs in Ivanti products are allowing hackers “to move laterally, perform data exfiltration, and establish persistent system access, resulting in full compromise of target information systems.”
SC Magazine
Ivanti: Backdoor suspected in exploited VPN products post-mitigation
Ivanti reported that it believes malicious code has been added to exploited Connect-Secure and Policy Secure products that allows a threat actor future access, even after mitigation is applied.
CyberSecurity Dive
Ivanti Connect Secure exploitation accelerates, 1,700 devices compromised worldwide
Researchers warn additional threat actors are actively working to take advantage of two chained together vulnerabilities.
DarkReading
Ivanti Zero-Day Exploits Skyrocket Worldwide; No Patches Yet
Anyone who hasn't mitigated two zero-day security bugs in Ivanti VPNs may already be compromised by a Chinese nation-state actor.
HACKRead
Ivanti VPN Zero-Day Flaws Fuel Widespread Cyber Attacks
The vulnerabilities in Ivanti VPN devices enable remote, unauthenticated hackers to compromise targeted devices, execute arbitrary commands, infiltrate internal networks, and steal sensitive data.
Latest Hacking News
Ivanti Patches Connect Secure Zero-day Flaws Under Attack
Ivanti has warned users of two zero-day vulnerabilities in its Connect Secure and Policy Secure gateways that have already attracted hackers’ attention. The firm confirmed active exploitation of the flaws to target a small number
Security Affairs
Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws
Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild.
Infosecurity News
Ivanti Zero-Days Exploited By Multiple Actors Globally
Volexity detects 1700 compromised Ivanti VPN devices following publication of two zero-days last week
SecurityWeek
Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins
Ivanti VPN zero-days have been exploited to hack at least 1,700 devices, including government, telecoms, defense, and tech.
Bleeping Computer
Ivanti Connect Secure zero-days now under mass exploitation
Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control (NAC) appliances are now under mass exploitation.
The Record
Ivanti spots ‘sharp increase’ in targeting of VPN as analysts find 1,700 devices exploited
IT company Ivanti continues to respond to exploitation of vulnerabilities in its Connect Secure VPN product. Researchers at Volexity began to size up the damage over the weekend.
Bleeping Computer
Ivanti Connect Secure zero-days exploited to deploy custom malware
Hackers have been exploiting the two zero-day vulnerabilities in Ivanti Connect Secure disclosed this week since early December to deploy multiple families of custom malware for espionage purposes.
The Hacker News
Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families
Nation-state hackers weaponizing Ivanti Connect Secure VPN zero-days to deploy five malware families in a targeted cyber espionage campaign.
CyberSecurity Dive
Ivanti Connect Secure attacks part of deliberate espionage operation
Researchers warn the previously unknown actor has developed custom malware designed to maintain persistent access on targeted networks and evade detection.
SecurityWeek
Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout
Ivanti zero-day vulnerabilities dubbed ConnectAround could impact thousands of systems and cyberspies are preparing for patch release.
CyberNews
China suspected to be behind Ivanti zero-day exploits
Ivanti software bugs exploited by China hackers.
DarkReading
Ivanti Researchers Report Two Critical Zero-Day Vulnerabilities
Patches will be available in late January and February, but until then, customers must take mitigation measures.
PCMag
State-Sponsored Hackers Exploit Zero-Day Flaws in Ivanti VPN
Ivanti is working to roll out an official fix for the critical flaws later this month.
Security Affairs
CISA adds Ivanti and Microsoft SharePoint bugs to its Known Exploited Vulnerabilities catalog
US CISA adds Ivanti Connect Secure and Microsoft SharePoint bugs to its Known Exploited Vulnerabilities catalog
Security Affairs
Two zero-day bugs in Ivanti Connect Secure actively exploited
Ivanti revealed that two threat actors are exploiting two zero-day vulnerabilities in its Connect Secure (ICS) and Policy Secure.
Loading more articles....