Cybersecurity

Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack

Apr 26, 2024NewsroomNetwork Security / Zero Day Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation. The vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), could be weaponized to obtain unauthenticated remote shell command execution on susceptible devices. It has been addressed in […]

Cybersecurity

Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies

Apr 03, 2024NewsroomMobile Security / Zero Day Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies. The high-severity zero-day vulnerabilities are as follows – CVE-2024-29745 – An information disclosure flaw in the bootloader component CVE-2024-29748 – A privilege escalation flaw in the firmware […]

Cybersecurity

Behind the Scenes: The Art of Safeguarding Non-Human Identities

Mar 28, 2024The Hacker NewsSecrets Management / Zero Trust In the whirlwind of modern software development, teams race against time, constantly pushing the boundaries of innovation and efficiency. This relentless pace is fueled by an evolving tech landscape, where SaaS domination, the proliferation of microservices, and the ubiquity of CI/CD pipelines are not just trends […]

Cybersecurity

CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign

The decrypted request content is as follows: 1000|87|283|Yes|6.1.7|||” Conclusion In this research, a follow-up to our Water Hydra APT Zero Day campaign analysis, we explored how the DarkGate operators were able to exploit CVE-2024-21412 as a zero-day attack to deploy the complex and evolving DarkGate malware. We also explored how security bypass vulnerabilities can be […]

Cybersecurity

Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws

Mar 06, 2024NewsroomVulnerability / Zero Day Apple has released security updates to address several security flaws, including two vulnerabilities that it said have been actively exploited in the wild. The shortcomings are listed below – CVE-2024-23225 – A memory corruption issue in Kernel that an attacker with arbitrary kernel read and write capability can exploit […]

Cybersecurity

Warning: New Ivanti Auth Bypass Flaw Affects Connect Secure and ZTA Gateways

Feb 09, 2024NewsroomVulnerability / Zero Day Ivanti has alerted customers of yet another high-severity security flaw in its Connect Secure, Policy Secure, and ZTA gateway devices that could allow attackers to bypass authentication. The issue, tracked as CVE-2024-22024, is rated 8.3 out of 10 on the CVSS scoring system. “An XML external entity or XXE […]