Tag: cve
-
Thousands of Palo Alto Firewalls Potentially Impacted by Exploited Vulnerability
by
in SecurityNewsShadowserver has identified roughly 6,000 internet-accessible Palo Alto Networks firewalls potentially vulnerable to CVE-2024-3400. The post rver has … First seen on securityweek.com Jump to article: www.securityweek.com/thousands-of-palo-alto-firewalls-potentially-impacted-by-exploited-vulnerability/
-
NTLM-Schwachstelle in Windows: CVE-2024-21320 – Patch von 0patch schließt bekannte Windows-Lücke
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsluecke-cve-2024-21320-patch-leaking-ntlm-anmeldedaten-a-3b0ef2b5c786558a92ef33c2da2f4997/
-
Kritische PuTTY-Schwachstelle CVE-2024-31497 verrät private Schlüssel
by
in SecurityNewsVerwendet jemand den SSH- und Telnet-Client PuTTY? Mit der freien Software PuTTY lassen sich Verbindungen über Secure Shell, Telnet, Remote login oder… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/04/17/kritische-putty-schwachstelle-cve-2024-31497-verrt-private-schlssel/
-
22,500 Palo Alto firewalls possibly vulnerable to ongoing attacks
by
in SecurityNewsApproximately 22,500 exposed Palo Alto GlobalProtect firewall devices are likely vulnerable to the CVE-2024-3400 flaw, a critical command injection vu… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/22-500-palo-alto-firewalls-possibly-vulnerable-to-ongoing-attacks/
-
Palo Alto ZeroDay Exploited in The Wild Following PoC Release
by
in SecurityNewsPalo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified as CVE-2024-3400. This zero-day flaw, found i… First seen on gbhackers.com Jump to article: gbhackers.com/palo-alto-zeroday-exploited-in-wild/
-
Linux variant of Cerber ransomware targets Atlassian servers
by
in SecurityNewsThreat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. At the end of O… First seen on securityaffairs.com Jump to article: securityaffairs.com/161962/cyber-crime/cerber-ransomware-cve-2023-22518-atlassian.html
-
Warnung: Aktive Ausnutzung einer ungepatchten Schwachstelle CVE-2024-3400 in Palo Alto Networks Firewalls
by
in SecurityNewsIn Palo Alto Networks Firewalls gibt es eine ungepatchte Sicherheitslücke (CVE-2024-3400), die in bestimmten Szenarien ausgenutzt werden kann und auch… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/04/12/warnung-aktive-ausnutzung-einer-ungepatchten-schwachstelle-in-palo-alto-networks-firewalls/
-
Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation
by
in SecurityNewsWhile it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE-2024-3400 would be possible by disabling the devices… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/04/17/cve-2024-3400-attacks/
-
Researchers released exploit code for actively exploited Palo Alto PAN-OS bug
by
in SecurityNewsResearchers released an exploit code for the actively exploited vulnerability CVE-2024-3400 in Palo Alto Networks’ PAN-OS. Researchers at watchTowr La… First seen on securityaffairs.com Jump to article: securityaffairs.com/161936/hacking/exploit-code-cve-2024-3400-palo-alto-pan-os.html
-
Companies Didn’t Prioritize Third-Party Sources of CVEs, Here’s What Happened
by
in SecurityNewsLast December, Veracode reported that more than a third of Java applications still use vulnerable versions of the Log4j Java logging library. This aft… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/companies-didnt-prioritize-third-party-sources-of-cves-heres-what-happened/
-
Exploitation activity increasing on Fortinet vulnerability
by
in SecurityNewsThe Shadowserver Foundation recently saw an increase in exploitation activity for CVE-2024-21762, two days after a proof-of-concept exploit was publis… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366574352/Exploitation-activity-increasing-on-Fortinet-vulnerability
-
GitOps users warned to patch 3 new Argo CD CVEs
by
in SecurityNewsThree recently identified vulnerabilities, one of them designated high severity, now have fixes following a lengthy disclosure process and disagreemen… First seen on techtarget.com Jump to article: www.techtarget.com/searchitoperations/news/366574332/GitOps-users-warned-to-patch-3-new-Argo-CD-CVEs
-
Exploitation of Palo Alto Firewall Vulnerability Picking Up After PoC Release
by
in SecurityNewsPalo Alto Networks firewall vulnerability CVE-2024-3400 increasingly exploited after PoC code has been released. The post o Networks firewall vulnera… First seen on securityweek.com Jump to article: www.securityweek.com/exploitation-of-palo-alto-firewall-vulnerability-picking-up-after-poc-release/
-
Critical PuTTY Vulnerability Allows Secret Key Recovery
by
in SecurityNewsPuTTY vulnerability CVE-2024-31497 allows attackers to compromise private keys and use them to forge signatures. The post lnerability CVE-2024-31497 … First seen on securityweek.com Jump to article: www.securityweek.com/critical-putty-vulnerability-allows-secret-key-recovery/
-
PuTTY SSH client flaw allows recovery of cryptographic private keys
by
in SecurityNewsA vulnerability tracked as CVE-2024-31497 in PuTTY 0.68 through 0.80 could potentially allow attackers with access to 60 cryptographic signatures to r… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/
-
Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites
Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites.The attack leverages CVE-… First seen on thehackernews.com Jump to article: thehackernews.com/2024/04/hackers-exploit-magento-bug-to-steal.html
-
CVE-2024-3400 exploited: Unit 42, Volexity share more details about the attacks
by
in SecurityNewsEarlier today, Palo Alto Networks revealed that a critical command injection vulnerability (CVE-2024-3400) in the company’s firewalls has been exploit… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/04/12/palo-alto-networks-firewalls-cve-2024-3400-exploited/
-
Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild
by
in SecurityNewsIn a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its GlobalProtect Gateway, identified as CVE-2024-3400. This f… First seen on gbhackers.com Jump to article: gbhackers.com/alert-palo-alto-rce-zero-day-vulnerability-actively-exploited-in-the-wild/
-
Palo Alto Networks Releases Fixes for Firewall Zero-Day as Attribution Attempts Emerge
by
in SecurityNewsPalo Alto Networks has started releasing hotfixes for the firewall zero-day CVE-2024-3400, which some have linked to North Korea’s Lazarus. The post … First seen on securityweek.com Jump to article: www.securityweek.com/palo-alto-networks-releases-fixes-for-firewall-zero-day-as-first-attribution-attempts-emerge/
-
Palo Alto Networks zero-day exploited since March to backdoor firewalls
by
in SecurityNewsSuspected state-sponsored hackers have been exploiting a zero-day vulnerability in Palo Alto Networks firewalls tracked as CVE-2024-3400 since March 2… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/palo-alto-networks-zero-day-exploited-since-march-to-backdoor-firewalls/
-
How to track and stop CVE-2024-3400: Palo Alto Devices API Exploit Causing Critical Infrastructure and Enterprise Epidemics
by
in SecurityNewsOn Friday April 12, Palo Alto disclosed that some versions of PAN-OS are not only vulnerable to remote code execution, but that the vulnerability has … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/how-to-track-and-stop-cve-2024-3400-palo-alto-devices-api-exploit-causing-critical-infrastructure-and-enterprise-epidemics/
-
Another CVE (PAN-OS Zero-Day), Another Reason to Consider Zero Trust
by
in SecurityNewsA Year of Critical Zero Days: Firewalls, VPNs, and more This past year has been, in many ways, the year of zero-day vulnerabilities for externally ex… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/another-cve-pan-os-zero-day-another-reason-to-consider-zero-trust/
-
Exploitation of Unpatched D-Link NAS Device Vulnerabilities Soars
by
in SecurityNewsSecond identifier, CVE-2024-3272, assigned to unpatched D-Link NAS device vulnerabilities, just as exploitation attempts soar. The post dentifier, CV… First seen on securityweek.com Jump to article: www.securityweek.com/exploitation-of-unpatched-d-link-nas-device-vulnerabilities-soars/
-
Palo Alto Networks Releases Fixes for Firewall Zero-Day as First Attribution Attempts Emerge
by
in SecurityNewsPalo Alto Networks has started releasing hotfixes for the firewall zero-day CVE-2024-3400, which some have linked to North Korea’s Lazarus. The post … First seen on securityweek.com Jump to article: www.securityweek.com/palo-alto-networks-releases-fixes-for-firewall-zero-day-as-first-attribution-attempts-emerge/
-
Microsoft fixed two zero-day bugs exploited in malware attacks
by
in SecurityNewsMicrosoft addressed two zero-day vulnerabilities (CVE-2024-29988 and CVE-2024-26234) actively exploited by threat actors to deliver malware Microsoft … First seen on securityaffairs.com Jump to article: securityaffairs.com/161692/security/two-zero-day-malware-attacks.html
-
Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234)
by
in SecurityNewsOn this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Micros… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/04/09/april-2024-patch-tuesday-cve-2024-29988/
-
Microsoft Patches Two Zero-Days Exploited for Malware Delivery
by
in SecurityNewsMicrosoft patches CVE-2024-29988 and CVE-2024-26234, two zero-day vulnerabilities exploited by threat actors to deliver malware. The post t patches CV… First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-patches-two-zero-days-exploited-for-malware-delivery/
-
Apple discloses 2 iOS zero-day vulnerabilities
by
in SecurityNewsCVE-2024-23225 and CVE-2024-23296, which bypass kernel memory protections, mark the second and third zero-day vulnerabilities that Apple has disclosed… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366572451/Apple-discloses-2-iOS-zero-day-vulnerabilities
-
More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894
by
in SecurityNewsExperts warn of roughly 16,500 Ivanti Connect Secure and Poly Secure gateways still vulnerable to a remote code execution (RCE) flaw. Shadowserver res… First seen on securityaffairs.com Jump to article: securityaffairs.com/161544/security/ivanti-16500-vulnerable-istances.html
-
Windows NTLM Credentials-Schwachstelle CVE-2024-21320: Fix durch 0patch
by
in SecurityNewsIn Windows gibt es eine Schwachstelle (CVE-2024-21320), die NTLM-Anmeldeinformationen über Windows-Themen offen legt. Microsoft hat zwar im Januar 202… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/04/04/windows-ntlm-credentials-schwachstelle-cve-2024-21320-fix-durch-0patch/