IT Security Newsletter - 4/17/2024
Palo Alto Networks fixes maximum severity, exploited CVE in firewalls
Palo Alto Networks released patches for an actively exploited zero-day vulnerability in its PAN-OS operating system, which runs some of the security vendor's firewalls. The company disclosed the vulnerability on Friday and issued initial patches on Sunday, according to a security advisory. The command injection vulnerability, CVE-2024-3400, allows an unauthenticated attacker to execute arbitrary code with root privileges, Palo Alto Networks' Unit 42 said Friday in a threat brief. READ MORE...
UnitedHealth expects up to $1.6B hit from Change cyberattack this year
UnitedHealth Group estimates costs from the Change Healthcare cyberattack could reach $1.6 billion this year, executives said on Tuesday. However, the managed care giant maintained its full-year earnings guidance, suggesting the financial fallout from the attack on the massive claims clearinghouse may be less serious than feared. The hit comes from direct response efforts like recovering Change's clearinghouse platform and paying higher medical costs. READ MORE...
'Sandworm' Group Is Russia's Primary Cyberattack Unit in Ukraine
The formidable Sandworm hacker group has played a central role supporting Russian military objectives in Ukraine over the past two years even as it has stepped up cyberthreat operations in other regions of strategic political, economic, and military interest to Russia. That's the upshot of the analysis of the threat actor's activities undertaken by Google Cloud's Mandiant security group. READ MORE...
Ivanti warns of critical flaws in its Avalanche MDM solution
Ivanti has released security updates to fix 27 vulnerabilities in its Avalanche mobile device management (MDM) solution, two of them critical heap overflows that can be exploited for remote command execution. Avalanche is used by enterprise admins to remotely manage, deploy software, and schedule updates across large fleets of over 100,000 mobile devices from a single central location. READ MORE...
Delinea Fixes Flaw, but Only After Analyst Goes Public With Disclosure First
A critical flaw in Delinea's Secret Server SOAP API disclosed this week sent security teams racing to roll out a patch. But a researcher claims he contacted the privileged access management provider weeks ago to alert them to the bug, only to be told he was not eligible to open a case. Delinea first disclosed the SOAP endpoint flaw on April 12. By the next day, Delinea teams had rolled out an automatic fix for cloud deployments and a download for on-premises Secret Servers. READ MORE...
Decade-old malware haunts Ukrainian police
More than 100 documents containing potentially confidential information related to government and police activities in Ukraine were uploaded to a publicly accessible repository recently as the result of nearly decade-old malware, an unusual case in which an old and imperfect virus has escaped detection, allowing it to persist and continue to pose a threat. READ MORE...
Multiple botnets exploiting one-year-old TP-Link flaw to hack routers
At least six distinct botnet malware operations are hunting for TP-Link Archer AX21 (AX1800) routers vulnerable to a command injection security issue reported and addressed last year. Tracked as CVE-2023-1389, the flaw is a high-severity unauthenticated command injection problem in the locale API reachable through the TP-Link Archer AX21 web management interface. READ MORE...
Exploit code for Palo Alto Networks zero-day now public
Various infosec researchers have released proof-of-concept (PoC) exploits for the maximum-severity vulnerability in Palo Alto Networks' PAN-OS used in GlobalProtect gateways. The PoCs started rolling out just a day after the vendor began releasing hotfixes for the issue on Monday. Researchers have echoed previous warnings about how easy the vulnerability is to use in attacks, and said that many organizations could be compromised as a result. READ MORE...
- ...in 1907, Ellis Island processes 11,747 new immigrants, more than any other day in its 62-year history.
- ...in 1937, Daffy Duck makes his film debut in the Porky Pig short "Porky's Duck Hunt."
- ...in 1959, actor Sean Bean ("Goldeneye", "The Fellowship of the Ring") is born in Yorkshire, England.
- ...in 1970, Apollo 13 returns safely to Earth after emergency in-flight repairs force an early end to its mission.