Palo Alto Networks released patches for an actively exploited zero-day vulnerability in its PAN-OS operating system, which runs some of the security vendor's firewalls. The company disclosed the vulnerability on Friday and issued initial patches on Sunday, according to a security advisory. The command injection vulnerability, CVE-2024-3400, allows an unauthenticated attacker to execute arbitrary code with root privileges, Palo Alto Networks' Unit 42 said Friday in a threat brief. READ MORE...
UnitedHealth Group estimates costs from the Change Healthcare cyberattack could reach $1.6 billion this year, executives said on Tuesday. However, the managed care giant maintained its full-year earnings guidance, suggesting the financial fallout from the attack on the massive claims clearinghouse may be less serious than feared. The hit comes from direct response efforts like recovering Change's clearinghouse platform and paying higher medical costs. READ MORE...
The formidable Sandworm hacker group has played a central role supporting Russian military objectives in Ukraine over the past two years even as it has stepped up cyberthreat operations in other regions of strategic political, economic, and military interest to Russia. That's the upshot of the analysis of the threat actor's activities undertaken by Google Cloud's Mandiant security group. READ MORE...
Ivanti has released security updates to fix 27 vulnerabilities in its Avalanche mobile device management (MDM) solution, two of them critical heap overflows that can be exploited for remote command execution. Avalanche is used by enterprise admins to remotely manage, deploy software, and schedule updates across large fleets of over 100,000 mobile devices from a single central location. READ MORE...
A critical flaw in Delinea's Secret Server SOAP API disclosed this week sent security teams racing to roll out a patch. But a researcher claims he contacted the privileged access management provider weeks ago to alert them to the bug, only to be told he was not eligible to open a case. Delinea first disclosed the SOAP endpoint flaw on April 12. By the next day, Delinea teams had rolled out an automatic fix for cloud deployments and a download for on-premises Secret Servers. READ MORE...
More than 100 documents containing potentially confidential information related to government and police activities in Ukraine were uploaded to a publicly accessible repository recently as the result of nearly decade-old malware, an unusual case in which an old and imperfect virus has escaped detection, allowing it to persist and continue to pose a threat. READ MORE...
At least six distinct botnet malware operations are hunting for TP-Link Archer AX21 (AX1800) routers vulnerable to a command injection security issue reported and addressed last year. Tracked as CVE-2023-1389, the flaw is a high-severity unauthenticated command injection problem in the locale API reachable through the TP-Link Archer AX21 web management interface. READ MORE...
Various infosec researchers have released proof-of-concept (PoC) exploits for the maximum-severity vulnerability in Palo Alto Networks' PAN-OS used in GlobalProtect gateways. The PoCs started rolling out just a day after the vendor began releasing hotfixes for the issue on Monday. Researchers have echoed previous warnings about how easy the vulnerability is to use in attacks, and said that many organizations could be compromised as a result. READ MORE...