Tag: advisory

Palo Alto updates advisory about firewall bug after discovering exploitation attempts

Nov 15, 2024 8:53 PM

Tags: advisory, exploit, firewall, update

First seen on therecord.media Jump to article: therecord.media/palo-alto-networks-firewall-vulnerability-exploited
Microsoft revamps how it will disclose vulnerabilities

Nov 15, 2024 5:53 PM

Tags: advisory, framework, microsoft, vulnerability

The company said the additional disclosure method using the Common Security Advisory Framework will help organizations better prioritize CVEs. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/microsoft-disclose-vulnerabilities-CSAF/733063/
CISA and FBI: Chinese Hackers Compromised US Telecom Networks

Nov 14, 2024 5:53 PM

Tags: advisory, china, cisa, cyberespionage, hacker, network

The CISA and FBI have issued an advisory detailing a sophisticated cyberespionage campaign by state-sponsored Chinese hackers that… First seen on hackread.com Jump to article: hackread.com/cisa-fbi-chinese-hackers-hacked-us-telecom-networks/
Response to CISA Advisory (AA24-317A): 2023 Top Routinely Exploited Vulnerabilities

Nov 13, 2024 10:53 PM

Tags: advisory, cisa, exploit, vulnerability

In response to the recently published CISA Advisory (AA24-317A) that disseminates the top routinely exploited vulnerabilities from 2023, AttackIQ has proposed a multitude of recommendations that customers can take to emulate these prevalent vulnerabilities. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/response-to-cisa-advisory-aa24-317a-2023-top-routinely-exploited-vulnerabilities/
How the Trump Administration May Reshape Security, Privacy

Nov 13, 2024 6:53 PM

Tags: advisory, cybersecurity, data, finance, privacy

Attorney Lisa Sotto on Anticipated Changes in Regulatory Focus at FTC and CISA. Donald Trump’s return to the White House with a renewed focus on deregulation may shift the priorities of federal agencies in enforcing data privacy and cybersecurity policy, said Lisa Sotto, partner at Hunton Andrews Kurth and chairperson of the DHS Data Privacy…
Inside Iran’s Cyber Playbook: AI, Fake Hosting, and Psychological Warfare

Nov 13, 2024 8:50 AM

Tags: advisory, ai, cyber, cybersecurity, group, iran, warfare

U.S. and Israeli cybersecurity agencies have published a new advisory attributing an Iranian cyber group to targeting the 2024 Summer Olympics and com… First seen on thehackernews.com Jump to article: thehackernews.com/2024/11/inside-irans-cyber-playbook-ai-fake.html
Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039)

Nov 13, 2024 7:53 AM

Tags: access, advisory, attack, authentication, best-practice, computing, control, cve, dns, email, exploit, flaw, google, guide, malicious, microsoft, mitigation, ntlm, office, phishing, rce, remote-code-execution, service, sql, threat, tool, unauthorized, update, vulnerability, windows, zero-day

4Critical 82Important 1Moderate 0Low Microsoft addresses 87 CVEs and one advisory (ADV240001) in its November 2024 Patch Tuesday release, with four critical vulnerabilities and four zero-day vulnerabilities, including two that were exploited in the wild. Microsoft patched 87 CVEs in its November 2024 Patch Tuesday release, with four rated critical, 82 rated important and one…
Palo Alto Networks Addresses Remote Code Execution Vulnerability Claims

Nov 11, 2024 11:04 AM

Tags: advisory, network, rce, remote-code-execution, vulnerability

Palo Alto Networks has issued an advisory urging customers to take action in response to claims of an RCE vulnerability in PAN-OS. The post Palo Alto Networks Addresses Remote Code Execution Vulnerability Claims appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/palo-alto-networks-addresses-remote-code-execution-vulnerability-claims/
Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns

Nov 9, 2024 9:04 AM

Tags: access, advisory, network, rce, remote-code-execution, threat, vulnerability

Palo Alto Networks on Friday issued an informational advisory urging customers to ensure that access to the PAN-OS management interface is secured because of a potential remote code execution vulnerability.”Palo Alto Networks is aware of a claim of a remote code execution vulnerability via the PAN-OS management interface,” the company said. “At this time, we…
CISA Warns of Active Attacks on Critical Palo Alto Exploit

Nov 8, 2024 11:04 PM

Tags: advisory, attack, cisa, cybersecurity, exploit, flaw, infrastructure, network, technology, vulnerability

CISA Adds Critical Palo Alto Flaw to Vulnerability Catalog After Attack Discovery. The Cybersecurity and Infrastructure Security agency warned Palo Alto Networks that a critical vulnerability the technology giant previously patched has been actively exploited since then, according to a new advisory, potentially exposing configuration secrets and credentials. First seen on govinfosecurity.com Jump to article:…
Iranian Cyber Group Emennet Pasargad’s Expanding Operations Targeting Global Networks

Nov 6, 2024 2:51 AM

Tags: advisory, cyber, cybersecurity, group, iran, network, tactics

A joint cybersecurity advisory from the FBI, U.S. Department of Treasury, and Israel National Cyber Directorate has revealed new tactics employed by t… First seen on securityonline.info Jump to article: securityonline.info/iranian-cyber-group-emennet-pasargads-expanding-operations-targeting-global-networks/
Carahsoft to Host Webinar on Ensuring ICAM Survivability for Access in Disconnected, Degraded, Intermittent, and Low-Bandwidth (DDIL) Environments

Nov 5, 2024 7:56 AM

Tags: access, advisory, computer, group, identity, strategy

MEDIA ADVISORY Strata Identity, Saviynt, and Oxford Computer Group to Present Strategies for Identity Continuity at the Tactical Edge BOULDER, Colo., … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/carahsoft-to-host-webinar-on-ensuring-icam-survivability-for-access-in-disconnected-degraded-intermittent-and-low-bandwidth-ddil-environments/
US, Israel Describe Iranian Hackers’ Targeting of Olympics, Surveillance Cameras

Nov 4, 2024 1:55 PM

Tags: advisory, cyber, hacker, iran

The US and Israel have published an advisory describing the latest activities of Iranian cyber firm Emennet Pasargad, now called Aria Sepehr Ayandehsa… First seen on securityweek.com Jump to article: www.securityweek.com/us-israel-describe-iranian-hackers-targeting-of-olympics-surveillance-cameras/
Cisco ASA Devices Vulnerable to SSH Remote Command Injection Flaw

Oct 28, 2024 8:57 PM

Tags: advisory, cisco, flaw, injection, vulnerability

Cisco has issued a critical security advisory regarding a vulnerability in its Adaptive Security Appliance (ASA) Software. The vulnerability could all… First seen on gbhackers.com Jump to article: gbhackers.com/cisco-asa-devices-vulnerable/
Cisco Patches Critical Vulnerability Affecting VPN Services

Oct 28, 2024 12:52 PM

Tags: access, advisory, cisco, service, vpn, vulnerability

Cisco Systems released a critical advisory regarding a vulnerability in the Remote Access VPN (RAVPN) service associated with its Adaptive Security Ap… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/vulnerability-in-adaptive-security-appliance/
FBI, CISA, NSA Warn of Iranian Cyberattacks on Critical Infrastructure

Oct 23, 2024 9:21 PM

Tags: advisory, cisa, cyberattack, cybersecurity, infrastructure, international, iran

In a significant cybersecurity alert, multiple agencies, including the FBI, CISA, NSA, and international partners, have issued a joint advisory warnin… First seen on securityonline.info Jump to article: securityonline.info/fbi-cisa-nsa-warn-of-iranian-cyberattacks-on-critical-infrastructure/
Splunk’s Recent Security Advisory: Addressing Vulnerabilities in Splunk Enterprise

Oct 23, 2024 7:23 PM

Tags: advisory, vulnerability

Splunk has recently issued a security advisory aimed at addressing multiple vulnerabilities within its Splunk Enterprise software. The advisory catego… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/splunk-vulnerabilities/
VMware HCX Platform Vulnerable to SQL Injection Attacks

Oct 22, 2024 10:02 AM

Tags: advisory, attack, cve, injection, sql, vmware, vulnerability

VMware released an advisory (VMSA-2024-0021) addressing a critical vulnerability in its HCX platform. The vulnerability, CVE-2024-38814, is an authent… First seen on gbhackers.com Jump to article: gbhackers.com/vmware-hcx-platform-vulnerable/
Updates dringend notwendig – Ivanti veröffentlicht Security Advisory für kritische Sicherheitslücken

Oct 21, 2024 10:01 AM

Tags: advisory, ivanti, update

First seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsluecken-ivanti-cloud-services-appliance-a-a4099c534e081d4a2668d56045d7b5cb/
GitHub Issues Urgent Security Advisory on Critical Vulnerability in GitHub Enterprise Server

Oct 21, 2024 7:56 AM

Tags: advisory, github, vulnerability

GitHub has released a critical security advisory highlighting vulnerabilities that merit immediate action from users of GitHub Enterprise Server (GHES… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/critical-github-vulnerability-advisory/
Iranian Hackers Using Brute Force on Critical Infrastructure

Oct 17, 2024 12:35 PM

Tags: advisory, cyber, hacker, infrastructure, iran, threat

Advisory Warns Iranian Threat Actors Use ‘Push Bombing’ to Target Critical Sectors. Iranian cyber actors are increasingly using brute force techniques… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/iranian-hackers-using-brute-force-on-critical-infrastructure-a-26542
CISA advisory committee approves four draft reports on critical infrastructure resilience

Oct 17, 2024 12:31 AM

Tags: advisory, cisa, infrastructure, resilience

First seen on cyberscoop.com Jump to article: cyberscoop.com/cisa-cybersecurity-advisory-committee-october-report/
Palo Alto Expedition: From N-Day to Full Compromise

Oct 10, 2024 1:53 PM

Tags: advisory, cve, vulnerability

On July 10, 2024, Palo Alto released a security advisory for CVE-2024-5910, a vulnerability which allowed attackers to remotely reset the Expedition a… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/palo-alto-expedition-from-n-day-to-full-compromise/
Qualcomm Addresses DSP Vulnerability CVE-2024-43047, Urges Users to Patch Devices

Oct 9, 2024 10:03 AM

Tags: advisory, cve, update, vulnerability

Qualcomm has released the latest security advisory for multiple vulnerabilities. Among them, a Qualcomm vulnerability, designated as CVE-2024-43047, h… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/qualcomm-vulnerability-cve-2024-43047/
Strata Identity and CyberArk to Host Webinar on Transforming Legacy Identity by Embracing Modern IAM

Oct 3, 2024 2:39 AM

Tags: advisory, cloud, iam, identity

MEDIA ADVISORY Leading experts to share insights on using orchestration to protect legacy identity systems with modern cloud identity platforms withou… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/strata-identity-and-cyberark-to-host-webinar-on-transforming-legacy-identity-by-embracing-modern-iam/
Flax Typhoon’s Botnet Actively Exploiting 66 Vulnerabilities In Various Devices

Sep 26, 2024 10:11 AM

Tags: advisory, botnet, china, cybersecurity, exploit, vulnerability

The Five Eyes agencies recently released a joint cybersecurity advisory detailing a new botnet, Flax Typhoon, linked to Chinese state-sponsored actors… First seen on gbhackers.com Jump to article: gbhackers.com/flax-typhoon-botnet-66-exploits/
CVE-2024-28987: SolarWinds Web Help Desk Hardcoded Credential Vulnerability Deep-Dive

Sep 25, 2024 7:11 PM

Tags: advisory, credentials, cve, remote-code-execution, vulnerability

On August 13, 2024, SolarWinds released a security advisory for Web Help Desk (WHD) that detailed a deserialization remote code execution vulnerabilit… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/cve-2024-28987-solarwinds-web-help-desk-hardcoded-credential-vulnerability-deep-dive/
VMware vCenter Server Vulnerability Let Attackers Escalate Privileges

Sep 18, 2024 6:30 PM

Tags: advisory, cloud, vcenter, vmware, vulnerability

VMware has issued a critical security advisory (VMSA-2024-0019) addressing two significant vulnerabilities in its vCenter Server and VMware Cloud Foun… First seen on gbhackers.com Jump to article: gbhackers.com/vmware-vcenter-server-vulnerability-2/
Kudelski Security Expands Research and Advisory Services to Quantum Security

Sep 18, 2024 4:26 PM

Tags: advisory, service

Kudelski Security recently announced the launch of a new focus on quantum security, including expanded research and advisory services that enable secu… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2020/12/09/kudelski-security-expands-research-and-advisory-services-to-quantum-security/
CVE-2024-8190: Investigating CISA KEV Ivanti Cloud Service Appliance Command Injection Vulnerability

Sep 17, 2024 1:29 AM

Tags: advisory, cisa, cloud, cve, injection, ivanti, kev, service, vulnerability

On September 10, 2024, Ivanti released a security advisory for a command injection vulnerability for it’s Cloud Service Appliance (CSA) product. Initi… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/cve-2024-8190-investigating-cisa-kev-ivanti-cloud-service-appliance-command-injection-vulnerability/