Palo Alto Networks fixed several vulnerabilities in its PAN-OS operating system, including 3 issues that can trigger a DoS condition on its firewalls. Palo Alto Networks released security updates to address several high-severity vulnerabilities in its PAN-OS operating system. The…
Category: Security Affairs
Apple warns of mercenary spyware attacks on iPhone users in 92 countries
Apple is warning iPhone users in over 90 countries of targeted mercenary spyware attacks, Reuters agency reported. Apple is alerting iPhone users in 92 countries about mercenary spyware attacks, reported Reuters. Reuters only mentioned India as one of the countries…
Microsoft fixed two zero-day bugs exploited in malware attacks
Microsoft addressed two zero-day vulnerabilities (CVE-2024-29988 and CVE-2024-26234) actively exploited by threat actors to deliver malware Microsoft addressed two zero-day vulnerabilities, tracked as CVE-2024-29988 and CVE-2024-26234, that threat actors are exploiting to deliver malware. Microsoft Patches Tuesday security updates for…
Group Health Cooperative data breach impacted 530,000 individuals
Group Health Cooperative of South Central Wisconsin disclosed a data breach that impacted over 500,000 individuals. The Group Health Cooperative of South Central Wisconsin (GHC-SCW) is a non-profit organization that provides health insurance and medical care services to its members…
AT&T states that the data breach impacted 51 million former and current customers
AT&T confirmed that the data breach impacted 51 million former and current customers and is notifying them. AT&T revealed that the recently disclosed data breach impacts more than 51 million former and current customers and is notifying them. In March…
Fortinet fixed a critical remote code execution bug in FortiClientLinux
Fortinet addressed multiple issues in FortiOS and other products, including a critical remote code execution flaw in FortiClientLinux. Fortinet fixed a dozen vulnerabilities in multiple products, including a critical-severity remote code execution (RCE) issue, tracked as CVE-2023-45590 (CVSS score of…
Microsoft Patches Tuesday security updates for April 2024 fixed hundreds of issues
Microsoft Patches Tuesday security updates for April 2024 addressed three Critical vulnerabilities, none actively exploited in the wild. Microsoft Patches Tuesday security updates for April 2024 addressed 147 vulnerabilities in multiple products. This is the highest number of fixed issues…
Cybersecurity in the Evolving Threat Landscape
As technology evolves and our dependence on digital systems increases, the cybersecurity threat landscape also rapidly changes, posing fresh challenges for organizations striving to protect their assets and data. The battle between cybersecurity defenders and malicious actors rages on in…
Over 91,000 LG smart TVs running webOS are vulnerable to hacking
Researchers found multiple vulnerabilities in LG webOS running on smart TVs that could allow attackers to gain root access to the devices. Bitdefender researchers discovered multiple vulnerabilities in LG webOS running on smart TVs that could be exploited to bypass…
ScrubCrypt used to drop VenomRAT along with many malicious plugins
Researchers discovered a sophisticated multi-stage attack that leverages ScrubCrypt to drop VenomRAT along with many malicious plugins. Fortinet researchers observed a threat actor sending out a phishing email containing malicious Scalable Vector Graphics (SVG) files. The email is crafted to…
Google announces V8 Sandbox to protect Chrome users
Google announced support for a V8 Sandbox in the Chrome web browser to protect users from exploits triggering memory corruption issues. Google has announced support for what’s called a V8 Sandbox in the Chrome web browser. The company included the V8 Sandbox in Chrome’s Vulnerability…
China is using generative AI to carry out influence operations
China-linked threat actors are using AI to carry out influence operations aimed at fueling social disorders in the U.S. and Taiwan. China is using generative artificial intelligence to carry out influence operations against foreign countries, including the U.S. and Taiwan,…
Greylock McKinnon Associates data breach exposed DOJ data of 341650 people
Greylock McKinnon Associates, a service provider for the Department of Justice, suffered a data breach that exposed data of 341650 people. Greylock McKinnon Associates (GMA) provides expert economic analysis and litigation support to a diverse group of domestic and international…
Crowdfense is offering a larger 30M USD exploit acquisition program
Zero-day broker firm Crowdfense announced a 30 million USD offer as part of its Exploit Acquisition Program. Crowdfense is a world-leading research hub and acquisition platform focused on high-quality zero-day exploits and advanced vulnerability research. In 2019 the company made…
U.S. Department of Health warns of attacks against IT help desks
The U.S. Department of Health and Human Services (HHS) warns of attacks against IT help desks across the Healthcare and Public Health (HPH) sector. The U.S. Department of Health and Human Services (HHS) reported that threat actors are carrying out…
Security Affairs newsletter Round 466 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. More…
Over 92,000 Internet-facing D-Link NAS devices can be easily hacked
A researcher disclosed an arbitrary command injection and hardcoded backdoor issue in multiple end-of-life D-Link NAS models. A researcher who goes online with the moniker ‘Netsecfish’ disclosed a new arbitrary command injection and hardcoded backdoor flaw, tracked as , tracked…
More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894
Experts warn of roughly 16,500 Ivanti Connect Secure and Poly Secure gateways still vulnerable to a remote code execution (RCE) flaw. Shadowserver researchers reported that roughly 16,500 Ivanti Connect Secure and Poly Secure gateways are vulnerable to the recently reported…
Cisco warns of XSS flaw in end-of-life small business routers
Cisco warns customers of Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Cross-Site scripting flaw. Cisco warns of a Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers Cross-Site scripting (XSS) flaw. The medium severity issue, tracked…
Magento flaw exploited to deploy persistent backdoor hidden in XML
Threat actors are exploiting critical Magento vulnerability CVE-2024-20720 to install a persistent backdoor on e-stores. Sansec researchers observed threat actors are exploiting the recently disclosed Magento vulnerability CVE-2024-20720 to deploy a persistent backdoor on e-stores. The vulnerability CVE-2024-20720Â (CVSS score of…