#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

Telemetry | Breaking Cybersecurity News | The Hacker News

Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack

Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack

Apr 12, 2024 Network Security / Zero-Day
Palo Alto Networks is warning that a critical flaw impacting PAN-OS software used in its GlobalProtect gateways is being actively exploited in the wild. Tracked as  CVE-2024-3400 , the issue has a CVSS score of 10.0, indicating maximum severity. "A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall," the company  said  in an advisory published today. The flaw impacts the following versions of PAN-OS, with fixes expected to be released on April 14, 2024 - PAN-OS < 11.1.2-h3 PAN-OS < 11.0.4-h1 PAN-OS < 10.2.9-h1 The company also said that the issue is applicable only to firewalls that have the configurations for both  GlobalProtect gateway  (Network > GlobalProtect > Gateways) and  device telemetry  (Device > Setup > Telemetry) enabled.
New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion

New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion

Mar 01, 2024 Linux / Cyber Threat
Cybersecurity researchers have discovered a new Linux variant of a remote access trojan (RAT) called BIFROSE (aka Bifrost) that uses a deceptive domain mimicking VMware. "This latest version of Bifrost aims to bypass security measures and compromise targeted systems," Palo Alto Networks Unit 42 researchers Anmol Maurya and Siddharth Sharma  said . BIFROSE  is one of the long-standing threats that has been active since 2004. It has been offered for sale in underground forums for up to $10,000 in the past, according to a  report  from Trend Micro in December 2015. The malware has been put to use by a state-backed hacking group from China tracked as  BlackTech  (aka Circuit Panda, HUAPI, Manga Taurus, Palmerworm, PLEAD, Red Djinn, and Temp.Overboard), which has a history of striking organizations in Japan, Taiwan, and the U.S. It's suspected that the threat actor purchased the source code or gained access to it around 2010, and repurposed the malware for use in its own
Cybersecurity
Expert Insights
Cybersecurity Resources