Search results for palo alto networks firewall logs | Breaking Cybersecurity News | The Hacker News

Enterprises should expect to see more cyberattacks launched against them. The data that they now gather and store have made their infrastructures key targets for hackers. Customer data and intellectual property can be sold in the black market for profit, and sensitive information can also be used by hackers to extort them. Enterprises are now aggressively shifting their workloads to the cloud which, while it has many benefits, expands their defensive perimeter and exposes them to further risks as well. As such, organizations are now widely investing in various security solutions in order to comprehensively protect their networks. Gartner expects security spending to exceed $124 billion this year. Solutions such as firewalls and threat prevention tools have increasingly become essential for enterprises. Leading firewall provider Palo Alto Networks , for example, provides companies with various measures to protect their infrastructures. It's currently being used by tens...

Cybersecurity researchers have taken the wraps off a previously undocumented ransomware strain called  Rorschach  that's both sophisticated and fast. "What makes Rorschach stand out from other ransomware strains is its high level of customization and its technically unique features that have not been seen before in ransomware," Check Point Research  said  in a new report. "In fact, Rorschach is one of the  fastest ransomware strains  ever observed, in terms of the speed of its encryption." The cybersecurity firm said it observed the ransomware deployed against an unnamed U.S.-based company, adding it found no branding or overlaps that connect it to any previously known ransomware actors. However, further analysis of Rorschach's source code reveals similarities to  Babuk ransomware , which suffered a leak in September 2021, and  LockBit 2.0 . On top of that, the ransom notes sent out to the victims appear to be inspired by that of  Yanluow...

What do hijacked websites, fake job offers, and sneaky ransomware have in common? They're proof that cybercriminals are finding smarter, sneakier ways to exploit both systems and people. This week makes one thing clear: no system, no person, no organization is truly off-limits. Attackers are getting smarter, faster, and more creative—using everything from human trust to hidden flaws in technology. The real question is: are you ready? 💪 Every attack holds a lesson, and every lesson is an opportunity to strengthen your defenses. This isn't just news—it's your guide to staying safe in a world where cyber threats are everywhere. Let's dive in. ⚡ Threat of the Week Palo Alto Networks Warns of Zero-Day: A remote code execution flaw in the Palo Alto Networks PAN-OS firewall management interface is the newest zero-day to be actively exploited in the wild. The company began warning about potential exploitation concerns on November 8, 2024. It has since been confirmed that it has been we...

Telecommunications organizations in Southeast Asia have been targeted by a state-sponsored threat actor known as CL-STA-0969 to facilitate remote control over compromised networks. Palo Alto Networks Unit 42 said it observed multiple incidents in the region, including one aimed at critical telecommunications infrastructure between February and November 2024. The attacks are characterized by the use of several tools to enable remote access, as well as the deployment of Cordscan, which can collect location data from mobile devices. However, the cybersecurity company said it found no evidence of data exfiltration from the networks and systems it investigated. Nor were any efforts made by the attackers to track or communicate with target devices within mobile networks. "The threat actor behind CL-STA-0969 maintained high operational security (OPSEC) and employed various defense evasion techniques to avoid detection," security researchers Renzon Cruz, Nicolas Bareil, and Nav...

Every week, the digital world faces new challenges and changes. Hackers are always finding new ways to breach systems, while defenders work hard to keep our data safe. Whether it's a hidden flaw in popular software or a clever new attack method, staying informed is key to protecting yourself and your organization. In this week's update, we'll cover the most important developments in cybersecurity. From the latest threats to effective defenses, we've got you covered with clear and straightforward insights. Let's dive in and keep your digital world secure. ⚡ Threat of the Week Palo Alto Networks PAN-OS Flaw Under Attack — Palo Alto Networks has disclosed a high-severity flaw impacting PAN-OS software that could cause a denial-of-service (DoS) condition on susceptible devices by sending a specially crafted DNS packet. The vulnerability (CVE-2024-3393, CVSS score: 8.7) only affects firewalls that have the DNS Security logging enabled. The company said it's aware of...

The threat actor known as Dragon Breath has been observed making use of a multi-stage loader codenamed RONINGLOADER to deliver a modified variant of a remote access trojan called Gh0st RAT. The campaign, which is primarily aimed at Chinese-speaking users, employs trojanized NSIS installers masquerading as legitimate like Google Chrome and Microsoft Teams, according to Elastic Security Labs. "The infection chain employs a multi-stage delivery mechanism that leverages various evasion techniques, with many redundancies aimed at neutralising endpoint security products popular in the Chinese market," security researchers Jia Yu Chan and Salim Bitam said . "These include bringing a legitimately signed driver, deploying custom WDAC policies, and tampering with the Microsoft Defender binary through PPL [Protected Process Light] abuse." Dragon Breath, also known as APT-Q-27 and Golden Eye, was previously highlighted by Sophos in May 2023 in connection with a campaign ...

The notorious cybercrime group known as Scattered Spider is targeting VMware ESXi hypervisors in attacks targeting retail, airline, and transportation sectors in North America. "The group's core tactics have remained consistent and do not rely on software exploits. Instead, they use a proven playbook centered on phone calls to an IT help desk," Google's Mandiant team said in an extensive analysis. "The actors are aggressive, creative, and particularly skilled at using social engineering to bypass even mature security programs. Their attacks are not opportunistic but are precise, campaign-driven operations aimed at an organization's most critical systems and data." Also called 0ktapus, Muddled Libra, Octo Tempest, and UNC3944, the threat actors have a history of conducting advanced social engineering attacks to obtain initial access to victim environments and then adopting a "living-off-the-land" (LotL) approach by manipulating trusted ad...

A threat activity cluster has been observed targeting fully-patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances as part of a campaign designed to drop a backdoor called OVERSTEP . The malicious activity, dating back to at least October 2024, has been attributed by the Google Threat Intelligence Group (GTIG) to a hacking crew it tracks as UNC6148 . The number of known victims is "limited" at this stage. The tech giant assessed with high confidence that the threat actor is "leveraging credentials and one-time password (OTP) seeds stolen during previous intrusions, allowing them to regain access even after organizations have applied security updates." "Analysis of network traffic metadata records suggests that UNC6148 may have initially exfiltrated these credentials from the SMA appliance as early as January 2025." The exact initial access vector used to deliver the malware is currently not known due to the steps taken by the...