🐛 COMMON VULNERABILITIES AND EXPOSURES 1[−]
20 AprPalo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under AttackPalo Alto Networks has shared more details of a critical security flaw impacting PAN-OS that has come under active exploitation in the wild by malicious actors. The company described the vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), as "intr…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 2[−]
20 AprCritical Update: CrushFTP Zero-Day Flaw Exploited in Targeted AttacksUsers of the CrushFTP enterprise file transfer software are being urged to update to the latest version following the discovery of a security flaw that has come under targeted exploitation in the wild. "CrushFTP v11 versions below 11.1 have a vulnerabilit…THEHACKERNEWS.COM
20 AprCrushFTP Warns Users to Patch Exploited Zero-Day “Immediately”As the company also explains in a public security advisory published on Friday, this zero-day bug enables unauthenticated attackers to escape the user's virtual file system (VFS) and download system files.BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 1[−]
20 AprEvil XDR: Researcher Turns Palo Alto Software Into Perfect MalwareIn a briefing at Black Hat Asia, Shmuel Cohen, security researcher at SafeBreach, described how he not only reverse-engineered and cracked into the company's signature Cortex product but also weaponized it to deploy a reverse shell and ransomware.DARKREADING.COM
🕵️ THREAT INTELLIGENCE 2[−]
20 AprBlackTech Targets Tech, Research, and Gov Sectors New 'Deuterbear' Toolsubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://thehackernews.com/2024/04/blacktech-targets-tech-research-and-gov.html?m=1THEHACKERNEWS.COM
20 AprGitHub comments abused to push malware via Microsoft repo URLsA GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with a Microsoft repository, making the files appear trustworthy. [...]BLEEPINGCOMPUTER.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
20 AprHackers Target Middle East Governments with Evasive "CR4T" BackdoorThe starting point of the attack is a dropper, which comes in two variants -- a regular dropper that's either implemented as an executable or a DLL file and a tampered installer file for a legitimate tool named Total Commander.THEHACKERNEWS.COM
20 AprLawmakers vote to reauthorize US spying law that critics say expands government surveillanceHouse and Senate lawmakers passed a bill reauthorizing the controversial Section 702 powers under FISA, which allows U.S. spy agencies to conduct warrantless searches of Americans' communications. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
📡 INFOSEC NEWS 1[−]
20 AprCritical Forminator plugin flaw impacts over 300k WordPress sitesThe Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server. [...]BLEEPINGCOMPUTER.COM