CyberSecurityBoard
Sponsor Register Login

Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days

Strategies for secure identity management in hybrid environmentsIn this Help Net Security interview, Charlotte Wylie, SVP and Deputy CSO at Okta, discusses the challenges of managing user identities across hybrid IT environments.
Leveraging AI for enhanced compliance and governanceIn this Help Net Security interview, Dr. Joseph Sweeney, Advisor at IBRS, discusses the risks of integrating AI into information management systems.
Strategies to cultivate collaboration between NetOps and SecOpsIn this Help Net Security interview, Debby Briggs, CISO at Netscout, discusses breaking down silos between NetOps and SecOps.
Cybersecurity jobs available right now: April 10, 2024We've scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field.
It can handle almost anything, and someone once called it the kitchen sink of PKI. Microsoft patches two actively exploited zero-daysOn this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn't marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro's Zero Day Initiative, has found being leveraged by attackers in the wild.
It enables teams to collect, store, and analyze data to get answers to security, application, and IT infrastructure questions.
WiCyS: A champion for a more diverse cybersecurity workforceIn this Help Net Security interview, Lynn Dohm, Executive Director at Women in CyberSecurity, talks about how the organization supports its members across different stages of their cybersecurity journey.
XZ Utils backdoor: Detection tools, scripts, rulesAs the analysis of the backdoor in XZ Utils continues, several security companies have provided tools and advice on how to detect its presence on Linux systems.
New Google Workspace feature prevents sensitive security changes if two admins don't approve themGoogle is rolling out multi-party approvals for Google Workspace customers with multiple super admin accounts, the company has announced.
LG smart TVs may be taken over by remote attackersBitdefender researchers have uncovered four vulnerabilities in webOS, the operating system running on LG smart TVs, which may offer attackers unrestricted access to the devices.
New covert SharePoint data exfiltration techniques revealedVaronis Threat Labs researchers have uncovered two techniques attackers can use can use for covert data and file exfiltration from companies' SharePoint server.
How malicious email campaigns continue to slip through the cracksIn this Help Net Security video, Josh Bartolomie, VP of Global Threat Services at Cofense, discusses how email will remain a target as long as it remains the predominant form of communication within a business.
April 2024 Patch Tuesday forecast: New and old from MicrosoftThis month, we have a new product preview from Microsoft, and some older products are being prepared for end-of-support.
Defining a holistic GRC strategyIn this Help Net Security video, Nicholas Kathmann, CISO at LogicGate, discusses why companies are turning to a holistic GRC strategy.
How exposure management elevates cyber resilienceAttackers are adept at identifying and exploiting the most cost-effective methods of compromise, highlighting the critical need for organizations to implement asset identification and understand their assets' security posture in relation to the whole estate.
AI risks under the auditor's lens more than everIn this Help Net Security video, Thomas Teravainen, a Research Specialist at Gartner, discusses how AI-related risks have seen the biggest increases in audit plan coverage in 2024.
Stopping security breaches by managing AppSec postureIn this Help Net Security video, Gopi Rebala, CTO at OpsMx, talks about how managing application security posture can help companies identify, prioritize, and fix vulnerabilities and stop security breaches while enforcing policies to block vulnerable deployments to production environments.
How Google's 90-day TLS certificate validity proposal will affect enterprisesAnnounced last year, Google's proposal to reduce the lifespan of TLS certificates from 13 months to 90 days could be implemented in the near future.
It will certainly improve security and shrink the window of opportunity for bad actors to exploit compromised or stolen certificates and private keys.
The next wave of mobile threatsIn this Help Net Security video, Michael Covington, VP of Portfolio Strategy at Jamf, discusses planning a mobile security strategy.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Sun, 14 Apr 2024 08:43:06 +0000


Cyber News related to Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days

Palo Alto Networks and IBM to Jointly Provide AI-Powered Security Offerings - PRESS RELEASE. SANTA CLARA, Calif. and ARMONK, N.Y., May 15, 2024 /PRNewswire/ - Palo Alto Networks, the global cybersecurity leader, and IBM, a leading provider of hybrid cloud and AI, today announced a broad-reaching partnership to deliver ...
6 months ago Darkreading.com
A Leader in 2024 Forrester Enterprise Firewall Solutions Wave - Palo Alto Networks has long recognized these challenges, which is why we’ve built a network security platform that not only protects but also fosters business growth and innovation in today’s complex environment. We believe the recognition of ...
1 month ago Paloaltonetworks.com
Research Shows 163% ROI with Palo Alto Networks Software Firewalls - Good news is here for cloud and network security professionals who need proven, cost-effective solutions that substantially reduce downtime and breaches across a range of cloud and virtualized environments. Palo Alto Networks software firewalls not ...
11 months ago Paloaltonetworks.com
Palo Alto Networks and Deloitte Expand Strategic Alliance Globally - 1, 2024 /PRNewswire/ -- Palo Alto Networks (NASDAQ: PANW) and Deloitte today announced an expansion of their strategic alliance into EMEA and JAPAC regions, making Palo Alto Networks® AI-powered cybersecurity solutions and joint offerings available ...
1 month ago Darkreading.com
8 Common Types of Firewalls Explained & When to Use Each - The eight types of deployable firewalls include traditional network firewalls, unified threat management, next-generation firewalls, web application firewalls, database firewalls, cloud firewalls, container firewalls, and firewalls-as-a-service. ...
10 months ago Esecurityplanet.com
Exploit released for Palo Alto PAN-OS bug used in attacks, patch now - Exploit code is now available for a maximum severity and actively exploited vulnerability in Palo Alto Networks' PAN-OS firewall software. Tracked as CVE-2024-3400, this security flaw can let unauthenticated threat actors execute arbitrary code as ...
7 months ago Bleepingcomputer.com
CISOs Grapple With IBM's Unexpected Cybersecurity Software Exit - IBM's surprise departure from cybersecurity software this week didn't just rearrange the competitive landscape - it also reshuffled the procurement plans and vendor relationships for many CISOs rebuilding their SOCs. IBM has agreed to sell the QRadar ...
6 months ago Darkreading.com
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
5 months ago Securityaffairs.com
9 Best Next-Generation Firewall Solutions for 2023 - Next-generation firewalls are network security solutions that go beyond the traditional port/protocol inspection by incorporating application-level inspection, intrusion prevention, and external threat intelligence. As the third generation in ...
11 months ago Esecurityplanet.com
Unlocking the Economic Benefit of NGFWs - Cyberthreats are increasing in volume and complexity, making it difficult for network defenders to protect their organizations. Threat actors are evolving their tools and techniques, finding new ways to employ artificial intelligence to avoid ...
8 months ago Paloaltonetworks.com
Ivanti Connect Secure zero-days now under mass exploitation - Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control appliances are now under mass exploitation. As discovered by threat intelligence company Volexity, which also first spotted the zero-days ...
10 months ago Bleepingcomputer.com
Palo Alto Networks Recognized as a Leader in the 2023 Gartner Magic Quadrant for Endpoint Protection Platforms - Today, we are pleased to announce that Palo Alto Networks has been named a Leader in the 2023 Gartner Magic Quadrant for Endpoint Protection Platforms. Before we dive into the significance of this year's Magic Quadrant for EPP, I want to take a ...
10 months ago Paloaltonetworks.com
Apple fixes two new iOS zero-days in emergency updates - Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. "Apple is aware of a report that this issue may ...
11 months ago Bleepingcomputer.com
Apple backports fix for RTKit iOS zero-day to older iPhones - Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks. The flaw is a memory corruption issue in Apple's RTKit real-time operating system that enables attackers ...
6 months ago Bleepingcomputer.com
Palo Alto Networks Prevents Data Loss at Enterprise Scale with NVIDIA - With NVIDIA accelerated computing and AI software, cybersecurity leaders like Palo Alto Networks can safeguard vast amounts of sensitive information with unprecedented speed and accuracy, ushering in a new era of AI-driven data protection. The ...
1 month ago Paloaltonetworks.com
VMware fixes three zero-day bugs exploited at Pwn2Own 2024 - VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest. The most severe flaw patched today is CVE-2024-22267, a ...
6 months ago Bleepingcomputer.com
How to track and stop CVE-2024-3400: Palo Alto Devices API Exploit Causing Critical Infrastructure and Enterprise Epidemics - On Friday April 12, Palo Alto disclosed that some versions of PAN-OS are not only vulnerable to remote code execution, but that the vulnerability has been actively exploited to install backdoors on Palo Alto firewalls. Palo Alto has marked this ...
7 months ago Securityboulevard.com
Vulnerability Recap 4/15/24: Palo Alto, Microsoft, Ivanti Exploits - Typically, these vulnerabilities result in remote code execution or denial-of-service attacks, posing major dangers to users' data security. Multiple Vulnerabilities Discovered in LG WebOS Smart TVs. Type of vulnerability: Authorization bypass, ...
7 months ago Esecurityplanet.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own - Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. The company addressed the security flaw on systems running macOS Monterey and macOS ...
6 months ago Bleepingcomputer.com
Sav-Rx data breach impacted over 2.8 million individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks. Microsoft fixed two zero-day bugs exploited in malware ...
5 months ago Securityaffairs.com
Investing in Cloud Infrastructure in the Kingdom of Saudi Arabia - Digital transformation is at the heart of the Kingdom of Saudi Arabia's ambitious Vision 2030 program as the nation looks to future-proof its economy and enhance people's lives. The Kingdom is looking to diversify its economy and develop public ...
5 months ago Paloaltonetworks.com
Palo Alto Networks Completes Acquisition of Talon - Palo Alto Networks announced today that it has completed the acquisition of Talon Cyber Security, an Israeli startup selling a secure browser technology to enterprise customers. Palo Alto first announced plans to buy Talon in November 2023 in a deal ...
10 months ago Securityweek.com
Ivanti warns of Connect Secure zero-days exploited in attacks - Ivanti has disclosed two Connect Secure and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways. The first security flaw is an authentication bypass in the gateways' web ...
10 months ago Bleepingcomputer.com
Apple emergency updates fix recent zero-days on older iPhones - Apple has issued emergency security updates to backport patches for two actively exploited zero-day flaws to older iPhones and some Apple Watch and Apple TV models. The two vulnerabilities, now tracked as CVE-2023-42916 and CVE-2023-42917, were ...
11 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)