Apr 16, 2024 Today, I heard about a critical zero-day vulnerability affecting Palo Alto Networks’ GlobalProtect VPN product, which allows an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. It’s been assigned a CVE-2024-3400 and has a CVSS score of 10.0. The company has started issuing
Apr 14, 2024 I recently came across some concerning news about cybersecurity threats that need urgent attention. It appears that hackers are taking advantage of a critical flaw in Palo Alto Networks PAN-OS software, which has been actively exploited since March 26, 2024. Organizations using this software must take immediate
Apr 12, 2024 Today’s news highlights several critical cybersecurity issues that need immediate attention. Google has announced a new feature for its Workspace enterprise platform that will require multiple administrators to approve changes to an organization’s sensitive settings, in an effort to counter admin account hacks. This is a significant
Apr 10, 2024 I just heard about a critical flaw in D-Link NAS devices that has left 92,000 devices vulnerable to malware attacks. This is a major concern as threat actors are actively exploiting these security flaws. Immediate action needs to be taken to address this vulnerability and protect these
Apr 09, 2024 Today’s news is filled with concerning developments in the cybersecurity world. First, it has been reported that a security researcher has discovered a backdoor in D-Link network-attached storage (NAS) devices, affecting more than 92,000 devices connected to the internet. This poses a significant threat as the devices
Apr 06, 2024 I just heard about Ukraine’s efforts to bring Russian military hackers to trial at the International Criminal Court for a cyberattack on Ukraine’s largest mobile operator, Kyivstar. The attack caused significant disruption to mobile services for days, impacting the Ukrainian population. However, Ukraine’s case faces hurdles as
Apr 05, 2024 In recent cybersecurity news, Microsoft has come under fire for security failures that led to a threat actor compromising the email accounts of senior US and UK officials. The Cyber Safety Review Board has highlighted avoidable errors by Microsoft, including a lack of urgency in addressing the
Apr 04, 2024 I recently came across some alarming news regarding cybersecurity issues that demand immediate attention. One of the most concerning reports was about a scathing indictment of a tech giant, Microsoft, for lapses in cybersecurity practices that led to a targeted Chinese hack of the emails of top
Apr 03, 2024 So, Google has agreed to delete billions of browsing records collected from users in Incognito Mode due to a lawsuit that claimed the company did not properly disclose the data collected. They have also updated Chrome’s Incognito home page to outline the types of data collected, which
Apr 02, 2024 I just received news about a major supply chain attack in Linuxland. A backdoor was discovered in XZ Utils, a popular library used in Linux distros and macOS apps, allowing attackers to execute code on remote systems. This attack is concerning because it was the work of