Networks

  • Blog

    UK disrupts Russian money laundering networks used by ransomware

    ​A law enforcement operation led by the United Kingdom’s National Crime Agency (NCA) has disrupted two Russian money laundering networks working with criminals worldwide, including ransomware gangs. Dubbed “Operation Destabilise,” this international investigation has led to the arrest of 84 Russian-speaking suspects linked to the Smart (led by Ukrainian George Rossi) and TGR (controlled by Russian Ekaterina Zhdanova) criminal organizations.…

    Read More »
  • Blog

    Palo Alto Networks warns of critical RCE zero-day exploited in attacks

    Palo Alto Networks is warning that a critical zero-day vulnerability on Next-Generation Firewalls (NGFW) management interfaces, currently tracked as ‘PAN-SA-2024-0015,’ is actively being exploited in attacks. The flaw was originally disclosed on November 8, 2024, with Palo Alto Networks warning customers to restrict access to their next-generation firewalls because of a “potential” remote code execution (RCE) vulnerability impacting them. No signs…

    Read More »
  • Blog

    CISA warns of more Palo Alto Networks bugs exploited in attacks

    CISA warned today that two more critical security vulnerabilities in Palo Alto Networks’ Expedition migration tool are now actively exploited in the wild. Attackers can use the two unauthenticated command injection (CVE-2024-9463) and SQL injection (CVE-2024-9465) vulnerabilities to hack into unpatched systems running the company’s Expedition migration tool, which helps migrate configurations from Checkpoint, Cisco, and other supported vendors. While…

    Read More »
  • Blog

    Palo Alto Networks warns of potential PAN-OS RCE vulnerability

    Today, cybersecurity company Palo Alto Networks warned customers to restrict access to their next-generation firewalls because of a potential remote code execution vulnerability in the PAN-OS management interface. In a security advisory published on Friday, the company said it doesn’t yet have additional information regarding this alleged security flaw and added that it has yet to detect signs of active exploitation.…

    Read More »
  • Blog

    CISA warns of critical Palo Alto Networks bug exploited in attacks

    Today, CISA warned that attackers are exploiting a critical missing authentication vulnerability in Palo Alto Networks Expedition, a migration tool that can help convert firewall configuration from Checkpoint, Cisco, and other vendors to PAN-OS. This security flaw, tracked as CVE-2024-5910, was patched in July, and threat actors can remotely exploit it to reset application admin credentials on Internet-exposed Expedition servers. “Palo Alto Expedition contains…

    Read More »
  • Blog

    Warning issued after SharePoint flaw puts entire corporate networks at risk

    Security researchers have issued an alert over threat actors exploiting a recently disclosed vulnerability in Microsoft Sharepoint, warning the weakness could allow attackers to compromise the entire network. Researchers from Rapid7’s incident response team have published findings from an investigation where hackers compromised a Microsoft Exchange service account by exploiting a vulnerability in a public-facing application. The attacker was able…

    Read More »
  • Blog

    Fog ransomware targets SonicWall VPNs to breach corporate networks

    Fog and Akira ransomware operators are increasingly breaching corporate networks through SonicWall VPN accounts, with the threat actors believed to be exploiting CVE-2024-40766, a critical SSL VPN access control flaw. SonicWall fixed the SonicOS flaw in late August 2024, and roughly a week later, it warned that it was already under active exploitation. At the same time, Arctic Wolf security…

    Read More »
  • Blog

    Black Basta ransomware poses as IT support on Microsoft Teams to breach networks

    The BlackBasta ransomware operation has moved its social engineering attacks to Microsoft Teams, posing as corporate help desks contacting employees to assist them with an ongoing spam attack. Black Basta is a ransomware operation active since April 2022 and responsible for hundreds of attacks against corporations worldwide. After the Conti cybercrime syndicate shut down in June 2022 following a series of embarrassing…

    Read More »
  • Blog

    Where next for private cloud networks?

    However you define “private cloud” or segment the analysis, it’s on the up. Although organizations are moving away from owning their own on premises infrastructure in their own data centers, they’re not guaranteed to choose the public cloud as they might have in the early cloud boom years. So says Terry Storrar, managing director at Leaseweb, who tells ITPro that…

    Read More »
  • Blog

    Palo Alto Networks warns of firewall hijack bugs with public exploit

    Palo Alto Networks warned customers today to patch security vulnerabilities (with public exploit code) that can be chained to let attackers hijack PAN-OS firewalls. The flaws were found in Palo Alto Networks’ Expedition solution, which helps migrate configurations from other Checkpoint, Cisco, or supported vendors. They can be exploited to access sensitive data, such as user credentials, that can help…

    Read More »
Back to top button
close