Threat actors entered Treasury Department systems through BeyondTrust. The breach may be related to the Salt Typhoon attacks reported throughout the year.
Security | TechRepublic – Read More
As of Wednesday, a total of 36 Chrome extensions injected with data-stealing code have been detected, mostly related to artificial intelligence tools and virtual private networks.
The Record from Recorded Future News – Read More
A recent claim that a critical zero-day vulnerability existed in the popular open-source file archiver 7-Zip has been met with skepticism from the software’s creator and other security researchers.
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Ethical hacking group Chaos Computer Club uncovered exposed data of electrical vehicle owners across the company’s VW, Audi, Seat, and Skoda brands.
darkreading – Read More
A novel technique to stump artificial intelligence (AI) text-based systems increases the likelihood of a successful cyberattack by 60%.
darkreading – Read More
US soldier Cameron John Wagenius was arrested and charged over his suspected connection to presidential phone records leaks.
The post US Arrests Army Soldier Over AT&T, Verizon Hacking appeared first on SecurityWeek.
SecurityWeek – Read More
Ukraine has taken significant steps to enhance its cybersecurity posture, introducing key updates to its Organizational and Technical Model (OTM) of Cybersecurity and implementing new standards for safeguarding critical infrastructure facilities (CIF). These developments are part of the country’s broader Cybersecurity Strategy, aligning with global best practices and addressing evolving cyber threats.
The Cabinet of Ministers of Ukraine has approved amendments to the OTM of Cybersecurity, adopting a unified approach based on NIST’s Cybersecurity Framework 2.0. The updated framework provides state bodies and critical infrastructure operators with a structured methodology for identifying, mitigating, and recovering from cyber risks.
We take into account the best global practices in responding to cyber threats to more effectively counter the challenges facing Ukraine and the global cyberspace. By improving the organizational and technical model of cyber defense, the Administration of the State Service for Special Communications is introducing a single common approach to ensuring cybersecurity in the state,” said Oleksandr Potiy, Head of the State Service for Special Communications and Information Protection of Ukraine.
Key components of the updated Cyber Defense Strategy include:
The revised OTM also fosters better coordination among national cybersecurity entities, introducing a three-tiered infrastructure to streamline defense mechanisms.
The Administration of the State Service for Special Communications, in collaboration with the Security Service of Ukraine (SBU), has also introduced updated guidelines for developing and implementing CIF-specific cyber threat protection plans. This initiative aims to strengthen the security of critical infrastructure, particularly in light of heightened geopolitical tensions.
Key features of the updated protection plans include:
These measures are designed to provide a robust defense mechanism for critical infrastructure, safeguarding essential services and national security.
The updated policies emphasize a coordinated approach to cybersecurity governance, bringing together key stakeholders under a unified framework. The dual-approval process for CIF protection plans exemplifies the integration of efforts between the State Service for Special Communications and the SBU, ensuring that cybersecurity measures are both comprehensive and rigorously evaluated.
The need for these enhancements is due to the escalating complexity of cyber threats, ranging from ransomware and espionage to disinformation campaigns and sabotage. The cybersecurity strategy also considers the increasing risks posed by hybrid warfare, particularly from state-sponsored adversaries.
By adopting these proactive measures, Ukraine is not only bolstering its internal defenses but also aligning its cybersecurity practices with international standards, signaling its commitment to global cyber resilience.
Ukraine’s recent policy advancements reflect a comprehensive effort to address the ever-evolving cybersecurity landscape. By incorporating global best practices, fostering inter-agency collaboration, and emphasizing proactive risk management, the country is laying the groundwork for a resilient and secure digital future.
These initiatives will serve as a model for nations striving to safeguard their critical infrastructure and adapt to the rapidly changing cyber threat environment.
The post Ukraine Takes Steps to Strengthen its Cybersecurity Framework with Policy Advancements and Strategic Initiatives appeared first on Cyble.
Blog – Cyble – Read More
Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure.
The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three shortcomings reside in Power Platform’s OData Web API Filter, while the third vulnerability is rooted in the FetchXML
The Hacker News – Read More
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-3393, a Palo Alto Networks PAN-OS Malformed DNS Packet vulnerability, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability impacts the DNS Security feature of PAN-OS, which powers firewalls and security solutions. The vulnerability allows attackers to exploit the system through specially crafted DNS packets, leading to a denial-of-service (DoS) condition, affecting the availability of essential firewall services.
On December 27, 2024, Palo Alto Networks reported a Denial of Service (DoS) vulnerability in the DNS Security feature of PAN-OS, specifically linked to the malformed DNS packet handling process. This issue, now documented as CVE-2024-3393, has been added to the CISA’s Known Exploited Vulnerabilities Catalog.
The threat presented by CVE-2024-3393 PAN-OS is particularly alarming for organizations relying on DNS Security for protection, as attackers can exploit this flaw to send malicious DNS packets that cause the affected firewall to reboot. Repeated attempts can cause the firewall to enter maintenance mode, severely disrupting services. With the increasing reliance on firewalls to secure critical infrastructure, this vulnerability poses an urgent risk to many organizations globally.
CVE-2024-3393 affects PAN-OS versions on PA-Series, VM-Series, CN-Series firewalls, and Prisma Access deployments. The vulnerability arises when DNS Security logging is enabled with a valid DNS Security or Advanced DNS Security license. When exploited, this vulnerability could allow unauthenticated attackers to send a specially crafted DNS packet through the firewall’s data plane, causing a reboot. Continuous exploitation could force the firewall into maintenance mode, leading to prolonged service disruption.
The CVSS score for this vulnerability is 8.7, indicating a high-severity risk. The exploit maturity is classified as attacked, meaning that attackers are actively exploiting the vulnerability. It is worth noting that CVE-2024-3393 PAN-OS does not affect all PAN-OS versions. Specific versions are vulnerable, including PAN-OS 11.1, 10.2, and 10.1, depending on the release, while PAN-OS 9.1 and PAN-OS 11.0 have reached their end of life (EOL) and are no longer receiving patches.
For this issue to be successfully exploited, two primary conditions must be met:
This configuration creates an avenue for attackers to initiate the DoS attack by sending malicious DNS packets that the firewall fails to handle appropriately.
Cyble Research & Intelligence Labs reported a number of exposed PAN-OS instances, many of which belong to critical infrastructure sectors. As of recent scans, over 3,300 instances were detected with vulnerable PAN-OS versions. Many of these exposed assets belong to organizations in vital sectors such as healthcare, energy, and telecommunications, industries that play an essential role in national security, public health, and economic stability.
The vulnerability presents a dual threat: first, the direct impact of the DoS attack on network availability, and second, the potential for reflected amplification-based denial-of-service (RDoS) attacks, where attackers can obfuscate their identities by exploiting these vulnerable systems. The risk is not just to individual organizations but to entire regions and industries that depend on uninterrupted access to critical services.
To address the growing risk posed by CVE-2024-3393, here are some of the recommended several actions to mitigate the impact of this vulnerability:
While DNS Security is designed to protect against DNS infrastructure threats, this vulnerability exposes systems to DoS attacks, which can result in prolonged outages and potential data breaches.Organizations must prioritize strengthening their DNS Security practices, actively monitor DNS traffic, and keep configurations up-to-date to mitigate the risk posed by such vulnerabilities.
With the increasing sophistication of cyberattacks targeting systems like PAN-OS, timely patching, effective workarounds, and limiting external exposure are essential to securing firewalls and critical infrastructure. A proactive, comprehensive approach to cybersecurity—coupled with industry collaboration—will be key to preventing exploitation and maintaining a secure digital ecosystem.
The post CISA Adds CVE-2024-3393 to Vulnerabilities Catalog: Palo Alto Networks PAN-OS DNS Packet Flaw Threatens Firewalls appeared first on Cyble.
Blog – Cyble – Read More
In the past year, cross-domain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple domains – including endpoints, identity systems and cloud environments – so the adversary can infiltrate organizations, move laterally and evade detection. eCrime groups like SCATTERED SPIDER and North Korea-nexus adversaries such as FAMOUS
The Hacker News – Read More