News – November 2024

November 18, 2024

Palo Alto Networks has issued a critical severity security advisory for an authentication bypass vulnerability, known as CVE-2024-0012, affecting the PAN-OS management web interface. CVE-2024-0012 has a CVSSv4 score of 9.3 when access is allowed to the management interface from external IP addresses on the internet. However, if access is restricted to a jump box that ...

November 18, 2024

U.S. space technology and satellite giant Maxar has confirmed a data breach involving the personal information of its employees, according to a filing with state regulators. The Colorado-headquartered Maxar operates imaging satellites and manufactures spacecraft, and claims to operate one of the largest commercial satellite constellations on orbit. Maxar has long been a significant provider of ...

November 18, 2024

Türkiye has fined Amazon $58,000 for the Twitch data breach in 2021 which affected thousands of Turkish nationals. Don’t Bother With An Expensive Will (Do This Instead) An anonymous hacker leaked the entirety of popular video game live streaming service Twitch, including its source code and personally identifiable information (PII) of its users. The leaked data ...

November 18, 2024

Accounting software QuickBooks, by Intuit, is a popular target for India-based scammers, only rivaled for top spot by the classic Microsoft tech support scams. Malwarebytes Labs researchers seen two main lures, both via Google ads: the first one is simply a website promoting online support for QuickBooks and shows a phone number, while the latter requires ...

November 18, 2024

There is a big incentive for both espionage motivated actors and financially motivated actors to set up proxy botnets. These can serve as an anonymization layer, which can provide plausibly geolocated IP addresses to scrape contents of websites, access stolen or compromised online assets, and launch cyber-attacks. Examples of proxy botnets set up by advanced persistent ...

November 18, 2024

Palo Alto has issued a critical severity security bulletin for an unauthenticated remote command execution vulnerability affecting the management interface for firewall devices. The vulnerability is still under investigation by Palo Alto but has not yet received a CVE designation. Palo Alto has tentatively given the vulnerability an initial CVSSv4 score of 9.3. However, if access ...

November 18, 2024

Just as security professionals will tell you that layered defensive strategies are the best when it comes to staving off successful attacks, so attackers will often look to precisely the same when executing their cyber attacks. Two-step phishing attacks have, in the words of security researchers from Perception Point, “become a cornerstone of modern cybercrime,” leveraging ...

November 18, 2024

The Philippines and the United States have signed a military intelligence-sharing deal, in a further deepening of security ties between the two defence treaty allies as they seek to counter a resurgent China. Secretary of Defense Gilberto Teodoro and his visiting US counterpart Lloyd Austin signed the agreement on Monday during a ceremony at the Department ...

November 16, 2024

Chinese hackers feasted on T-Mobile as their latest cyber espionage victim. The leading carrier in the US is not the only company affected as other telecom giants are at risk of getting infiltrated. Hackers linked to a Chinese intelligence agency invaded T-Mobile’s network in a months-long operation designed to monitor cellphone communications of high-value intelligence targets, ...

November 15, 2024

More technology is moving onto the cloud – meaning its data is hosted on remote servers rather than on personal devices – and integrating artificial intelligence (AI), which opens it up to new kinds of malicious attacks. To improve Singapore’s ability to counter these emerging threats, soldiers from the Singapore Armed Forces (SAF) and civilians from ...