Palo Alto customers are being been told to patch yet another internet-facing security flaw after researchers caught attackers bypassing GlobalProtect authentication and gaining unauthorized VPN access.
The flaw, tracked as CVE-2026-0257, affects PAN-OS deployments using GlobalProtect authentication override cookies under specific configurations.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- INTERPOL: Police recover over USD 40 million from international email scam
August 6, 2024
LYON, France: A global stop-payment mechanism developed by INTERPOL has helped Singapore authorities make their largest ever recovery of funds defrauded in a business email compromise scam. On 23 July 2024, a commodity firm based in Singapore filed a police report stating that they had fallen victim to a business email compromise scam, in which a ...
- Mitigating the Latest Vulnerability (CVE-2024-5008) in Progress WhatsUp Gold
August 6, 2024
The SonicWall Capture Labs threat research team became aware of an arbitrary file upload vulnerability in Progress WhatsUp Gold, assessed its impact and developed mitigation measures. WhatsUp Gold is a software that monitors every connected device in the network, providing visibility into the IT infrastructure. It also has the functionality to swiftly pinpoint and resolve issues ...
- Kadokawa confirms data leak of 254,000 people due to cyberattack
August 6, 2024
Japanese publisher Kadokawa has confirmed a data leak affecting 254,241 people due to a cyberattack. The finding, announced Monday, is based on an investigation by third-party experts. Of the leaked data, information of 186,269 people was related to Kadokawa Dwango Educational Institute, including N High School, a correspondence school. Kadokawa reported the investigation results to the ...
- SonicWall Discovers Second Critical Apache OFBiz Zero-Day Vulnerability
August 5, 2024
The SonicWall Capture Labs threat research team has discovered a pre-authentication remote code execution vulnerability in Apache OFBiz being tracked as CVE-2024-38856 with a CVSS score of 9.8. This is the second major flaw SonicWall has discovered in Apache OFBiz in recent months, the first coming in December 2023. This time, a flaw in the override ...
- Chinese hackers hijacked an ISP software update to spread malware
August 5, 2024
Windows and macOS machines alike have been hit by malware after notorious Chinese hacker group StormBamboo used a compromised internet service provider (ISP) to target organizations with poisoned DNS responses. StormBamboo used altered DNS query responses tied to automatic update mechanisms to target organizations that used insecure update mechanisms that did not properly validate the digital ...
- Beware of Fake WinRar Websites: Malware Hosted on GitHub
August 5, 2024
A fake website seemingly distributing WinRar, a data compression, encryption, and archiving tool for Windows, has been seen also hosting malware. This fake website closely resembles the official website, uses typosquatting, and capitalizes on internet users who might incorrectly type the URL of this well-known archiving application. The initial malware then leads to a slew of ...