Palo Alto Networks Unit 42 researchers released a new report “Network Security Trends” that highlights how attackers are exploiting remote code execution (RCE), cross-site scripting (XSS), traversal and information disclosure vulnerabilities in multiple vendor products.
Palo Alto Networks
As organizations continue to discover and patch the severe Apache Log4j vulnerability on their networks, Palo Alto Networks is recommending their customers leverage their next generation firewalls with Threat Prevention service, along with Cortex XDR and Prisma Cloud to help mitigate the threat.
Palo Alto Networks has fixed a Critical PAN-OS vulnerability (CVE-2021-3064) in GlobalProtect Portal and Gateway Interfaces.
Researchers have discovered a new eCh0raix ransomware variant that targets QNAP and Synology network-attached storage (NAS) devices.
Advanced persistent threat actors (APTs) are exploiting multiple legacy vulnerabilities in combination with newer “Zerologon” to target government networks, critical infrastructure, and elections organizations.
Palo Alto Networks has issued a Critical security advisory for PAN-OS authentication bypass in SAML authentication vulnerability CVE-2020-2021.
TrickBot recently replaced one of its propagation modules “mworm” with new module named “nworm.” The updated module can exploit vulnerable domain controllers (DCs) and evade detection by running in memory.
Popular internet forum software maker vBulletin has patched a Critical vulnerability that affects multiple vBulletin 5 versions.
Security experts are again warning that advanced persistent threat (APT) actors are exploiting vulnerabilities in multiple Virtual Private Network (VPN) applications.
An anonymous hacker posted exploit code for a remote code execution vulnerability in version 5 of the popular vBulletin forum software, used on over 100,000 social websites.