"Palo Alto firewalls found vulnerable to secure boot bypass and firmware exploits."

Views expressed in this cybersecurity, cyber espionage, and cyber crime update are those of the reporters and correspondens.  Accessed on 24 January 2025, 0332 UTC.

Content and Source:  Email subscription via https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Fthehackernews.com%2Ffeeds%2Fposts%2Fdefault

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybesecurityjournal.net).

The Hacker News

204K followers28 articles per week#security#tech

23

Most popular

Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits

5 TTPs

•

67by info@thehackernews.com (The Hacker News) / 12h

An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting the devices' firmware as well as misconfigured security features. "These weren't obscure, corner-case vulnerabilities," security vendor Eclypsium said in a report shared with The Hacker News. "Instead these were very well-known issues that we wouldn't expect to see

Experts Find Shared Codebase Linking Morpheus and HellCat Ransomware Payloads

3 TTPs

•

66by info@thehackernews.com (The Hacker News) / 13h

An analysis of HellCat and Morpheus ransomware operations has revealed that affiliates associated with the respective cybercrime entities are using identical code for their ransomware payloads. The findings come from SentinelOne, which analyzed artifacts uploaded to the VirusTotal malware scanning platform by the same submitter towards the end of December 2024. "These two payload samples are

SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation

2 TTPs

•

43by info@thehackernews.com (The Hacker News) / 15h

•

CVE-2025-23006

SonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access (SMA) 1000 Series appliances that it said has been likely exploited in the wild as a zero-day. The vulnerability, tracked as CVE-2025-23006, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. "Pre-authentication deserialization of untrusted data vulnerability has been identified in the

Today

Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers

7 TTPs

•

23by info@thehackernews.com (The Hacker News) / 9h

•

Juniper routers targeted by malware

Enterprise-grade Juniper Networks routers have become the target of a custom backdoor as part of a campaign dubbed J-magic. According to the Black Lotus Labs team at Lumen Technologies, the activity is so named for the fact that the backdoor continuously monitors for a "magic packet" sent by the threat actor in TCP traffic. "J-magic campaign marks the rare occasion of malware designed

Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks

15 TTPs

•

29by info@thehackernews.com (The Hacker News) / 12h

Cybersecurity researchers are calling attention to a new malware campaign that leverages fake CAPTCHA verification checks to deliver the infamous Lumma information stealer. "The campaign is global, with Netskope Threat Labs tracking victims targeted in Argentina, Colombia, the United States, the Philippines, and other countries around the world," Leandro Fróes, senior threat research engineer at

How to Eliminate Identity-Based Threats

36by info@thehackernews.com (The Hacker News) / 15h

Despite significant investments in advanced technologies and employee training programs, credential and user-based attacks remain alarmingly prevalent, accounting for 50-80% of enterprise breaches[1],[2]. While identity-based attacks continue to dominate as the leading cause of security incidents, the common approach to identity security threats is still threat reduction, implementing layers of

New Research: The State of Web Exposure 2025

39by info@thehackernews.com (The Hacker News) / 15h

Are your websites leaking sensitive data? New research reveals that 45% of third-party apps access user info without proper authorization, and 53% of risk exposures in Retail are due to the excessive use of tracking tools. Learn how to uncover and mitigate these hidden threats and risks—download the full report here. New research by web exposure management specialist Reflectiz reveals several

QakBot-Linked BC Malware Adds Enhanced Remote Access and Data Gathering Features

8 TTPs

•

68by info@thehackernews.com (The Hacker News) / 17h

Cybersecurity researchers have disclosed details of a new BackConnect (BC) malware that has been developed by threat actors linked to the infamous QakBot loader. "BackConnect is a common feature or module utilized by threat actors to maintain persistence and perform tasks," Walmart's Cyber Intelligence team told The Hacker News. "The BackConnect(s) in use were 'DarkVNC' alongside the IcedID

Yesterday

Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)

8 TTPs

•

51by info@thehackernews.com (The Hacker News) / 20h

Cisco has released software updates to address a critical security flaw impacting Meeting Management that could permit a remote, authenticated attacker to gain administrator privileges on susceptible instances. The vulnerability, tracked as CVE-2025-20156, carries a CVSS score of 9.9 out 10.0. It has been described as a privilege escalation flaw in the REST API of Cisco Meeting Management. "This

TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware

9 TTPs

•

25by info@thehackernews.com (The Hacker News) / 21h

Google on Wednesday shed light on a financially motivated threat actor named TRIPLESTRENGTH for its opportunistic targeting of cloud environments for cryptojacking and on-premise ransomware attacks. "This actor engaged in a variety of threat activity, including cryptocurrency mining operations on hijacked cloud resources and ransomware activity," the tech giant's cloud division said in its 11th

Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review

DHS fires all advisory committee members

•

400+by info@thehackernews.com (The Hacker News) / 1d

The new Trump administration has terminated all memberships of advisory committees that report to the Department of Homeland Security (DHS). "In alignment with the Department of Homeland Security's (DHS) commitment to eliminating the misuse of resources and ensuring that DHS activities prioritize our national security, I am directing the termination of all current memberships on advisory

Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet

15 TTPs

•

92by info@thehackernews.com (The Hacker News) / 1d

Threat actors are exploiting an unspecified zero-day vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU botnet called AIRASHI to carry out distributed denial-of-service (DDoS) attacks. According to QiAnXin XLab, the attacks have leveraged the security flaw since June 2024. Additional details about the shortcomings have been withheld to prevent further abuse. Some

Discover Hidden Browsing Threats: Free Risk Assessment for GenAI, Identity, Web, and SaaS Risks

34by info@thehackernews.com (The Hacker News) / 1d

As GenAI tools and SaaS platforms become a staple component in the employee toolkit, the risks associated with data exposure, identity vulnerabilities, and unmonitored browsing behavior have skyrocketed. Forward-thinking security teams are looking for security controls and strategies to address these risks, but they do not always know which risks to prioritize. In some cases, they might have

President Trump Pardons Silk Road Creator Ross Ulbricht After 11 Years in Prison

Trump pardons Ross Ulbricht

•

300+by info@thehackernews.com (The Hacker News) / 1d

U.S. President Donald Trump on Tuesday granted a "full and unconditional pardon" to Ross Ulbricht, the creator of the infamous Silk Road drug marketplace, after spending more than 11 years behind bars. "I just called the mother of Ross William Ulbricht to let her know that in honor of her and the Libertarian Movement, which supported me so strongly, it was my pleasure to have just signed a full

Jan 21, 2025

PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack

IoC > 1 URL and 2 domains

•

56by info@thehackernews.com (The Hacker News) / 1d

•

27 TTPs

•

PlushDaemon APT compromises South Korean VPN

A previously undocumented China-aligned advanced persistent threat (APT) group named PlushDaemon has been linked to a supply chain attack targeting a South Korean virtual private network (VPN) provider in 2023, according to new findings from ESET. "The attackers replaced the legitimate installer with one that also deployed the group's signature implant that we have named SlowStepper – a

Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products

62by info@thehackernews.com (The Hacker News) / 1d

Oracle is urging customers to apply its January 2025 Critical Patch Update (CPU) to address 318 new security vulnerabilities spanning its products and services. The most severe of the flaws is a bug in the Oracle Agile Product Lifecycle Management (PLM) Framework (CVE-2025-21556, CVSS score: 9.9) that could allow an attacker to seize control of susceptible instances. "Easily exploitable

Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices

4 TTPs

•

100+by info@thehackernews.com (The Hacker News) / 1d

•

Mirai botnet spinoffs cause DDoS surge

Web infrastructure and security company Cloudflare on Tuesday said it detected and blocked a 5.6 Terabit per second (Tbps) distributed denial-of-service (DDoS) attack, the largest ever attack to be reported to date. The UDP protocol-based attack took place on October 29, 2024, targeting one of its customers, an unnamed internet service provider (ISP) from Eastern Asia. The activity originated

Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers

5 TTPs

•

98by info@thehackernews.com (The Hacker News) / 2d

•

CVE-2024-7029

Cybersecurity researchers have warned of a new large-scale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG532 routers to rope the devices into a Mirai botnet variant dubbed Murdoc Botnet. The ongoing activity "demonstrates enhanced capabilities, exploiting vulnerabilities to compromise devices and establish expansive botnet networks," Qualys security researcher Shilpesh

13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks

IoC > 1 IP

•

84by info@thehackernews.com (The Hacker News) / 2d

•

14 TTPs

A global network of about 13,000 hijacked Mikrotik routers has been employed as a botnet to propagate malware via spam campaigns, the latest addition to a list of botnets powered by MikroTik devices. The activity "take[s] advantage of misconfigured DNS records to pass email protection techniques," Infoblox security researcher David Brunsdon said in a technical report published last week. "This

Ex-CIA Analyst Pleads Guilty to Sharing Top-Secret Data with Unauthorized Parties

CIA analyst pleads guilty to leaks

•

45by info@thehackernews.com (The Hacker News) / 2d

A former analyst working for the U.S. Central Intelligence Agency (CIA) pleaded guilty to transmitting top secret National Defense Information (NDI) to individuals who did not have the necessary authorization to receive it and attempted to cover up the activity. Asif William Rahman, 34, of Vienna, was an employee of the CIA since 2016 and had a Top Secret security clearance with access to

HackGATE: Setting New Standards for Visibility and Control in Penetration Testing Projects

23by info@thehackernews.com (The Hacker News) / 2d

Imagine receiving a penetration test report that leaves you with more questions than answers. Questions like, "Were all functionalities of the web app tested?" or " Were there any security issues that could have been identified during testing?" often go unresolved, raising concerns about the thoroughness of the security testing. This frustration is common among many security teams. Pentest

Jan 20, 2025

PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers

12 TTPs

•

62by info@thehackernews.com (The Hacker News) / 2d

•

APT Silver Fox targets Chinese organizations

Cybersecurity researchers are calling attention to a series of cyber attacks that have targeted Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China with a known malware called ValleyRAT. The attacks leverage a multi-stage loader dubbed PNGPlug to deliver the ValleyRAT payload, Intezer said in a technical report published last week. The infection chain commences with a phishing

CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits

10 TTPs

•

53by info@thehackernews.com (The Hacker News) / 2d

•

CERT-UA warns of AnyDesk scams

The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of ongoing attempts by unknown threat actors to impersonate the cybersecurity agency by sending AnyDesk connection requests. The AnyDesk requests claim to be for conducting an audit to assess the "level of security," CERT-UA added, cautioning organizations to be on the lookout for such social engineering attempts that seek to

End of feed