Palo Alto updates patching guidance for command injection vulnerability

https://security.paloaltonetworks.com/CVE-2024-3400

This is a command injection vulnerability that enabled an unauthenticated attacker to execute code with root privileges. POC has been released publicly.

Device telemetry does not need to be enabled for PAN-OS firewalls to be exposed to attacks related to this vulnerability.

You can verify whether you have a GlobalProtect gateway or GlobalProtect portal configured by checking for entries in your firewall web interface (Network > GlobalProtect > Gateways or Network > GlobalProtect > Portals).

https://unit42.paloaltonetworks.com/cve-2024-3400

VPN brute force attacks: Your logs are full of them (guaranteed)

https://www.bleepingcomputer.com/news/security/cisco-warns-of-large-scale-brute-force-attacks-against-vpn-services

Make sure you are using MFA for every account that has remote access and check all remote access points; not just VPNs.

Not April Fools: Duo (Cisco) MFA service breached… via phishing scheme

https://www.darkreading.com/cyberattacks-data-breaches/cisco-duo-multifactor-authentication-service-breached

https://app.securitymsp.cisco.com/e/es?s=4673582&e=2785&elqTrackId=EF815608FCE191E1D3FAAE7B0376C832&elq=bd1c1886a59e40c09915b029a74be94e&elqaid=112&elqat=1

Customer Advisory

CVE-2024-3400: Volexity warns of Zero-day exploitation of Palo Alto device vulnerability in GlobalProtect feature over versions of PAN-OS.

Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)

Patches are available for the varied versions of PAN-OS

CISA: Weakness in Chirp Systems may pose problems for “smart lock” homes.

https://krebsonsecurity.com/2024/04/crickets-from-chirp-systems-in-smart-lock-key-leak

Russian actors “all up in” Microsoft’s business; accesses source code. Is this anything new?

https://www.independent.co.uk/news/world/americas/microsoft-russia-hackers-b2510319.html

A month after their $1M settlement with New York, First American Title suffers a crippling cybersecurity attack

The Title insurance giant just completed a $1 million settlement with DFS of New York over a 2019 cybersecurity breach affecting customer data.

First American Title is providing updates here: https://www.firstamupdate.com/

Related articles:

https://therecord.media/first-american-title-insurance-cyberattack-real-state-industry

First American is the latest cybersecurity attack victim

Report: Comcast waits on critical Citrix zero-day vulnerability and loses data for 36 million customers. Change passwords now.

https://arstechnica.com/security/2023/12/hack-of-unpatched-comcast-servers-results-in-stolen-personal-data-including-passwords/

Customer data including PII and security questions have been taken.

U.S. Federal Agencies and other countries release advisory that Russian Foreign Intelligence Service (SVR) is exploiting vulnerability in Jetbrains TeamCity globally

According to CISA, FBI, NSA, Polish Military Counterintelligence, CERT Polska, and UK’s National Cyber Security Centre, Russian actors known by names including APT 29 are and have been exploiting servers hosting JetBrains TeamCity software since at least September, 2023. This software is used for software compilations, including building, testing and releasing software. The potential impact is pretty large, including supply chain operations (think Solarwinds). The article details IOCs

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a

Click to access aa23-347a-russian-foreign-intelligence-service-svr-exploiting-jetbrains-teamcity-cve-globally_0.pdf

Joint advisory

https://nvd.nist.gov/vuln/detail/cve-2023-42793

60 Credit Unions affected by ransomware in likely supply chain attack

https://www.theregister.com/2023/12/02/ransomware_infection_credit_unions/

Related Articles

https://www.cnn.com/2023/12/01/politics/ransomware-attack-credit-unions/index.html

https://abc7.com/ransomware-attack-in-us-credit-union-outages-trellance-cyberattack-ncua/14133374/

https://www.msn.com/en-us/money/other/60-us-credit-unions-offline-after-ransomware-infects-backend-cloud-outfit/ar-AA1kRVhA