Kirsten Doyle

Palo Alto Networks has issued an urgent advisory for its customers following the discovery of multiple critical vulnerabilities in its Expedition tool, which assists with firewall configuration migration. The vulnerabilities are as follows: CVE-2024-9463 has a score of 9.9. It’s an OS command injection vulnerability in Palo Alto Networks Expedition which allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. CVE-2024-9464, with 9.3 is a OS command injection vulnerability that allows a bad actor to run arbitrary OS commands as…

A cyber-enabled disinformation campaign, dubbed Operation MiddleFloor, is targeting Moldova’s government and educational sectors, according to Check Point Research. The campaign began in early August and appears to have been aimed at influencing the country’s presidential elections on 20 October, with a concurrent referendum on EU membership. Malicious actors are leveraging sensitive topics to sway public perception against European values and Moldova’s current pro-European leadership. Setting the Scene In 2022, following Russia’s invasion of Ukraine, Moldova was granted EU candidate status, marking a significant shift for the former Soviet republic. The October 20 referendum will determine whether Moldova’s constitution will…

Early Saturday morning, Lego’s website briefly fell victim to a crypto scam that advertised a fake Lego coin token. The scam appeared as a banner on the homepage, positioned below an advertisement for Lego’s new Fortnite collaboration, which features building models inspired by various Fortnite characters and elements. Fake Lego Coins Users were greeted by a banner featuring illustrated gold coins marked with the Lego logo, announcing the release of a “Lego coin”. However, a user on X (formerly Twitter), ZTBricks, who noticed the hack, shared that the banner claimed visitors could “unlock secret rewards” by purchasing the newly launched…

A newly active botnet, dubbed “Gorilla Botnet,” has unleashed a gargantuan wave of cyberattacks this past September, according to the NSFOCUS Global Threat Hunting System. During a surge in activity from September 4 to September 27, Gorilla Botnet issued more than 300,000 distributed denial-of-service (DDoS) attack commands—an unprecedented level of attack density. The botnet’s targets spanned over 100 countries, with China and the United States experiencing the brunt of the attacks. Among the sectors affected were universities, government websites, telecommunications, banks, as well as gaming and gambling industries. Emerging Threat: A New Twist on the Mirai Source Code Gorilla Botnet…

American Water, the largest publicly traded water and wastewater utility in the United States, has had to shut down certain systems following a cyberattack. The attack impacted the company’s online customer portal, MyWater, and paused billing services. In its 8-K regulatory filing, American Water stated: “Upon learning of this activity, the Company immediately activated its incident response protocols and third-party cybersecurity experts to assist with containment and mitigation activities and to investigate the nature and scope of the incident.” American Water said it promptly notified law enforcement and is coordinating with them. It also said it has “taken and will…

Cybersecurity firm ESET has identified a new China-aligned threat actor, dubbed “CeranaKeeper,” operating across Southeast Asia, with a primary focus on Thailand. CeranaKeeper has been carrying out widespread data exfiltration campaigns since early 2022, primarily targeting governmental institutions. The findings mark a significant development in the region’s ongoing cyber threat landscape, particularly given the group’s sophisticated techniques and use of both common and custom tools. CeranaKeeper vs. Mustang Panda: A New Threat Actor Emerges Initially, some of CeranaKeeper’s activities were attributed to the China-linked advanced persistent threat (APT) group Mustang Panda. However, ESET researchers have now determined that CeranaKeeper operates…

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about two critical vulnerabilities in Optigo Networks’ ONS-S8 Spectra Aggregation Switch, a key component in critical infrastructure systems. These vulnerabilities, which affect all versions of the switch up to and including version 1.3.7, are a significant risk of remote code execution and authentication bypass. High-Risk Vulnerabilities The vulnerabilities, identified as CVE-2024-41925 and CVE-2024-45367, were discovered by Claroty’s Team82 and have been classified as critical. Each has a CVSS v4 score of 9.3. According to CISA, these flaws could enable malicious actors to remotely bypass authentication and execute arbitrary…

This year’s Cybersecurity Awareness Month theme, “Secure Our World,” emphasizes the importance of simple yet powerful measures everyone can take to protect their businesses, data, and loved ones. While there is no silver bullet to safeguard against all cyber threats, implementing basic best practices can significantly reduce risk. Information Security Buzz spoke with several security experts and asked them, “What’s the one piece of advice that could make a difference?” Their responses highlight that cybersecurity is not one-size-fits-all—each organization must tailor its approach to its unique needs and vulnerabilities. However, these foundational steps can help build a more secure world…

This year, Cybersecurity Awareness Month is themed “Secure Our World,” a stark reminder that simple measures can protect businesses from online threats. The week emphasizes four key strategies: using strong passwords and password managers, turning on multifactor authentication (MFA), recognizing and reporting phishing, and updating software. While this message is accurate, and all these elements are a move towards more robust authentication, there’s an even better way than managing solid and unique passwords – adopting passkeys. For decades, passwords have been the cornerstone of securing computer systems and applications, but they’ve outlived their utility. Many data breaches happen due to…

Organizations of every size and in every industry must adhere to stringent compliance standards. Regulations like the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), and the Payment Card Industry Data Security Standard (PCI DSS) demand rigorous data protection measures. A solid Security Information and Event Management (SIEM) platform offers threat management and a thorough and centralized view of the company’s security posture. It also automates security processes and real-time threat detection and generates comprehensive audit reports—all of which help businesses maintain compliance and minimize security risks. In this blog, we’ll explore how SIEM platforms…