Christian J. Allen’s Post

Palo Alto Networks has released remediation guidance for a critical security flaw impacting PAN-OS that has come under active exploitation. The vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), could be weaponized to obtain unauthenticated remote shell command execution on susceptible devices. The flaw has been addressed in multiple versions of PAN-OS 10.2.x, 11.0.x, and 11.1.x. According to reports, the issue has been exploited as a zero-day since at least March 26, 2024, by a threat cluster tracked as UTA0218. The activity, codenamed Operation MidnightEclipse, entails the use of the flaw to drop a Python-based backdoor called UPSTYLE that's capable of executing commands transmitted via specially crafted requests. For more information, check out Palo Alto Networks' remediation guidance. #PaloAltoNetworks #cybersecurity #remediation #networksecurity https://lnkd.in/eDgm5w2T

In the words of former Washington Redskins old ball coach Steve Spurrier, "Not too good." Mandiant states China was behind the hacking attack that compromised two CISA servers. Nation-state actors UNC5221 have successfully targeted and exploited vulnerabilities in Ivanti to steal configuration data, modify existing files, download remote files, and reverse tunnel within networks," says Ken Dunham, cyber-threat director at Qualys Threat Research Unit, who warns Ivanti users to be on the lookout for supply chain attacks on their customers, partners, and suppliers. "Ivanti is likely targeted due [to] the functionality and architecture it provides actors, if compromised, as a networking and VPN solution, into networks and downstream targets of interest." https://lnkd.in/edGnEcjS

https://lnkd.in/eXq2YV7W A Chinese threat actor known as "Velvet Ant" executed a sophisticated cyberespionage campaign, maintaining undetected access to a major enterprise network for three years by leveraging state-sponsored tools and techniques, according to new research. Velvet Ant displayed remarkable persistence by exploiting the F5 Big-IP load balancer, securing multiple footholds across the network, and covertly manipulating network traffic to evade detection. The incident underscores the critical need for resilient defense strategies against advanced threats. The researchers highlighted the threat actor's agility and adaptability, noting how Velvet Ant swiftly pivoted to new footholds whenever one was discovered and remediated. Sygnia, a cyber technology and services company, eventually managed to eradicate Velvet Ant from the network. However, this process was akin to a "relentless game of cat and mouse," with the threat actor repeatedly resurfacing through dormant persistence mechanisms in unmonitored systems. Velvet Ant began its operations by focusing on hijacking execution and flow, initially exploiting the F5 Big-IP load balancer. The researchers noted that Velvet Ant used a tool called PlugX, which provided near-administrative capabilities in infected systems. Over time, PlugX has been largely replaced by its successor, ShadowPad, reflecting the evolving toolkit and techniques of sophisticated threat actors. This campaign highlights the importance of continuous monitoring and comprehensive security measures to detect and mitigate such persistent and adaptable threats.

Discover the startling RAMBO cyberattack that breaches air-gapped systems using radio signals from RAM. Learn how this exposes isolated networks and the essential countermeasures needed. #cybersecurity #security #news https://lnkd.in/e4D_7vsS

🔌 Protocol Tunneling (T1572) is a common tactic employed by threat actors to advance an attack within a compromised network. Simply put, they "encapsulate" one type of network protocol within another. This enables them to bypass firewalls and NAT, all while eluding defenders' attention. Besides masking the protocols and C2 communications used, tunnels are useful for accessing resources and network segments reachable only from within the organization's internal network (Pivoting). Specialized tools like ngrok are typically used to create tunnels, and incident response specialists maintain a comprehensive list of such tools that warrant caution and scrutiny. However, cybercriminals continuously seek new methods - last year, they adapted Cloudflare tunnels, and recently they have utilized QEMU. While QEMU is primarily an emulator and virtualization environment, it also facilitates the creation of network connections between virtual machines. Attackers are exploiting this feature. For details, command lines, traffic dumps, and, of course, recommendations for defenders, refer to the Securelist article: https://lnkd.in/djfit2Nx #news #tips #cybersecurity

Boosting Network Security: Learn how "Web Category Filtering and Secure Web Gateways (SWG)" play a crucial role in our new blog post. 🚀 Check it out here 👇 https://lnkd.in/dwBvPCpK #SecureConnection #SecureRemoteAccess #ProductivityBoost #ZTNA #zerotrust #securewebgateway #categoryfiltering #blogpost #timusnetworks #msp #mspartners

DDoS Attacks on the Environmental Services Industry Surge by 61,839% in 2023. The environmental services industry witnessed an "unprecedented surge" in HTTP-based distributed denial-of-service (DDoS) attacks, accounting for half of all its HTTP traffic. This marks a 61,839% increase in DDoS attack traffic year-over-year, web infrastructure and security company Cloudflare said in its DDoS threat report for 2023 Q4 published last week. "This surge in cyber attacks coincided with COP 28, which ran from November 30th to December 12th, 2023," security researchers Omer Yoachimik and Jorge Pacheco said, describing it as a "disturbing trend in the cyber threat landscape." https://lnkd.in/gAVhCMH4

Pause to read! 😲 Unveiling the Stealthy Tactics of Protocol Tunneling (T1572): Learn how threat actors leverage encapsulation to bypass network defenses and pivot within compromised networks. Stay vigilant as cybercriminals evolve their techniques from time to time 🤖 #Cybersecurity #ThreatTactics #ProtocolTunneling ➡ Click here for more details https://lnkd.in/djfit2Nx ➡ Find us more here https://lnkd.in/guU-VSJ6

Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems: Cybersecurity security researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands. The flaw, assigned the CVE identifier CVE-2024-9441, carries a CVSS score of 9.8 out of a maximum of 10.0, according to VulnCheck. "A vulnerability in the Nortek Linear eMerge E3 allows

We’ve unveiled our game-changing DDoS Protection Platform, built to safeguard your network. With an astounding 5000% increase in scrubbing capacity, our platform ensures that during an attack, harmful traffic is swiftly diverted to the nearest scrubbing centre. This means only clean, non-attack traffic reaches you, keeping your vital operations smooth and uninterrupted.   Read more here: https://lnkd.in/enHPnDdx    Why choose our enhanced DDoS mitigation?   • Increased scrubbing capacity by 5000% • Increased scrubber locations, decreasing average latency to closest scrubber by 54% • New unmetered model • New dedicated Security Operation Centre (SOC) • New RETN Security Portal • Implemented different detection methods, including a Smart Detection Mode built with AI assistance #RETN #Connectivity #DDoS #CyberSecurity #NetworkProtection