Tag Archive for: discloses

Palo Alto Networks Discloses Exploitation Of ‘Critical’ Zero-Day Flaw Impacting PAN-OS

/in


The company says that exploits of the vulnerability have been ‘limited’ so far.


Palo Alto Networks disclosed Friday that a “critical” zero-day vulnerability affecting several versions of its PAN-OS firewall software has seen exploitation in attacks.

In an advisory, the cybersecurity giant said it is “aware of a limited number of attacks that leverage the exploitation of this vulnerability.”

[Related: Fortinet Discloses Vulnerabilities In FortiOS, FortiProxy, FortiClient Linux And Mac]

Exploits of the flaw “may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall,” Palo Alto Networks said in the advisory.

The vendor said the vulnerability (tracked at CVE-2024-3400) has been rated as a “critical” severity issue. Patches are not yet available but are expected to be released by this coming Sunday, April 14.

Palo Alto Networks provided several recommended workarounds and mitigations for the issue, including temporarily disabling firewall telemetry.

In a statement provided to CRN Friday, Palo Alto Networks said that “upon notification of the vulnerability, we immediately provided mitigations and will provide a permanent fix shortly.”

“We are actively notifying customers and strongly encourage them to implement the mitigations and hotfix as soon as possible,” the company said.

The vulnerability was found in the GlobalProtect feature in PAN-OS firewalls, the company said. The flaw affects the PAN-OS 10.2, PAN-OS 11.0 and PAN-OS 11.1 versions of the firewall software.

“Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability,” the company said. “All other versions of PAN-OS are also not impacted.”

Palo Alto Networks credited researchers at cybersecurity firm Volexity for discovering the vulnerability. In December, Volexity researchers discovered vulnerabilities affecting Ivanti Connect Secure VPN devices, which went on to see mass exploitation by threat actors.

Source…

Fidelity National Financial discloses cyberattack previously linked to ransomware gang

/in


Insurance and settlement service giant Fidelity National Financial Inc. has officially disclosed that they suffered from a “cybersecurity incident” that the infamous ransomware gang ALHPV/BlackCat claimed responsibility for in November.

The disclosure came via a Jan. 9 filing with the U.S. Securities and Exchange Commission, which states that Fidelity National became aware of a cybersecurity incident on Nov. 19 that impacted certain systems. The company then ticked off the standard response list: hiring third-party experts, notifying law enforcement and regulatory authorities and taking measures to block access to affected systems.

The incident is described as causing “varying levels of disruption” before being contained on Nov. 26 and systems restored. An investigation completed on Dec. 19 subsequently found that an unauthorized third party had accessed certain systems, deployed malware and exfiltrated certain data.

Fidelity National added that it has no evidence that any customer-owned system was directly impacted in the incident and no customer has reported that this has occurred. The last confirmed date of unauthorized third-party activity in the company’s network occurred Nov. 20.

Affected customers have been notified and offered credit monitoring, web monitoring and identity theft restoration services. Fidelity is also continuing to coordinate with law enforcement, its customers, regulators, advisers and other stakeholders.

What’s missing from the disclosure is any mention of ransomware. Companies describing attacks at cybersecurity incidents aren’t new, but usually, the notices don’t follow widespread media coverage of them being targeted by a ransomware gang. That ALPHV/BlackCat is behind the attack is also highly believable, as the ransomware gang was one of the most prolific through 2023.

Cybersecurity experts agree with Craig Jones, vice president of security operations at SecOps security company Ontinue Inc., telling SiliconANGLE that per the SEC filing, the attack involved data exfiltration,

“Fidelity National Financial appears to have experienced a ransomware attack attributed to the ALPHV/BlackCat ransomware group,” Jones said….

Source…

Norton Healthcare Discloses Data Breach Following May Ransomware Attack

/in


Norton Healthcare has officially confirmed a data breach following a ransomware attack that occurred in May 2023. The breach exposed sensitive personal information belonging to patients, employees, and their dependents across the Greater Louisville area, Southern Indiana, and the Commonwealth of Kentucky.

Norton Healthcare, which operates over 40 clinics and hospitals, serves both adult and pediatric patients and is the second-largest employer in Louisville with more than 20,000 employees.

The cybersecurity incident was discovered on May 9, 2023, prompting Norton Healthcare to engage federal law enforcement and a forensic security provider to investigate and halt unauthorized access. The breach involved unauthorized access to certain network storage devices between May 7 and May 9, 2023. Fortunately, the attackers did not access Norton Healthcare’s medical record system or Norton MyChart.

Also see: Best Ransomware Protection Tools

The compromised data includes a range of sensitive information such as names, contact details, Social Security Numbers, dates of birth, health information, insurance details, and medical identification numbers. For some individuals, particularly employees, the exposed data may also include financial account numbers, driver’s licenses or other government ID numbers, and digital signatures.

The ransomware attack was claimed by the BlackCat/ALPHV gang in late May. The group is alleged to have stolen 4.7 terabytes of data from Norton Healthcare’s systems, as reported by DataBreaches. Proof of the breach, including Social Security numbers and bank statements of some patients, was leaked on the dark web by the attackers.

Affected individuals will be notified and offered two years of free credit protection services, as well as additional information in breach notification letters.

It is worth noting that Norton Healthcare is the latest in a series of healthcare organizations in the United States that have fallen victim to ransomware attacks. The ALPHV gang’s websites are currently experiencing an outage, which BleepingComputer suggests may be connected to a law enforcement operation.

This incident underscores the ongoing threat to healthcare institutions from…

Source…

Kaspersky Discloses Apple Zero-Click Malware

/in


Endpoint Security

Russian Government Claims It Uncovered ‘Several Thousand’ Infections

Akshaya Asokan (asokan_akshaya) •
June 1, 2023    

Kaspersky Discloses Apple Zero-Click Malware
iPhones for sale in St. Petersburg, Russia, in August 2021 (Image: Shutterstock)

Russian cybersecurity firm Kaspersky said it uncovered zero-click malware infecting staffers’ iPhones on the same day the Kremlin claimed it had uncovered a “reconnaissance operation by American intelligence agencies.”

See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm

Kaspersky, in a Thursday blog post, said the malware has been active at least since 2019 and infects devices with an iMessage attachment that automatically triggers code execution. Kaspersky calls the campaign behind the malware Operation Triangulation.

Russian domestic intelligence agency the Federal Security Service said it had uncovered several thousand iPhones infected with the same malware and accused Apple of collaborating with the U.S. National Security Agency.

The malware exfiltrates data including microphone recordings, photos from instant messaging apps, geolocation and other sensitive data. The Russian National Coordination Center for Computer Incidents issued a bulletin listing the same set of 15 malware command-and-control domains that Kaspersky identified.

Apple, which has a well-documented history of defying U.S. government attempts to weaken its security, issued a terse statement.

“We have never worked with any government to insert a backdoor into any Apple product and never will,” an Apple spokesperson said.

The smartphone giant also said that Kaspersky had reported the malware doesn’t work past the iOS 15.7 iPhone operating system. Apple introduced iOS 16 to the public last September.

A Kaspersky spokesperson said the company determined one of the vulnerabilities used by the malware was CVE-2022-46690, an out-of-bounds…

Source…