Stealer logs represent one of the primary threat vectors for modern companies. This Flare explainer article will delve into the lifecycle of stealer malware and provide tips for detection and remediation. […]
Related Posts
Okta Discloses Broader Impact Linked to October 2023 Support System Breach
Okta Discloses Broader Impact Linked to October 2023 Support System Breach
Identity services provider Okta has disclosed that it detected "additional threat actor activity" in connection with the October 2023 breach of its support case management system.
"The threat actor downloaded the names and email addresses of all Okta customer support system users," the company said in a statement shared with The Hacker News.
"All Okta Workforce Identity Cloud (WIC) and Customer Read More
The Hacker News | #1 Trusted Cybersecurity News Site
PAN-OS Access Management RCE Vulnerability, 11k+ Interface IPs Exposed
PAN-OS Access Management RCE Vulnerability, 11k+ Interface IPs Exposed
Palo Alto Networks has issued a critical security advisory regarding a potential remote code execution (RCE) vulnerability affecting the PAN-OS management interface of their next-generation firewalls.
The advisory, released on November 8, 2024, warns customers to restrict access to their firewall management interfaces due to this unconfirmed security threat.
While specific details about the vulnerability are still under investigation, Palo Alto Networks has emphasized that they actively monitor for signs of exploitation. At present, no active exploitation has been detected.
However, the company strongly recommends that customers ensure their management interface access is configured correctly, following best practice deployment guidelines.
How to Maximize Cybersecurity Program ROI -> Free Webinar
Shadowserver has conducted scans to identify exposed PAN-OS management interfaces. Alarmingly, approximately 11,000 IP addresses with exposed management interfaces have been discovered.
This significant number of potentially vulnerable systems underscores the urgency of implementing proper security measures.
Palo Alto Networks advises customers to limit access to the management interface to trusted internal IP addresses only and not expose it to the internet. The company believes that Prisma Access and cloud NGFW are unaffected by this potential vulnerability.
To mitigate the risk, administrators are encouraged to take several precautionary measures:
- Isolate the management interface on a dedicated management VLAN
- Use jump servers for accessing the management IP
- Limit inbound IP addresses to approved management devices
- Permit only secure communication protocols such as SSH and HTTPS
- Allow PING solely for testing connectivity.
Customers using Cortex Xpanse and Cortex XSIAM with the ASM module can investigate internet-exposed instances by reviewing alerts generated by the Palo Alto Networks Firewall Admin Login attack surface rule.
Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!
The post PAN-OS Access Management RCE Vulnerability, 11k+ Interface IPs Exposed appeared first on Cyber Security News.
BiBi Wiper Attacking Windows Machine to Cause Data Destruction
BiBi Wiper Attacking Windows Machine to Cause Data Destruction
The ongoing conflict between Israel and Hamas has taken a new turn as cyberattacks have become a prominent weapon for both sides.
A new wiper malware, dubbed the BiBi-Linux Wiper, has been discovered by an Israeli security firm, targeting Linux systems and causing irreversible data loss.
The malware is believed to be deployed by pro-Hamas hackers, who have also developed a Windows variant of the same malware.
The BiBi-Linux Wiper was first detected by SecurityJoes, an Israeli incident response company, who found it on several compromised Linux servers belonging to Israeli organizations.
The malware is named after Israeli Prime Minister Benjamin Netanyahu’s nickname, “Bibi,” which is appended to the destroyed files.
The malware has no ransom demand or communication with any command-and-control servers, indicating that its sole purpose is to cause chaos and damage.
The Motive Behind the BiBi-Linux Wiper
According to SecurityJoes, the BiBi-Linux Wiper is likely to be the work of a hacktivist group affiliated with Hamas, the Palestinian militant organization that controls the Gaza Strip.
The cyberattacks are part of the broader conflict that erupted on October 7, 2023, when Hamas launched a surprise rocket attack on Israel, killing 12 civilians and injuring dozens more.
Israel responded with airstrikes and ground operations, resulting in hundreds of casualties on both sides.
The cyber warfare has also escalated as BlackBerry’s Research and Intelligence Team has identified a Windows version of the BiBi-Linux Wiper, called the BiBi-Windows Wiper.
This malware targets Windows machines, including end-user devices and application servers, and employs a sophisticated mechanism to wipe out files while avoiding essential ones for system operation.
It also deletes shadow copies and disables recovery features, making file restoration difficult.
The Development and Distribution of the BiBi-Windows Wiper
The BiBi-Windows Wiper was compiled on October 21, 2023, just two weeks after the initial terror attack, suggesting a rapid development and deployment by the pro-Hamas hackers.
The malware operates as a portable executable x64 Windows, which can be easily distributed and executed on various systems.
The emergence of wiper malware, designed for destruction rather than financial gain, marks a concerning trend in cyber warfare tied to geopolitical events.
The post BiBi Wiper Attacking Windows Machine to Cause Data Destruction appeared first on Cyber Security News.
Cyber Security News