Новости за 12.04.2024

A state-sponsored threat actor has been exploiting a zero-day in Palo Alto Networks firewalls for the past two weeks.

Financial terms of the translation were not disclosed but reports out of Tel Aviv valued the deal in the range of $350 million.

Operational for at least ten years, RubyCarp has its own botnet, its own tools, and its own community of users that concentrate on cryptomining and credential phishing.

Noteworthy stories that might have slipped under the radar: Moscow sewage system hacked, a new women in cybersecurity report, PasteHub domain seized by law enforcement. 

Second identifier, CVE-2024-3272, assigned to unpatched D-Link NAS device vulnerabilities, just as exploitation attempts soar. 

Palo Alto Networks warns of limited exploitation of a critical command injection vulnerability leading to code execution on firewalls.

Checkmarx warns of a new attack relying on GitHub search manipulation to deliver malicious code.

A critical vulnerability in multiple programming languages allows attackers to inject commands in Windows applications.

LastPass this week revealed that one of its employees was targeted in a phishing attack involving deepfake technology.