Palo Alto Networks recently shared remediation instructions for organizations whose firewalls have been hacked through the exploitation of the vulnerability tracked as CVE-2024-3400. The company noted that customers who detect unsuccessful exploitation attempts are advised to update to the latest PAN-OS hotfix. The same must be done by organizations that find evidence of someone testing their firewall to see if it's vulnerable, this typically involves creating an empty file on the firewall, but no unauthorized commands are executed.

According to security researchers at PatchStack, hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access. Currently installed on more than 30,000 websites, WP Automatic lets administrators automate content importing (e.g. text, images, video) from various online sources and publishing on their WordPress site. The exploited vulnerability is identified as as CVE-2024-27956 and received a severity score of 9.9/10.

The US government has recently taken down Samourai Wallet, a cryptocurrency mixing service that executed over $2bn in unlawful transactions and laundered over $100m in criminal proceeds. The Department of Justice (DoJ) recently announced that Samourai's web servers and domain were seized following a law enforcement operation in collaboration with Iceland's authorities. Additionally, the illegal cryptocurrency service's Android app has been removed from the Google Play Store in the US.

Proof-of-Concept (PoC) exploit code has been released for a severe security vulnerability in Progress Flowmon, a tool used to monitor network performance and support visibility. Progress Flowmon features performance tracking, diagnostics, and more. It is used by over 1,500 companies worldwide, including SEGA, KIA, TDK, Volkswagen, Orange, and Tietoevry. The security issue, discovered by researchers at Rhino Security Labs and tracked as CVE-2024-2389, has a maximum severity score of 10.

Researchers at the University of Illinois Urbana-Champaign discovered that feeding public security advisories to a GPT-4 Artificial Intelligence (AI) agent allows it to exploit unpatched "real-world" vulnerabilities even without precise technical information. The researchers fed AI agents descriptions of over a dozen disclosed but unpatched vulnerabilities (also called "one-day" flaws), including two "critical" bugs.

A team of researchers from Cornell Tech, the Israel Institute of Technology, and Intuit developed a novel type of malware dubbed the "Morris II" worm, which uses popular Artificial Intelligence (AI) services to spread itself, infect systems, and steal data. The worm further highlights the potential dangers of AI security threats and the need to secure AI models. The team used an "adversarial self-replicating prompt" to create the worm.

By grigby1 

By krahal

This Cyber Scene will discuss the complexity of defending against cyberattacks not only from domestic and foreign enemies, but also address current issues of how these cyber enemies--domestic AND foreign together--complicate the defense of the US from its cyber enemies.

By grigby1 

Cisco recently warned that nation-state backed hacking teams are exploiting at least two zero-day vulnerabilities in its ASA firewall platforms to plant malware on telecommunications and energy sector networks. According to Cisco Talos, the attackers are taking aim at software defects in certain devices running Cisco Adaptive Security Appliance (ASA) or Cisco Firepower Threat Defense (FTD) products to implant malware, execute commands, and potentially exfiltrate data from compromised devices.