AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 4/15/2024

Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks

Today, Palo Alto Networks warns that an unpatched critical command injection vulnerability in its PAN-OS firewall is being actively exploited in attacks. “Palo Alto Networks is aware of a limited number of attacks that leverage the exploitation of this vulnerability,” warns the Palo Alto security bulletin. The flaw, which has been discovered by Volexity and is tracked as CVE-2024-3400, is a command injection vulnerability that received the maximum severity score of 10.0 as it requires no special privileges or user interaction to exploit.


The US government confirms Russian hacker attack on Microsoft stole government emails

In January 2024, Microsoft issued an alert stating that a hacker group believed to be state sponsored by Russia managed to access the email accounts of its top executives. This week, the US government revealed that that some of the emails between government agencies and Microsoft were taken by the group as part of this attack. CNN reports that the US Cybersecurity and Infrastructure Security Agency (CISA) revealed that the unnamed US government agencies have been alerted that these emails were accessed by the Russian hacker group. Those agencies have also been asked to boost their own online security, in the event the hackers try to use information from these emails to log into government systems. The CISA has labeled this possible threat as an “unacceptable risk to agencies.”


US think tank Heritage Foundation hit by cyberattack

Conservative think tank The Heritage Foundation said on Friday that it experienced a cyberattack earlier this week. A person with knowledge of the cyberattack told TechCrunch that efforts at Heritage were underway to remediate the cyberattack, but said that it wasn’t immediately known what, if any, data was taken. Politico, which first reported the news of the cyberattack on Friday, cited a Heritage official as saying the organization “shut down its network to prevent any further malicious activity while we investigate the incident.” The news outlet quoted the Heritage official as saying that the cyberattack likely came from nation-state hackers, but did not provide evidence of the claim.


Government spyware is another reason to use an ad blocker

Ad blockers might seem like an unlikely defense in the fight against spyware, but new reporting casts fresh light on how spyware makers are weaponizing online ads to allow governments to conduct surveillance. Spyware makers are reportedly capable of locating and stealthily infecting specific targets with spyware using banner ads. One of the startups that worked on an ad-based spyware infection system is Intellexa, a European company that develops the Predator spyware. Predator is able to access the full contents of a target’s phone in real time.


FBI Warns of Massive Toll Services Smishing Scam

The FBI has warned of a prolific new smishing campaign using road toll collection as a pretext to trick victims into handing over their personal information and money. A new Public Service Announcement (PSA) claimed that the campaign has been ongoing since March 2024 and has been spotted in at least three states. There’s apparently evidence to suggest the scam is moving from state to state. “The texts claim the recipient owes money for unpaid tolls and contain almost identical language. The ‘outstanding toll amount’ is similar among the complaints reported to the IC3,” the PSA noted. “However, the link provided within the text is created to impersonate the state’s toll service name, and phone numbers appear to change between states.”


Related Posts