The Hacker News

🔥 CVE-2024-3393 Alert! A single malicious DNS packet can reboot your Palo Alto firewall and leave your network defenseless. Important to Know: » This flaw impacts PAN-OS 10.X & 11.X, including Prisma Access. » Repeated attacks could force your firewall into maintenance mode. » Legacy PAN-OS 11.0 users? No fixes—it’s time to upgrade! ⚙️ How to Fix: » Update to PAN-OS 10.1.14-h8 or later. » Use workarounds to disable risky logging until upgrades are complete. Read now: https://lnkd.in/gijHw3Tm

⚠️ 15,000+ Four-Faith routers are exposed, with attackers actively exploiting a command injection flaw (CVE-2024-12856). 1️⃣ Attackers execute commands remotely via the adj_time_year parameter. 2️⃣ Reverse shells enable hackers to stay hidden and in control. Read: https://lnkd.in/gBvj4atm

North Korean hackers are targeting job seekers with a deceptive campaign, deploying a new malware called OtterCookie through fake interview tools. This new JavaScript malware, is: » Stealing files and cryptocurrency wallets. » Communicating directly with attackers via socket(.)io » Constantly evolving to bypass detection. 🔗 Full Report: https://lnkd.in/ghTNydxT

🛑 Cloud Atlas is deploying VBShower and PowerShower—malware that operates in stages, infiltrating networks and harvesting credentials. 📂 Quick Actions: ✔️ Patch outdated vulnerabilities like CVE-2018-0802 immediately ✔️ Monitor for unusual cloud storage activity ✔️ Deploy advanced monitoring tools for NTFS file changes. ✔️ Conduct phishing simulations to bolster employee awareness. Find details here: https://lnkd.in/gz8GAvv8

🔒 Beware of Device Malware Threats! In recent developments, two menacing botnets, namely FICORA and CAPSAICIN, have been exploiting vulnerabilities in D-Link routers, posing a serious risk to users. ⚠️ These malicious entities employ various tactics such as brute force attacks, shell execution, and over 12 DDoS variations to compromise devices. Learn how to safeguard your systems, patch vulnerabilities, and thwart potential attacks by visiting: (https://lnkd.in/gBwiHC5K)

🚨 A critical CVE-2024-52046 vulnerability in Apache MINA, scoring a perfect CVSS 10.0, could enable remote code execution. The flaw lies in Java’s deserialization protocol, leaving systems wide open to attack if improperly secured. Read now: https://lnkd.in/gbBCDrvf

A Brazilian hacker faces U.S. charges for extorting $3.2M in Bitcoin after stealing confidential data from 300,000 customers. Learn more: https://lnkd.in/g29EE5NH

🚨 Ruijie Networks' cloud platform flaws could give attackers full control over 50,000 devices. Here’s what was found: » Critical CVEs (9.4–9.8): Allow hackers to execute malicious commands remotely. » "Open Sesame" attack: Exploits Wi-Fi beacons to access devices. » Serial number breach: A single number unlocks thousands of cloud-connected devices. Read here 👉 https://lnkd.in/gzi5FsXQ

⚠️ Apache Traffic Control users—an SQL injection flaw (CVE-2024-45387) has been found, enabling attackers to execute commands directly in your database. This flaw is easily exploitable by sending a specially crafted PUT request. 🔧 How to act now: » Update to version 8.0.2 ASAP. » Audit access permissions for high-risk roles. » Double-check database configurations for security loopholes. Read: https://lnkd.in/gFQeT4ai

🚨 Charming Kitten strikes again! Iranian hackers deploy a new C++ variant of the infamous BellaCiao malware, targeting machines across Asia. Learn how BellaCPP operates and prepare your team for emerging threats: https://lnkd.in/gymTNYFs