May 18, 2024

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, May 04, 2024.

Palo Alto Bug CVE-2024-3400 Exploited to install XMRig Malware

Palo Alto Network earlier this month has patched a critical  vulnerability, CVE-2024-3400, allows attackers to gain remote control of vulnerable firewalls, leading to fears of widespread data breaches and system disruptions.

The vulnerability stems from the manipulation of the “SESSID” cookie in PAN-OS, which inadvertently permits the creation of files with root-level access during each session. Attackers exploit this flaw to run malicious code through bash script manipulations, without requiring any special privileges or user interaction…….

Advertisements

Dropbox suffers a Data Breach

Dropbox has disclosed a significant breach in its systems, exposing customers’ data to unauthorized entities. A new regulatory filing detailed the incident that primarily affected Dropbox Sign, a service akin to DocuSign, allowing users to manage documents online.

Dropbox became aware of the breach on April 24 and promptly initiated cybersecurity measures. The investigation revealed that the attackers accessed various user data, including emails, usernames, phone numbers, hashed passwords, and authentication information like API keys and OAuth tokens…..

SUBSCRIBE TO OUR BLOG TODAY !

We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

CISA adds CVE-2024-29988 to its KEV catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-29988 Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise……

Advertisements

QNAP Releases Patches for Critical Vulnerabilities -CVE-2024-32766 & CVE-2024-32764

QNAP,  has issued a security warning with an urgent security advisory to its users concerning multiple severe vulnerabilities across its suite of NAS software products. These flaws, if exploited, could enable attackers to perform unauthorized actions such as bypassing authentication mechanisms and executing commands remotely.

The first two vulnerabilities tracked as CVE-2024-27124 with a CVSS score of 7.5 and CVE-2024-32766 with a CVSS score 10, are an OS command injection, a technique where attackers can send malicious commands to a vulnerable system, allowing them to run arbitrary code. This could lead to data theft, installation of malware, or a complete NAS takeover……..

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on FacebookTwitterInstagram

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Post

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – April, 2024

May 1, 2024

TheCyberThrone Security Week In Review – April 27, 2024

April 28, 2024

You may have missed

LockBit Breaches City of Wichita

May 18, 2024

CISA KEV Update – May 2024

May 17, 2024

Google fixes 2nd Zeroday in a Week – CVE-2024-4947

May 16, 2024

US Authorities took control of BreachForums

May 16, 2024

Microsoft Zeroday Bug CVE-2024-30051 exploited to install QakBot

May 15, 2024

Microsoft Patch Tuesday – May 2024

May 15, 2024

Discover more from TheCyberThrone

Subscribe now to keep reading and get access to the full archive.

Continue reading