Palo Alto Networks urged companies this week to patch against a newly discovered zero-day vulnerability in one of its widely used security products, after malicious hackers began exploiting the bug to break into corporate networks.
Because the vulnerability allows hackers to gain complete control of an affected firewall over the internet without authentication, Palo Alto gave the bug a maximum severity rating.
The ease with which hackers can remotely exploit the bug puts thousands of companies that rely on the firewalls at risk from intrusions.
Adding another complication, Palo Alto initially suggested disabling telemetry to mitigate the vulnerability, but said this week that disabling telemetry does not prevent exploitation.
Security firm Volexity, which first discovered and reported the vulnerability to Palo Alto, said it found evidence of malicious exploitation going back to March 26, some two weeks before Palo Alto released fixes.
A crypto wallet maker claimed this week that hackers may be targeting people with an iMessage “zero-day” exploit — but all signs point to an exaggerated threat, if not a downright scam.
Trust Wallet’s official X (previously Twitter) account wrote that “we have credible intel regarding a high-risk zero-day exploit targeting iMessage on the Dark Web.
According to Apple, there is no evidence anyone has successfully hacked someone’s Apple device while using Lockdown Mode.
For its part, CodeBreach Lab appears to be a new website with no track record.
TechCrunch could not reach CodeBreach Lab for comment because there is no way to contact the alleged company.
A bug in an Irish government website that exposed COVID-19 vaccination records took two years to publicly discloseThe Irish government fixed a vulnerability two years ago in its national COVID-19 vaccination portal that exposed the vaccination records of around a million residents.
But details of the vulnerability weren’t revealed until this week after attempts to coordinate public disclosure with the government agency stalled and ended.
Security researcher Aaron Costello said he discovered the vulnerability in the COVID-19 vaccination portal run by the Irish Health Service Executive (HSE) in December 2021, a year after mass vaccinations against COVID-19 began in Ireland.
Costello’s public disclosure marks more than two years since first reporting the vulnerability.
His blog post included a multi-year timeline revealing a back and forth between various government departments that were unwilling to take claim to public disclosure.
A bug on X, formerly Twitter, was causing numerous posts over the weekend to be flagged as “Sensitive Media,” thwarting the company’s own attempts to make its platform more approachable to advertisers.
Today, a bug in our system caused X to incorrectly label numerous posts as Sensitive Media.
— Safety (@Safety) January 21, 2024“Sensitive media” is a label X uses to denote content that others may not wish to see, like violence or nudity.
X asks its users who want to regularly post such items, to adjust their media settings to appropriately mark their images.
This is being fixed.” An hour later, he reposted the message from the X safety team which referred to the issue as a bug.
In a phone conversation on Thursday, Hyundai Motor India spokesperson Siddhartha P. Saikia said the company would provide a statement.
The bug exposed the customer’s personal information through the web links Hyundai Motor India shared with customers over WhatsApp after receiving their vehicles for servicing at an authorized service station.
TechCrunch shared the details of the bug with Hyundai Motor India on the same day, and requested Hyundai Motor India fix the bug within seven days due to its simplicity and severity.
Established in 1996, Hyundai Motor India is among the top three carmakers in the country, alongside Maruti Suzuki and Tata Motors.
Hyundai Motor India has a network of over 1,500 service stations in the country.
The zero-day vulnerability patched by Microsoft earlier this week was exploited to launch cyberattacks against organizations worldwide, security researchers say. The vulnerability affects all versions of Windows, and was first…
It’s not uncommon for platforms like Patreon to offer creators a means of receiving funds from their supporters. However, this recently fixed security bug shows that even privacy-focused platforms can…
Creating a great user experience is important for any business, but it’s especially crucial for startup companies. These companies have to create a loyal customer base from the very beginning…
Hatch Bank confirmed that hackers exploited a zero-day vulnerability in their internal file transfer software to gain access to thousands of customer Social Security numbers. The company is working with…
