Foreign adversaries likely to exploit critical networking bug, US says

Foreign adversaries likely to exploit critical networking bug, US says

Enlarge (credit: Ivan Radic)

Foreign hackers backed by a well-resourced government are likely to exploit a critical vulnerability in a host and VPN and firewall products sold by Palo Alto Networks, officials in the US federal government warned on Tuesday.

In worst-case scenarios, the security vendor said in a post, the flaw allows unauthorized people to log in to networks as administrators. With those privileges, attackers could install software of their choice or carry out other malicious actions that have serious consequences. The vulnerability, tracked as CVE-2020-2021, can be exploited when an authentication mechanism known as Security Assertion Markup Language is used to validate that users gave the proper permission to access a network. Attackers must also have Internet access to an affected server.

Shortly after Palo Alto Networks issued the advisory, the official Twitter account for the US Cybersecurity and Infrastructure Security Agency warned that the vulnerability is likely to be exploited in the wild by APTs, short for advanced persistent threats. APT is the term many researchers use for sophisticated hacker groups that attempt to breach select targets of interest over extended periods of time.

Read 8 remaining paragraphs | Comments



from RSSMix.com Mix ID 8290670 https://ift.tt/2Zpp73Z

Comments

Post a Comment

Popular posts from this blog

Index and Credo lead a $2.75M seed in anti-fraud tech, Resistant AI

Image
Prague based Resistant AI has nabbed a $2.75M seed round. The security startup’s machine learning technology is designed to be deployed on top of AI systems used for financial decision making to protect customers in markets such as financial services and ecommerce from attacks such as targeted manipulation, adversarial machine learning and advanced fraud. The seed round was co-led by Index Ventures (Jan Hammer) and Credo Ventures (Ondrej Bartos and Vladislav Jez). Seedcamp also participating, along with Daniel Dines, CEO of UiPath; Michal Pechoucek, CTO of Avast and other unnamed angel investors. Bartos joins the board of directors on behalf of the investors. The startup sells an additional layer of protection that’s specifically designed for tightening security around automated functions such as credit risk scoring and anti-money laundering by using tech to detect fake documents that feed such systems. Its tech is also aimed at uncovering suspicious patterns of transactions whic...
Read more

UK's Metro Bank confirms it has faced an SS7 attack intercepting 2FA codes; a telecom lobbying group previously told Congress such an attack is "theoretical" (Joseph Cox/Motherboard)

Image
Joseph Cox / Motherboard : UK's Metro Bank confirms it has faced an SS7 attack intercepting 2FA codes; a telecom lobbying group previously told Congress such an attack is “theoretical”   —  Motherboard has identified a specific UK bank that has fallen victim to so-called SS7 attacks, and sources say the issue is wider than previously reported. from Techmeme http://bit.ly/2FYYCex
Read more

This Week in Apps: Facebook’s other Clubhouse rival, Apple details ATT, App Store trial nears

Image
Welcome back to This Week in Apps,  the weekly TechCrunch series  that recaps the latest in mobile OS news, mobile applications and the overall app economy. The app industry is as hot as ever, with a record  218 billion downloads and $143 billion in global consumer spend in 2020. Consumers last year also  spent  3.5 trillion minutes using apps on Android devices alone. And in the U.S., app usage surged ahead of the time spent watching live TV. Currently, the average American watches 3.7 hours of live TV per day, but now spends four hours per day on their mobile devices. Apps aren’t just a way to pass idle hours — they’re also a big business. In 2019, mobile-first companies had a  combined $544 billion valuation, 6.5x higher than those without a mobile focus. In 2020, investors poured $73 billion in capital into mobile companies — a figure that’s up 27% year-over-year. This Week in Apps will soon be a newsletter! Sign up here: techcrunch.com/news...
Read more