In today's digital age, cybersecurity has become a constant concern for organizations. A thorough understanding of the cyber threat landscape is needed to address these challenges and protect your company's systems and data, as only then can you implement effective protection measures.

The NIST Artificial Intelligence Risk Management Framework (AI RMF) is a recent framework developed by The National Institute of Standards and Technology (NIST) to guide organizations across all sectors in the use of artificial intelligence (AI) and its systems. As AI continues to become implemented in nearly every sector — from healthcare to finance to national defense — it also brings new risks and concerns with it.

Neobanks, which operate exclusively online without traditional physical branch networks, are facing an increasingly challenging landscape due to a significant rise in fraud cases. In recent years, financial institutions have reported a marked increase in fraudulent activities, with the average cost of fraud for institutions with assets over $5 billion rising by 65% from $2.3 million in 2022 to $3.8 million in 2023.

On April 12, 2024, Palo Alto Networks published a security advisory detailing an actively exploited maximum severity vulnerability (CVE-2024-3400, CVSS: 10.0) affecting the GlobalProtect feature of PAN-OS. This vulnerability affects PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls when configurations for both GlobalProtect gateway and device telemetry are enabled. An unauthenticated remote threat actor can exploit this vulnerability to execute arbitrary code with root privileges on the firewall.

Organizations commonly rely on third parties such as vendors, suppliers, and other business partners to handle critical operations. While third-party relationships can provide many benefits, they also introduce a range of risks that can threaten data security, compliance, and business continuity. Therefore, it's crucial to recognize and manage these risks with a robust Third-Party Risk Management policy.

On April 14, 2024, Palo Alto Networks (PAN) released hotfixes to address the maximum severity (CVSS: 10) vulnerability, CVE-2024-3400, affecting the GlobalProtect Feature of PAN-OS. An unauthenticated remote threat actor can exploit this vulnerability to execute arbitrary code with root privileges on the firewall. Volexity identified CVE-2024-3400 as a zero-day vulnerability and found that the threat actor UTA0218 was implanting a custom Python backdoor on firewall devices.

On Friday April 12, Palo Alto disclosed that some versions of PAN-OS are not only vulnerable to remote code execution, but that the vulnerability has been actively exploited to install backdoors on Palo Alto firewalls. A patch is expected to be available on April 14th. The advisory from Palo Alto is here. Palo Alto has marked this vulnerability as critical and NVD has scored it a 10.0 with CVSSv3. Wallarm currently detects attacks against this vulnerability with no additional configuration required.

Cybersecurity teams are under immense pressure in 2024. They need to be more efficient than ever to stay ahead of evolving threats. This means embracing new technologies, strategies, and frameworks. One powerful tool in their arsenal is the threat intelligence lifecycle—a vital but challenging aspect of proactive cyber defense. Forward-thinking enterprises understand the value of a structured approach to threat intelligence.