Netskope Threat Labs publishes a monthly summary blog post of the top threats we track on the Netskope platform. This post aims to provide strategic, actionable intelligence on active threats against enterprise users worldwide.

On April 15th, Fabian Bäumer and Marcus Brinkmann of Ruhr University Bochum disclosed that PuTTY had a vulnerability that can allow an attacker to compromise private keys, then forge signatures, and log into any remote servers on which those keys are used. PuTTY is a free and open-source terminal emulator, serial console and network file transfer application that supports several network protocols, including SCP, SSH, Telnet, rlogin, serial port and raw socket connections.

Digital transformation powers critical infrastructure, the protection of systems is paramount. ThreatQuotient has announced its participation in the vendor affiliate program of the Electricity Information Sharing and Analysis Center (E-ISAC). This collaboration marks a significant step forward in fortifying North America’s electricity grid against cyber threats.

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news, and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team.

Cybersecurity teams are under immense pressure in 2024. They need to be more efficient than ever to stay ahead of evolving threats. This means embracing new technologies, strategies, and frameworks. One powerful tool in their arsenal is the threat intelligence lifecycle—a vital but challenging aspect of proactive cyber defense. Forward-thinking enterprises understand the value of a structured approach to threat intelligence.

On April 12th, Palo Alto Networks released a CVE advisory for CVE-2024-3400, a critical vulnerability identified in the GlobalProtect Gateway feature of PAN-OS, the operating system for Palo Alto Networks firewalls. This command injection vulnerability allows unauthenticated attackers to execute arbitrary commands with root privileges on the affected devices.

The US Government recently announced that state-sponsored Chinese cyber group Volt Typhoon has compromised multiple critical infrastructure organisations’ IT networks in the US and is preparing “disruptive or destructive cyber attacks” against communications, energy, transport, water and waste water systems.