Threat actors looking to maximize the amount of money they can make and chaos they can cause have once again chosen the supply chain as their target of attack. On Thursday, April 11, the Cybersecurity & Infrastructure Agency (CISA) warned customers of Sisense, a company that provides data analytics services to thousands of international companies, that they should reset their credentials for Sisense services and look out for suspicious activity involving their services.

SecOps teams face an unyielding barrage of security signals raised by various systems and tools. It’s estimated that 56% of large companies receive 1,000 or more alerts per day. SOC analysts are expected to wade through these alerts and determine which ones are important, which are low priority, and which are imperative. According to IDC, 83% of cybersecurity employees say they’re struggling to cope with the overwhelming alert volume.

Unauthenticated, remote attackers can execute arbitrary OS commands with root privileges against certain Palo Alto’s GlobalProtect firewalls, using a just announced critical severity vulnerability which is being actively exploited in the wild. While limited to specific versions and configurations, unauthenticated remote command execution vulnerabilities are among the most severe security vulnerabilities that exist. Indeed, CVE-2024-3400 has a critical 10 out of 10 rating under CVSS.

In a network each user, whether verified or not, is given a security identifier (SID), a virtual name tag. This unique identifier helps with managing users, giving administrators the ability to control on an individual level the rights and permissions of users, authentication and providing an overall level of security. A SID also hides private information of users such as the real names of the accounts, adding an additional layer of protection.

A command injection vulnerability has been discovered in the GlobalProtect feature within Palo Alto Networks PAN-OS software for specific versions that have distinct feature configurations that may enable a remote, unauthenticated attacker to execute arbitrary code with root privileges on the firewall. These specific versions require configurations for GlobalProtect gateway and device telemetry enabled.

CrowdStrike is constantly working to protect our customers from the newest and most advanced cybersecurity threats. We are actively monitoring activity related to CVE-2024-3400, a critical command injection vulnerability in the GlobalProtect feature of Palo Alto Networks’ PAN-OS software affecting “specific PAN-OS versions and distinct feature configurations,” the vendor says.

Simply put, APIs (short for application programming interface) are how machines, cloud workloads, automation and other non-human entities communicate with one another. They also represent an access point to highly sensitive company data and services. Almost every organization uses these machine interfaces, and their usage is only growing because they are essential to digital transformation and automation initiatives.

As large language models (LLMs) continue to push the boundaries of natural language processing, their widespread adoption across various industries has highlighted the critical need for robust security measures. These powerful AI systems, while immensely beneficial, are not immune to potential risks and vulnerabilities. In 2024, the landscape of LLM security tools has evolved to address the unique challenges posed by these advanced models, ensuring their safe and responsible deployment.

A vendor risk management assessment matrix could enhance your visibility into vendor risk exposure, helping you make more efficient risk management decisions. In this post, explain what a vendor risk assessment matrix is, how to use it, and provide a step-by-step guide for designing your own.

In the ever-evolving landscape of cybersecurity threats, staying ahead of potential risks is paramount. Today, we delve into a recent breach uncovered by the Foresiet Threat Intelligence Team. Our focus centers on the infiltration of PureB2B.co.uk's database by the threat actor known as KryptonZambie, shedding light on the implications and strategies for mitigation.