On November 19, 2024, Arctic Wolf began observing active exploitation of the recently-disclosed CVE-2024-0012 and CVE-2024-9474 vulnerabilities impacting Palo Alto Networks PAN-OS software. When chained together, these vulnerabilities allow an unauthenticated threat actor with network access to the management web interface to gain administrator privileges.

In September 2024, Netskope Threat Labs reported a Python-based NodeStealer targeting Facebook business accounts. NodeStealer collects Facebook and other credentials stored in the browser and its cookie data. For over a year, we have tracked and discovered multiple variants of this infostealer. It is now targeting new victims and extracting new information using new techniques. In this blog post, we will dissect the development of the Python NodeStealer from multiple samples in the wild.

Maintaining robust cybersecurity defenses comes with significant costs, but one area that often exceeds is the ongoing administration of Security Information and Event Management (SIEM) systems. The expenses associated with logging, storing, and managing SIEM data can escalate rapidly, especially when compounded by compliance and regulatory requirements. What are these hidden costs and how can you mitigate them while also ensuring compliance?

On November 18, 2024, Palo Alto Networks (PAN) fully disclosed two serious vulnerabilities in PAN-OS software that had previously been partially disclosed on November 8th. The first vulnerability, CVE-2024-0012, is a critical severity (9.3) authentication bypass in the PAN-OS management web interface. It allows unauthenticated attackers with network access to gain administrator privileges by bypassing the authentication check entirely, essentially telling the server not to check for authentication at all.

We’re thrilled to announce that Jit has achieved the AWS Security Competency, a significant milestone that underscores our commitment to revolutionizing product security for developers and security teams alike. This recognition from AWS validates our leadership in the security space and highlights the value we bring to organizations looking to embed automated security into their development workflows.

Are you a service organization seeking an audit to gain customers’ trust? Or maybe you are looking to attract prospective clients by proving how serious you are with customers’ data. If that is the case, you have come to the right place.

In this blog we will cover what we know about the Finastra breach, what we know about who might have been compromised and an analysis of the validity of the Threat Actor abyss0.

The holiday season is here, and with it comes the thrill of Black Friday deals and holiday shopping sprees. But it's not just shoppers who are gearing up – cybercriminals are ready to take advantage of the holiday rush, hoping to catch unsuspecting consumers off guard. While Trustwave generally focuses on protecting enterprises from cyberattacks and scams, we feel it’s important to help consumers, as well. After all, many people use work devices for online shopping and accessing social media.

About five years ago, I was having trouble with an expensive brand-name refrigerator that my wife and I had bought. It was a great refrigerator feature-wise. My wife and I initially loved it. But it kept breaking. And each break, even though it was covered by the warranty, took weeks and weeks to repair.

Why are so many security teams migrating from legacy SOAR tools to next-gen solutions? This was one of the topics up for discussion as Tines engineer Whitney Young joined host Adrian Sanabria on the Enterprise Security Weekly podcast. Read on for a behind-the-scenes look at Whitney’s process for legacy SOAR migrations, including her top tips for teams considering a switch.