The Information Highway

Roku warns that 576,000 accounts were hacked in new credential stuffing attacks after disclosing another incident that compromised 15,000 accounts in early March.

Today, Palo Alto Networks warns that an unpatched critical command injection vulnerability in its PAN-OS firewall is being actively exploited in attacks.

LastPass revealed this week that threat actors targeted one of its employees in a voice phishing attack, using deepfake audio to impersonate Karim Toubba, the company's Chief Executive Officer.

Suspected state-sponsored hackers have been exploiting a zero-day vulnerability in Palo Alto Networks firewalls tracked as CVE-2024-3400 since March 26, using the compromised devices to breach internal networks, steal data and credentials.

Threat update

Recent flaws found in Ivanti Connect Secure and Policy Secure Gateways can lead to remote code execution (RCE) attacks. Review this Cybersecurity Threat Advisory to learn additional details and recommendations to keep your organization secure. 

Threat update

Two vulnerabilities were found in legacy D-Link products that have reached end-of-life (EoL) status. The vulnerabilities can cause command injection and backdoor account to these devices. This Cybersecurity Threat Advisory discusses the impact of the threat, as well as recommendations to mitigate risks these vulnerabilities may cause.

Threat update

A supply chain vulnerability was found in XZ Utils that creates a backdoor into OpenSSH and can lead to remote code execution (RCE). Read this Cybersecurity Threat Advisory to learn about this supply chain vulnerability and how to reduce your risks. 

A threat researcher has disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage (NAS) device models.. 

Hackers are using Facebook advertisements and hijacked pages to promote fake Artificial Intelligence services, such as MidJourney, OpenAI's SORA and ChatGPT-5, and DALL-E, to infect unsuspecting users with password-stealing malware.

Acuity, a federal contractor that works with U.S. government agencies, has confirmed that hackers breached its GitHub repositories and stole documents containing old and non-sensitive data.

Panera Bread's recent week-long outage was caused by a ransomware attack, according to people familiar with the matter and emails. 

Visa is warning about a spike in detections for a new version of the JsOutProx malware targeting financial institutions and their customers.

Cancer treatment and research center City of Hope is warning that a data breach exposed the sensitive information of over 820,000 patients. 

Threat update

 The threat actor TA558 is conducting a phishing campaign targeting various sectors in Latin America, intending to deploy the remote access tool known as Venom RAT. LBT Technology Group encourages organizations to follow the recommendations detailed in this Cybersecurity Threat Advisory to mitigate the potential risk of this campaign.

Threat update

Malicious actors have launched a software supply chain attack targeting developers on the GitHub platform. LBT Technology Group, LLC. recommends taking proactive measures detailed in this Cybersecurity Threat Advisory to mitigate the risk. 

Threat update

The AWS "FlowFixation" vulnerability, while patched in September 2023, may still pose account hijacking risks within its Amazon Managed Workflows Apache Airflow (MWAA) service. Read this Cybersecurity Threat Advisory to learn the impact and security measures to mitigate risks associated with this vulnerability. 

Threat update

AT&T has finally confirmed it is impacted by a data breach affecting 73 million current and former customers after initially denying the leaked data originated from them.

Security researchers found a new version of the Vultur banking trojan for Android that includes more advanced remote control capabilities and an improved evasion mechanism.

American retailer Hot Topic disclosed that two waves of credential stuffing attacks in November exposed affected customers' personal information and partial payment data.