Major Palo Alto security flaw is being exploited via Python zero-day backdoor

Major Palo Alto security flaw is being exploited via Python zero-day backdoor

For weeks now, unidentified threat actors have been leveraging a critical zero-day vulnerability in Palo Alto Networks’ PAN-OS software, running arbitrary code on vulnerable firewalls, with root privilege.  Multiple security researchers have flagged the campaign, including Palo Alto Networks’ own Unit 42, noting a single threat actor group has been abusing a vulnerability called command … Read more

Thousands of D-Link NAS devices have serious backdoor security issues

Thousands of D-Link NAS devices have serious backdoor security issues

A high-severity vulnerability has been recently discovered in certain D-Link Network Attached Storage (NAS) instances which could be used to run malicious code, steal sensitive data, and mount denial-of-service (DoS) attacks. Cybersecurity researcher Netsecfish, who discovered the flaw, found multiple instances of D-Link’s NAS devices have an arbitrary command injection flaw in the “system” parameter, … Read more

Huge backdoor discovered that could compromise SSH logins on Linux

Huge backdoor discovered that could compromise SSH logins on Linux

On Friday March 29, Microsoft employee Andres Freund shared that he had found odd symptoms in the xz package on Debian installations. Freund noticed that ssh login was requiring a lot of CPU and decided to investigate leading to the discovery. The vulnerability has received the maximum security ratings with a CVS score of 10 … Read more