Over 2000 Palo Alto firewalls were hacked, exploiting patched zero day vulnerabilities. Hackers breached U. S. firms using Wi Fi in a novel nearest neighbor attack. Meta removes over 2 million accounts linked to pig butchering scams. And Google's new free cybersecurity certificate prepares students for jobs in just six months.
The second CVE 2024 9474 is a privilege escalation flaw that enables attackers to execute commands with root privileges. Palo Alto networks disclosed the potential for remote code execution linked to these flaws earlier this month. A coordinated attack chaining these vulnerabilities has been observed, with attackers dropping malware and running unauthorized commands on compromised devices.
Palo Alto Networks advises customers to secure firewall management interfaces by restricting access to trusted internal IP addresses, aligning with its best practice deployment guidelines. Risk of these issues are greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses, was what the company said in their post.
Russian state sponsored hackers known as Apt28 or Fancy Bear pulled off a highly creative cyber attack exploiting Wi Fi networks from thousands of miles away. This new tactic, dubbed the Nearest Neighbor Attack, combined cunning strategy, With technical precision to breach a U S firm involved in Ukraine related work.
This device became their bridge. The hackers used RDP to control that nearby device and it logged into the target's Wi Fi. Once inside the target's network, the hackers were able to maintain a low profile by relying on native Windows tools, and they were able to successfully exfiltrate data they were looking for, in this case, information about projects related to Ukraine.
The lesson? Wi Fi networks need the same level of protection as internet facing systems. MFA, device restrictions, and continuous monitoring are essential to closing gaps, but sophisticated attackers will inevitably exploit them. On our weekend show, David Shipley pointed out that although a lot of our attention goes deservedly to things like ransomware and other technical compromises, fraud is still one of the biggest issues for individuals and companies.
Often under the threat of physical abuse, the term pig butchering refers to financial investment scams that involve prolonged deception where victims are manipulated into depositing money into fraudulent platforms.
And while many of these companies rob individuals and not companies, we need to remember that any employee who's compromised and in financial distress due to a fraud is an issue that affects us corporately as well. And of course, some of these frauds directly attack companies. And finally, for those who want to expand their skill sets, but don't have extra money or want a risk free way of seeing if they're suitable, Google has introduced a free Cybersecurity Professional Certificate.
Students can take the course for free, but if they want a certificate, they can get the course for $49 a month after a seven day free trial. At an estimated completion time of six months, that's going to be about 300 U. S. to complete the course. Upon earning the credentials, graduates can add it to their LinkedIn profiles and resumes, and U.
And that's our show for today. You can find links to reports and other details on our show notes at technewsday. com. We welcome your comments, tips, and the occasional bit of constructive criticism at editorial at technewsday. ca.