Our blog with details on the exploitation of CVE-2024-3400 is up! An incredibly fast turn around from our detecting a breach to smashing threat actor capabilities. Huge shout out to our Volexity team and our awesome customers & a great response from the Palo Alto Networks team.

Passage came after members churned through a handful of amendments, most notably a bipartisan one that would have required U.S. law enforcement to obtain a court warrant the 702 database.

The amendment was defeated in a 212-212 tie vote.

therecord.media/fisa-section-7…

Our latest blog post details Volexity's identification & incident response associated with the Palo Alto Networks GlobalProtect #0day vuln, assigned CVE-2024-3400, that the team found being exploited in the wild.

Read more here: volexity.com/blog/2024/04/1…

#DFIR #ThreatIntel

📌 Palo Alto GlobalProtect VPN 🌐📡

▪ Shodan (41,662): http.html_hash:-1303565546
▪ Censys (41,163): services.http.response.body_hash='sha1:28f1cf539f855fff3400f6199f8912908f51e1e1'

CVE-2024-3400 (RCE exploited in the wild) ↓

IOCs, rejoice! volexity.com/blog/2024/04/1…

After multiple attempts, including one just two days ago, the House on Friday voted to renew a law that allows the government to conduct warrantless surveillance of foreigners

therecord.media/fisa-section-7…

Polish prosecutors are intensifying their investigation into the alleged misuse of Pegasus spyware by government officials against opposition members. therecord.media/poland-pegasus…

U.S. Treasury sanctions a top Hamas official leading a cyber influence dept., aiming to impede the group's cyber warfare and UAV production capabilities. therecord.media/al-qassam-abu-…

NEW: Shakeeb Ahmed has been convicted to three years in prison for hacking two cryptocurrency exchanges, and stealing around $12 million in crypto.

One of his victims, Nirvana Finance, had to shut down after the hack.

techcrunch.com/2024/04/12/sec…

Let's light this candle.

Members will vote on a series of amendments to the FISA Section 702 bill before final passage.

Here is the voting order: repcloakroom.house.gov/vote_sheet/vot…

First up? THE WARRANT REQUIREMENT.

TGI-FISA

#Citrix released security updates to address vulnerabilities in XenServer and Citrix Hypervisor. Review the advisory & update accordingly👉 cisa.gov/news-events/al… #Cybersecurity #InfoSec

🚩Palo Alto Networks has released workaround guidance for a command injection vulnerability (CVE-2024-3400) affecting PAN-OS versions 10.2, 11.0 & 11.1. Apply workarounds asap 👉 cisa.gov/news-events/al…

👀 This seems bad.

Palo Alto Networks warns of zero-day in VPN product therecord.media/vpn-zero-day-p… The Record From Recorded Future News & jon greig

CISA has already added Palo Alto's CVE-2024-3400 to the KEV list and only gave federal agencies one week to remediate

therecord.media/vpn-zero-day-p…

We have also started sharing out D-Link NAS CVE-2024-3273 vulnerable instances. Around ~2400 vulnerable instances found on 2024-04-11: dashboard.shadowserver.org/statistics/com…

Data shared in vulnerable HTTP report - shadowserver.org/what-we-do/net…

Palo Alto Networks warns of a zero-day vulnerability, CVE-2024-3400, in its GlobalProtect VPN, exploited by hackers. therecord.media/vpn-zero-day-p…

#Juniper released security advisories to address multiple vulnerabilities in Junos OS, Junos OS Evolved, Paragon Active Assurance & Junos OS: EX4300 Series. Review & apply updates at cisa.gov/news-events/al… #Cybersecurity #InfoSec

Apple has sent a new batch of threat notifications to users in 92 countries who may have been targeted by mercenary spyware attacks, according to several media reports. therecord.media/apple-spyware-…

#Rhysida has listed Hernando County. #ransomware 1/3