A remote or hybrid workforce expands your company's surface area of attack beyond corporate firewall boundaries. Employees' personal computers introduce shadow IT, and home networks with default settings are easy targets, compounded by public Wi-Fi vulnerabilities. You need to develop a strategy to stay secure while remote employees work across untrusted networks. To learn how you can secure your company's workforce, get a free copy of the latest ThreatLocker® whitepaper on how to secure remote workforces.

Palo Alto Networks warns of PAN-OS zero-day exploitation.

Palo Alto Networks has confirmed that threat actors are exploiting a recently discovered vulnerability affecting its PAN-OS firewall management interface, the Record reports. The vulnerability (CVE-2024-0012) has been assigned a CVSS score of 9.3, and the company urges customers to apply mitigations as soon as possible.

Palo Alto stated, "An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474." The company added that it's "observed threat activity that exploits this vulnerability against a limited number of management web interfaces that are exposed to internet traffic coming from outside the network."

LIMINAL PANDA targets telecoms.

CrowdStrike has published a report on LIMINAL PANDA, a Chinese threat actor targeting telecommunications companies in countries associated with China's Belt and Road Initiative. The researchers note, "The adversary targets these organizations to directly collect network telemetry and subscriber information or to breach other telecommunications entities by exploiting the industry's interoperational connection requirements."

The goal of the operation is likely cyberespionage. CrowdStrike explains, "LIMINAL PANDA has previously focused on telecommunications providers in southern Asia and Africa, suggesting that their final targets likely reside in these regions; however, individuals roaming in these areas may also be targeted depending on the compromised network's configuration and LIMINAL PANDA's current access. Equally, depending on their current collection requirements, the adversary could employ similar TTPs to target telecoms in other regions."