Latest Stories

Stay up-to-date with everything at Approach

Blog article

Weekly Digest Week 28 – 2024

Publication date

12.07.2024

Featured Story

Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool

Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass.

Catalogued as CVE-2024-5910 (CVSS score: 9.3), the vulnerability has been described as a case of missing authentication in its Expedition migration tool that could lead to an admin account takeover.

While there is no evidence that the vulnerability has been exploited in the wild, users are advised to update to the latest version to secure against potential threats.

SOC Analysis:
Organisations should update to the latest version of the affected products to prevent potential admin account takeovers and secure sensitive information. As a workaround, restrict Expedition access to trusted hosts and users only.

Other Stories

Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days

Microsoft’s July Patch Tuesday addresses 142 vulnerabilities, including 4 zero-days — two of which are being actively exploited (CVE-2024-38080 and CVE-2024-38112). The most severe could grant SYSTEM-level privileges.

SOC Analysis:
One of the zero-days could allow full system compromise. Organizations should prioritize applying patches immediately after testing to prevent exploitation.

Critical GitLab Bug Threatens Software Development Pipelines

GitLab urges users to patch CVE-2024-5655 (CVSS 9.6), a vulnerability that allows triggering pipelines as another user. This could lead to CI/CD misuse and major compliance risks.

SOC Analysis:
The flaw could be abused to manipulate pipelines with another user’s privileges. Immediate patching is advised to prevent security or regulatory consequences.

Beware of card collectors!

Febelfin and prosecutors warn of fraudsters pretending to be bank employees who come to collect your bank card, PIN, or valuables in person. This scam has been on the rise across Belgium.

SOC Analysis:
A real bank will never send someone to collect your card or PIN. Stay alert, and never provide personal or banking info to unsolicited visitors or over the phone.

Want to enhance your organization’s cyber awareness or compliance strategy?
Contact the Approach Cyber SOC team for tailored support and training programs.

OTHER STORIES

Contact us to learn more about our services and solutions

Our team will help you start your journey towards cyber serenity

Do you prefer to send us an email?