Featured Story
Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool
Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass.
Catalogued as CVE-2024-5910 (CVSS score: 9.3), the vulnerability has been described as a case of missing authentication in its Expedition migration tool that could lead to an admin account takeover.
While there is no evidence that the vulnerability has been exploited in the wild, users are advised to update to the latest version to secure against potential threats.
Organisations should update to the latest version of the affected products to prevent potential admin account takeovers and secure sensitive information. As a workaround, restrict Expedition access to trusted hosts and users only.
Other Stories
Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days
Microsoft’s July Patch Tuesday addresses 142 vulnerabilities, including 4 zero-days — two of which are being actively exploited (CVE-2024-38080 and CVE-2024-38112). The most severe could grant SYSTEM-level privileges.
One of the zero-days could allow full system compromise. Organizations should prioritize applying patches immediately after testing to prevent exploitation.
Critical GitLab Bug Threatens Software Development Pipelines
GitLab urges users to patch CVE-2024-5655 (CVSS 9.6), a vulnerability that allows triggering pipelines as another user. This could lead to CI/CD misuse and major compliance risks.
The flaw could be abused to manipulate pipelines with another user’s privileges. Immediate patching is advised to prevent security or regulatory consequences.
Beware of card collectors!
Febelfin and prosecutors warn of fraudsters pretending to be bank employees who come to collect your bank card, PIN, or valuables in person. This scam has been on the rise across Belgium.
A real bank will never send someone to collect your card or PIN. Stay alert, and never provide personal or banking info to unsolicited visitors or over the phone.
Contact the Approach Cyber SOC team for tailored support and training programs.