Lifeboat Foundation

Approximately 22,500 exposed Palo Alto GlobalProtect firewall devices are likely vulnerable to the CVE-2024–3400 flaw, a critical command injection vulnerability that has been actively exploited in attacks since at least March 26, 2024.

CVE-2024–3400 is a critical vulnerability impacting specific Palo Alto Networks’ PAN-OS versions in the GlobalProtect feature that allows unauthenticated attackers to execute commands with root privileges using command injection triggered by arbitrary file creation.

The flaw was disclosed by Palo Alto Networks on April 12, with the security advisory urging system administrators to apply provided mitigations immediately until a patch was made available.

Tesla is set to roll out an awesome new feature with Sentry Mode, allowing owners to watch the video clip recorded by the car on their phone.

Sentry Mode is a security feature on Tesla vehicles that records instances and events that occur near the car. It has helped solve things as simple as petty vandalism, like keying, and even liability in accidents.

For years, it has been available on Tesla vehicles. Yet, people are still not aware of this capability and continue to commit crimes on the cars, not realizing they are being recorded.

Threat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March 26, 2024, nearly three weeks before it came to light yesterday.

The network security company’s Unit 42 division is tracking the activity under the name Operation MidnightEclipse, attributing it as the work of a single threat actor of unknown provenance.

The security vulnerability, tracked as CVE-2024–3400 (CVSS score: 10.0), is a command injection flaw that enables unauthenticated attackers to execute arbitrary code with root privileges on the firewall.

PRESS RELEASE — The full power of next-generation quantum computing could soon be harnessed by millions of individuals and companies, thanks to a breakthrough by scientists at Oxford University Physics guaranteeing security and privacy. This advance promises to unlock the transformative potential of cloud-based quantum computing and is detailed in a new study published in the influential U.S. scientific journal Physical Review Letters.

Quantum computing is developing rapidly, paving the way for new applications which could transform services in many areas like healthcare and financial services. It works in a fundamentally different way to conventional computing and is potentially far more powerful. However, it currently requires controlled conditions to remain stable and there are concerns around data authenticity and the effectiveness of current security and encryption systems.

Several leading providers of cloud-based services, like Google, Amazon, and IBM, already separately offer some elements of quantum computing. Safeguarding the privacy and security of customer data is a vital precursor to scaling up and expending its use, and for the development of new applications as the technology advances. The new study by researchers at Oxford University Physics addresses these challenges.

Google tackles Chrome security with new V8 Sandbox. This aims to stop memory issues from spreading, protecting your browser experience.

Commercial customers will have to get their wallets ready to keep receiving security updates for Windows 10.

The third proof point is both the increase in manufacturing capacity investment and the change in how that investment will be managed. With the interest in governments to secure future semiconductor manufacturing for both supply security and economic growth, Mr. Gelsinger went on a spending spree with investment in expanding capacity in Oregon, Ireland, and Israel, as well as six new fabs in Arizona, Ohio, and Germany. Most of the initial investment was made without the promise of government grants, such as the US Chips Act. However, Intel has now secured more than $50B from US and European government incentives, customer commitments starting with its first five customers on the 18A process node, and its financial partners. Intel has also secured an additional $11B loan from the US government and a 25% investment tax credit.

In addition to it’s own investment in fab capacity, Intel is partnering with Tower Semiconductor and UMC, two foundries with long and successful histories. Tower will be investing in new equipment to be installed in Intel’s New Mexico facility for analog products, and UMC will partner with Intel to leverage three of the older Arizona fabs and process nodes, starting with the 12nm, to support applications like industrial IoT, mobile, communications infrastructure, and networking.

The second side of this investment is how current and future capacity will be used. As strictly an IDM, Intel has historically capitalized on its investments in the physical fab structures by retrofitting the fabs after three process nodes, on average. While this allowed for the reuse of the structures and infrastructure, it eliminated support for older process nodes, which are important for many foundry customers. According to Omdia Research, less than 3% of all semiconductors are produced on the latest process nodes. As a result, Intel is shifting from retrofitting fabs for new process nodes to maintaining fabs to support extended life cycles of older process nodes, as shown in the chart below. This requires additional capacity for newer process nodes.

Discover AI school safety solutions with security technology from Xtract One. Protect your educational institution with cutting-edge threat detection solutions.

Microsoft has fixed an issue that triggers erroneous Outlook security alerts when opening. ICS calendar files after installing the December 2023 Outlook Desktop security updates.

The December Patch Tuesday security updates behind these inaccurate warnings patch the CVE-2023–35636 Microsoft Outlook information disclosure vulnerability, which attackers can exploit to steal NTLM hashes via maliciously crafted files.

These credentials are used to authenticate as the compromised Windows user in pass-the-hash attacks, to gain access to sensitive data or spread laterally on their network.