21 avril 2024 | International, Sécurité

Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack

A critical vulnerability (CVE-2024-3400) in Palo Alto Networks PAN-OS is being actively exploited by threat actors.

https://thehackernews.com/2024/04/palo-alto-networks-discloses-more.html

Sur le même sujet

  • In chaos, there’s opportunity … and that’s bad news

    27 avril 2020 | International, Aérospatial, Naval, Terrestre, C4ISR, Sécurité

    In chaos, there’s opportunity … and that’s bad news

    James Yeager This year is only four months old and it's already one for the history books — and not in a great way. As the defense community works in tandem with the broader government to keep citizens safe and healthy, cybersecurity threats are only becoming more aggressive. If we've learned anything about cyber adversaries, it's that they will seize on any opportunity to gain an advantage in targeting their victims, including exploiting the fears of the public during a global pandemic. As COVID-19 has moved from the East to the West, adversaries have followed suit, using lures that play into people's desperation for information on the disease. In “The Art of War,” Sun-Tzu said“In the midst of chaos, there is also opportunity.” The COVID-19 virus is infecting more than just people. The pandemic has created chaos and handed adversaries an irresistible opportunity to exploit the situation to gain entry into our networks, whether that's to steal intellectual property, disrupt operations, or gain a strategic advantage if they are a nation-state actor. Already, we are seeing an increase in phishing campaigns using COVID-19 as a hook to launch malware in emails disguised as alerts. Particularly vulnerable are the thousands of remote workers — government employees and contractors alike — who are using their own home networks, which are largely less sophisticated and secure than their work environments. The stakes are high, particularly for those in defense jobs, where an errant click can have devastating consequences. Coincidently, 2020 is the year when the DoD's Cybersecurity Maturity Model Certification has grown teeth and will force more than 300,000 defense contractors to up their cybersecurity game or face bottom-line consequences. Now is not the time to make mistakes. In CrowdStrike's recent Global Threat Report, we captured and analyzed real-world inputs from observed trends in cyber-attacks on commercial and government enterprises. The following are some of the notable attack vectors and trends we observed across the public sector during 2019: An escalation in ransom demands, including ransomware attacks on defense supply chain providers, schools and local municipalities. Surpassing the volume of malware attacks are malware-free attacks that use code which executes from memory or stolen login credentials. Continued state-sponsored targeted intrusions aimed at the government and defense sector. In fact, we have witnessed adversaries exploiting fear around COVID-19 to socially engineer their way to user credentials and sensitive data. In the months ahead, I contend we'll see many more of the same tactics from the same bad actors: Russia, China and newer players on the block, such as Iran, which has leveraged U.S. social media platforms to develop information operations campaigns. Amidst massive change, periodic chaos and long-term disruption, the defense community — government and industry — must put a premium on speed. Speed to detect. Speed to investigate. Speed to mitigate. We recommend that agencies and companies implement cybersecurity practices that follow the 1-10-60 Rule: detect intrusions within 1 minute; investigate and gain a comprehensive understanding of the attack within 10 minutes; and contain and remove the threatening adversary from the network within 60 minutes. This benchmark will limit the damage caused by inevitable attacks. Yes, inevitable. Cyberattacks are a constant and while building a bigger, wider and thicker wall may help keep bad actors out, they are persistent and determined enough to eventually get in, and when they do, you're on the clock. This year will only get worse as the impacts of COVID-19 will be deep, damaging and long-lasting. We're all faced with loss and uncertainty as we attempt to recover from the global pandemic. For the defense community, there is no time to recover and regroup. You are already on the clock, as those who wish to do our nation harm are already hard at work. https://www.fifthdomain.com/opinion/2020/04/24/in-chaos-theres-opportunity-and-thats-bad-news/

  • Anduril Collaborates with Microsoft to Bring Lattice to the U.S. Army's IVAS Program

    19 septembre 2024 | International, Terrestre

    Anduril Collaborates with Microsoft to Bring Lattice to the U.S. Army's IVAS Program

    This partnership includes initial integration of Anduril's Lattice platform into the IVAS ecosystem, leveraging Anduril's software and systems integration expertise, to enhance the capabilities fielded to Soldiers through IVAS.

  • Babcock Team 31 selected as preferred bidder for UK Type 31 frigate programme

    13 septembre 2019 | International, Naval

    Babcock Team 31 selected as preferred bidder for UK Type 31 frigate programme

    September 12, 2019 - Babcock Team 31 has been selected by the UK Ministry of Defence (MOD) as the preferred bidder to deliver its new warships. Led by Babcock, the Aerospace and Defence company, and in partnership with the Thales Group, the T31 general purpose frigate programme will provide the UK Government with a fleet of five ships, at an average production cost of £250 million per ship. Following a comprehensive competitive process, Arrowhead 140, a capable, adaptable and technology-enabled global frigate will be the UK Royal Navy's newest class of warships, with the first ship scheduled for launch in 2023. At its height the programme will maximise a workforce of around 1250 highly- skilled roles in multiple locations throughout the UK, with around 150 new technical apprenticeships likely to be developed. The work is expected to support an additional 1250 roles within the wider UK supply chain. With Babcock's Rosyth facility as the central integration site, the solution provides value for money and squarely supports the principles of the National Shipbuilding Strategy. It builds on the knowledge and expertise developed during the Queen Elizabeth aircraft carrier modular build programme. The announcement follows a competitive design phase where Babcock Team 31 was chosen alongside two other consortia to respond to the UK MOD's requirements. Work on the fleet of five ships will begin immediately following formal contract award later this financial year, with detailed design work to start now and manufacture commencing in 2021 and concluding in 2027. Archie Bethel, CEO Babcock said: “It has been a tough competition and we are absolutely delighted that Arrowhead 140 has been recognised as offering the best design, build and delivery solution for the UK's Royal Navy Type 31 frigates. “Driven by innovation and backed by experience and heritage, Arrowhead 140 is a modern warship that will meet the maritime threats of today and tomorrow, with British ingenuity and engineering at its core. It provides a flexible, adaptable platform that delivers value for money and supports the UK's National Shipbuilding Strategy.” Arrowhead 140 will offer the Royal Navy a new class of ship with a proven ability to deliver a range of peacekeeping, humanitarian and warfighting capabilities whilst offering communities and supply chains throughout the UK a wide range of economic and employment opportunities. A key element of the Type31 programme is to supply a design with the potential to secure a range of export orders thereby supporting the UK economy and UK jobs. Arrowhead 140 will offer export customers an unrivalled blend of price, capability and flexibility backed by the Royal Navy's world-class experience and Babcock looks forward to working closely with DIT and MOD in this regard. Arrowhead 140 is a multi-role frigate equipping today's mariner with real-time data to support immediate and complex decision-making. The frigate is engineered to minimise through-life costs whilst delivering a truly leading-edge ship, featuring an established, proven and exportable combat management system provided by Thales. Victor Chavez, Chief Executive of Thales in the UK said: “Thales is delighted to be part of the successful Team 31 working with Babcock and has been at the forefront of innovation with the Royal Navy for over 100 years. “With the announcement today that Arrowhead 140 has been selected as the preferred bidder for the new Type 31e frigate, the Royal Navy will join the global community of 26 navies utilising the Thales Tacticos combat management system. Thales already provides the eyes and ears of the Royal Navy and will now provide the digital heart of the UK's next generation frigates.” Babcock will now enter a period of detailed discussions with the MOD and supply chain prior to formal contract award expected later this year. View source version on Babcock: https://www.babcockinternational.com/news/babcock-team-31-selected-as-preferred-bidder-for-uk-type-31-frigate-programme/ https://www.epicos.com/article/481187/babcock-team-31-selected-preferred-bidder-uk-type-31-frigate-programme

Toutes les nouvelles