Palo Alto Networks yesterday patched a flaw in PAN-OS, the operating system that runs on its firewalls and enterprise VPN appliances. The vulnerability, CVE-2020-2021, is assessed as very serious, rated a 10 out of a possible ten in the CVSSv3 scoring system, both easy to exploit and remotely exploitable. US Cyber Command has urged all users to patch as soon as possible, and warned that exploitation by foreign intelligence services can be expected soon. CISA has also distributed the alert. ITNews credits researchers at Monash University with tipping Palo Alto off to the problem.
The Promethium APT (also known as StrongPity, although that name has also been used for one of the group's tools) is back, ZDNet and others report, and active against targets in Turkey and Syria. Its latest wave of attacks features new Trojanized installers. Promethium is a cyberespionage and surveillance operation active since 2012 at least. Researchers at Bitdefender and Cisco Talos believe it to be state-sponsored. Which state is unclear, and Cisco Talos believes it's possible that Promethium is a crew of hired guns, cyber mercenaries hired by a nation-state. It's had an extensive target list. While Middle Eastern and North African nations have figured prominently among its targets, Promethium has also been active in Europe, Asia, and the Americas.
Group-IB reports a widespread Bitcoin scam that's exposed personal data on thousands of victims.
Lucy Security says it's found data from nine-hundred-forty-five websites for sale in dark web souks. Up to fourteen-million victims may be affected.