š
Attacks & Vulnerabilities
Palo Alto Networks Warns of Exploited Firewall Vulnerability (3 minute read)
Threat actors are exploiting a critical command injection vulnerability (CVE-2024-3400) in Palo Alto Networks firewalls that allows unauthenticated attackers to execute arbitrary code with root privileges. The vulnerability, with a severity score of 10/10, affects the GlobalProtect feature in PAN-OS versions 10.2, 11.0, and 11.1.
Seccomp internals deep dive ā Part 1 (10 minute read)
This blog post explores the internals of seccomp including its architecture, key concepts, and practical applications. The post provides kernel code examples that refer to x86_64 architecture with Linux kernel version 6.7.1. The second part of the post is expected to cover seccomp notifications.
SOC Project with full Automation LAB (4 minute read)
This blog summarizes the architecture of a fully-featured open source SOC lab consisting of powerful technologies used by Fortune 500 companies. Despite being open source, these tools offer comprehensive security incident detection, response, automation, and threat intelligence capabilities.
What we need to take away from the XZ Backdoor (12 minute read)
This article discusses a significant security breach involving the XZ compression tool, used widely in Linux distributions, which was discovered to contain a malicious backdoor. This backdoor specifically targeted distribution builds using GCC and glibc, raising serious concerns about supply chain security. The openSUSE team, upon discovering the threat, acted swiftly to remove the compromised software and rebuild affected packages to ensure system integrity. The scenario emphasizes the need for heightened security measures and more robust community vigilance in open-source projects.
Ex-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Thefts (2 minute read)
A former security engineer at Amazon, Shakeeb Ahmed was sentenced to three years in prison for hacking two cryptocurrency exchanges in July 2022 and stealing over $12.3 million. He pled guilty to computer fraud charges in December 2023 following his arrest in July. Ahmed exploited security flaws to insert fake pricing data and fraudulently generate inflated fees, which he then withdrew.