Ayman Hamam, Author at Arab Security Consultants

PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released

Monday, 18 November 2024 by Ayman Hamam

Palo Alto Networks has released new indicators of compromise (IoCs) a day after the network security vendor confirmed that a new zero-day vulnerability impacting its PAN-OS firewall management interface has been actively exploited in the wild. To that end, the company said it observed malicious activity originating from below IP addresses and targeting PAN-OS management web interface

Published in News

Tagged under: Active Exploitation Alerts, ArabSecurityConsultants, ASC, CISA Vulnerability Updates., Critical CVSS Vulnerability, cybersecurity advisory, Firewall Security, Management Interface Security, Palo Alto IoCs, Palo Alto Networks Advisory, Palo Alto Networks Zero-Day, PAN-OS Vulnerability, Remote Code Execution (RCE) Flaw, Threat Actor Activity, Unauthenticated RCE, Web Shell Exploitation, Zero-Day Exploitation

Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns

Monday, 11 November 2024 by Ayman Hamam

Palo Alto Networks on Friday issued an informational advisory urging customers to ensure that access to the PAN-OS management interface is secured because of a potential remote code execution vulnerability. “Palo Alto Networks is aware of a claim of a remote code execution vulnerability via the PAN-OS management interface,” the company said. “At this time, we

Published in News

Tagged under: ASC, CISA Advisory, CVE-2024-5910, Cyber Threat Mitigation, Cyber Threat Response, cybersecurity advisory, Cybersecurity Vulnerability Management, Expedition Tool Vulnerability, IP Restriction, Management Interface Security, Network Security Best Practices, Palo Alto Networks, PAN-OS Security, RCE Protection, Remote Code Execution Vulnerability, Secure Management Interface

Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar

Monday, 04 November 2024 by Ayman Hamam

Did you know that advanced threat actors can infiltrate the identity systems of major organizations and extract sensitive data within days? It’s a chilling reality, becoming more common and concerning by the day. These attackers exploit vulnerabilities in SaaS and cloud environments, using compromised identities to move laterally within networks, causing widespread damage. Cybersecurity and

Published in News

Tagged under: Advanced Threat Actors, ArabSecurityConsultants, ASC, cloud security, Cyber Defense, Cyber Threats, Cybersecurity Webinar, data breaches, Detection and Response, Identity Infrastructure, Identity Security, Identity-Based Attacks, IT Security, Lateral Movement, LUCR-3, SaaS Security, Scattered Spider

Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel

Monday, 28 October 2024 by Ayman Hamam

A new attack technique could be used to bypass Microsoft’s Driver Signature Enforcement (DSE) on fully patched Windows systems, leading to operating system (OS) downgrade attacks. “This bypass allows loading unsigned kernel drivers, enabling attackers to deploy custom rootkits that can neutralize security controls, hide processes and network activity, maintain stealth, and much more,” SafeBreach

Published in News

Tagged under: ASC, Code Integrity, CVE-2024-21302, CVE-2024-38202, cyberSecurity, CYbersecurityCOnsultant, Driver Signature Enforcement, DSE Bypass, Kernel-Level Attack, Microsoft, OS Downgrade, Patch Tuesday, privilege escalation, Rootkit, UEFI Lock, VBS, Windows Security, Windows Update

OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf

Tuesday, 15 October 2024 by Ayman Hamam

The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region. “The group utilizes sophisticated tactics that include deploying a backdoor that leverages Microsoft Exchange servers for credentials theft, and exploiting vulnerabilities like

Published in News

Tagged under: APT34, credentials theft, CVE-2024-30088, Cyber espionage, cyberattack, Earth Simnavaz, Gulf region, Malware, Microsoft Exchange, OilRig, privilege escalation, psgfilter.dll, STEALHOOK, U.A.E., vulnerability exploitation, Windows Kernel

Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware

Sunday, 21 July 2024 by Ayman Hamam

Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in Latin America under the guise of a providing a hotfix. The attack chains involve distributing a ZIP

Published in News

Tagged under: CrowdStrike, cyberSecurity, IT disruption, Latin America, Malware, mitigation, official support, Remcos RAT, threat actors, Windows devices.

Singapore Banks to Phase Out OTPs for Online Logins Within 3 Months

Wednesday, 17 July 2024 by Ayman Hamam

Retail banking institutions in Singapore have three months to phase out the use of one-time passwords (OTPs) for authentication purposes when signing into online accounts to mitigate the risk of phishing attacks. The decision was announced by the Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS) on July 9, 2024.

Published in Uncategorized

Tagged under: Arab Security Consultants, ASC, Authentication, cyberSecurity, DigitalTokens, FinancialFraudPrevention, OnlineBankingSecurity, PhishingPrevention, SingaporeBanking

Webinar Alert: Learn How ITDR Solutions Stop Sophisticated Identity Attacks

Sunday, 07 July 2024 by Ayman Hamam

Identity theft isn’t just about stolen credit cards anymore. Today, cybercriminals use advanced tactics to infiltrate organizations and cause major damage with compromised credentials. The stakes are high: ransomware attacks, lateral movement, and devastating data breaches. Don’t be caught off guard. Join us for a groundbreaking webinar that will change how you approach cybersecurity. Gain

Published in News

Tagged under: Arab Security Consultants, ASC, Cyber Attack Prevention., cybersecurity trends., Cybersecurity Webinar, Digital Identity Protection, Identity Security, Identity Threat Detection, ITDR, ITDR Solutions, Ransomware Defense

RedJuliett Cyber Espionage Campaign Hits 75 Taiwanese Organizations

Tuesday, 25 June 2024 by Ayman Hamam

A likely China-linked state-sponsored threat actor has been linked to a cyber espionage campaign targeting government, academic, technology, and diplomatic organizations in Taiwan between November 2023 and April 2024. Recorded Future’s Insikt Group is tracking the activity under the name RedJuliett, describing it as a cluster that operates in Fuzhou, China, to support Beijing’s intelligence

Published in News

Tagged under: academic cyber attacks, Arab Security Consultants, ASC, China-linked threat actor, Cyber espionage, Cyber Security, cyber threat analysis, diplomatic espionage, intelligence collection, RedJuliett, Taiwan government hacking, technology sector threats

AI Company Hugging Face Detects Unauthorized Access to Its Spaces Platform

Monday, 03 June 2024 by Ayman Hamam

Artificial Intelligence (AI) company Hugging Face on Friday disclosed that it detected unauthorized access to its Spaces platform earlier this week. “We have suspicions that a subset of Spaces’ secrets could have been accessed without authorization,” it said in an advisory. Spaces offers a way for users to create, host, and share AI and machine learning (ML) applications. It also

Published in News

Tagged under: AI app secrets, AI security breach, AIaaS providers, Arab Security Consultants, ASC, cyberSecurity, data protection, Hugging Face, security advisory, Spaces platform, token refresh, unauthorized access.

Author: Ayman Hamam