A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

An XZ Utils vulnerability allowed the embedding of malicious code in the libraries for XZ Utils versions 5.6.0 and 5.6.1. XZ Utils is data compression software that is present in several Linux distributions. The resulting build interferes with authentication in sshd via systemd.

Third-party vendors used by businesses and organizations continue to be targets of threat actors to conduct cyberattacks. These providers may serve as an entry point for threat actors to target multiple organizations with social engineering campaigns.

October marks the 20th annual Cybersecurity Awareness Month (CAM), which raises awareness of the importance of cybersecurity in America, ensuring everyone is prepared with the tools and resources they need to be safe and secure online.

Phishing attacks can lead to account compromises and malware infections, including ransomware. Users can reduce their likelihood of falling victim to phishing attacks by understanding common red flags and tactics. Threat actors use social engineering schemes to harvest information.