Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label cybersecurity vulnerabilities. Show all posts
IT Industry
Cyber Security Cybersecurity Precautions cybersecurity research cybersecurity risks cybersecurity vulnerabilities Global Supply-Chain Attack IT Industry

Global Supply Chains at Risk as Indian Third-Party Suppliers Face Rising Cybersecurity Breaches

 

Global supply chains face growing cybersecurity risks as research highlights vulnerabilities in Indian third-party suppliers. According to a recent report by risk management firm SecurityScorecard, more than half of surveyed suppliers in India experienced breaches last year, raising concerns about cascading effects on international businesses. The study examined security postures across multiple sectors, including manufacturing for aerospace and pharmaceuticals, as well as IT service providers. 

The findings suggest that security weaknesses among Indian suppliers are both more widespread and severe than analysts initially anticipated. These vulnerabilities could create a domino effect, exposing global companies that rely on Indian vendors to significant cyber threats. Despite the generally strong security posture of Indian IT service providers, they recorded the highest number of breaches in the study, underscoring their position as prime targets for attackers. 

SecurityScorecard noted that IT service providers worldwide face heightened cyber risks due to their central role in enabling third-party access, their expansive attack surfaces, and their value as high-profile targets. In India, IT companies were found to be particularly vulnerable to typosquatting domains, compromised credentials, and infected devices. The research further revealed that suppliers of outsourced IT operations and managed services were linked to 62.5% of all documented third-party breaches in the country—the highest proportion the company has ever recorded. 

Given India’s dominant role in the global IT services market, the implications are profound. Multinational corporations across industries rely heavily on Indian IT vendors, making them critical nodes in the international digital economy. “India is a cornerstone of the global digital economy,” said Ryan Sherstobitoff, Field Chief Threat Intelligence Officer at SecurityScorecard. “Our findings highlight both strong performance and areas where resilience must improve. Supply chain security is now an operational requirement.” 

The report also emphasized the risks of “fourth-party” vulnerabilities, where the suppliers of Indian companies themselves create additional points of weakness. A single ransomware attack or disruptive incident against an Indian vendor, the researchers warned, could halt manufacturing, delay service delivery, or disrupt logistics across multiple countries. 

The risks are not limited to India. A separate SecurityScorecard study revealed that 96% of Europe’s largest financial institutions have been affected by a breach at a third-party supplier, while 97% reported breaches stemming from fourth-party partners, a sharp increase from 84% two years earlier. 

As global supply chains become increasingly interconnected, these findings highlight the urgent need for businesses to strengthen third-party risk management and enforce stricter cybersecurity practices across their vendor ecosystems. Without stronger safeguards, both direct and indirect supplier vulnerabilities could leave multinational enterprises exposed to significant financial and operational disruptions.
Read more »
Remote Code Execution
Authentication Bypass CVE CVE exploits CVE vulnerability CVEs Cyber Security cybersecurity vulnerabilities Endpoint patch fixes Remote Code Execution

Trend Micro Patches Critical Remote Code Execution and Authentication Bypass Flaws in Apex Central and PolicyServer

Trend Micro has rolled out essential security updates to address a series of high-impact vulnerabilities discovered in two of its enterprise security solutions: Apex Central and the Endpoint Encryption (TMEE) PolicyServer. These newly disclosed issues, which include critical remote code execution (RCE) and authentication bypass bugs, could allow attackers to compromise systems without needing login credentials. 

Although there have been no confirmed cases of exploitation so far, Trend Micro strongly recommends immediate patching to mitigate any potential threats. The vulnerabilities are especially concerning for organizations operating in sensitive sectors, where data privacy and regulatory compliance are paramount. 

The Endpoint Encryption PolicyServer is a key management solution used to centrally control full disk and media encryption across Windows-based systems. Following the recent update, four critical issues in this product were fixed. Among them is CVE-2025-49212, a remote code execution bug that stems from insecure deserialization within PolicyValue Table Serialization Binder class. This flaw enables threat actors to run code with SYSTEM-level privileges without any authentication. 

Another serious issue, CVE-2025-49213, was found in the PolicyServerWindowsService class, also involving unsafe deserialization. This vulnerability similarly allows arbitrary code execution without requiring user credentials. An additional bug, CVE-2025-49216, enables attackers to bypass authentication entirely due to faulty logic in the DbAppDomain service. Lastly, CVE-2025-49217 presents another RCE risk, though slightly more complex to exploit, allowing code execution via the ValidateToken method. 

While Trend Micro categorized all four as critical, third-party advisory firm ZDI classified CVE-2025-49217 as high-severity. Besides these, the latest PolicyServer release also fixes multiple other high-severity vulnerabilities, such as SQL injection and privilege escalation flaws. The update applies to version 6.0.0.4013 (Patch 1 Update 6), and all earlier versions are affected. Notably, there are no workarounds available, making the patch essential for risk mitigation. 

Trend Micro also addressed separate issues in Apex Central, the company’s centralized console for managing its security tools. Two pre-authentication RCE vulnerabilities—CVE-2025-49219 and CVE-2025-49220—were identified and patched. Both flaws are caused by insecure deserialization and could allow attackers to execute code remotely as NETWORK SERVICE without authentication. 

These Apex Central vulnerabilities were resolved in Patch B7007 for the 2019 on-premise version. Customers using Apex Central as a Service will receive fixes automatically on the backend. 

Given the severity of these cybersecurity vulnerabilities, organizations using these Trend Micro products should prioritize updating their systems to maintain security and operational integrity.
Read more »
Tesla Vulnerabilities and Exploits
authentication bypass flaw cybersecurity vulnerabilities firewall exploits Palo Alto firewalls PAN-OS attacks privilege escalation vulnerability Tesla Vulnerabilities and Exploits

Thousands of Palo Alto Firewalls Hacked Through Recently Patched Vulnerabilities

 

 
Hackers have successfully breached thousands of Palo Alto Networks firewalls by exploiting two critical vulnerabilities recently addressed by the company.

The flaws include an authentication bypass (CVE-2024-0012) in the PAN-OS management web interface, allowing remote attackers to gain admin privileges, and a privilege escalation vulnerability (CVE-2024-9474) enabling execution of commands on firewalls with root access.

CVE-2024-9474 was disclosed earlier this week, while Palo Alto Networks initially alerted users on November 8 about a potential remote code execution flaw, now identified as CVE-2024-0012. The company continues to investigate attacks leveraging these flaws and has confirmed instances of malware deployment and command execution on compromised firewalls.

"This original activity reported on Nov. 18, 2024 primarily originated from IP addresses known to proxy/tunnel traffic for anonymous VPN services," the company stated on Wednesday.

Unit 42, Palo Alto’s threat intelligence team, added, "At this time, Unit 42 assesses with moderate to high confidence that a functional exploit chaining CVE-2024-0012 and CVE-2024-9474 is publicly available, which will enable broader threat activity."

While Palo Alto claims the impact is limited to "a very small number" of PAN-OS devices, the Shadowserver Foundation reported over 2,700 vulnerable systems globally, with approximately 2,000 already compromised.

In response, the Cybersecurity and Infrastructure Security Agency (CISA) added these vulnerabilities to its Known Exploited Vulnerabilities Catalog, requiring federal agencies to patch their systems by December 9.

Additionally, CISA flagged another severe vulnerability (CVE-2024-5910) in the Palo Alto Networks Expedition tool, exploited in November, as well as a previous critical flaw (CVE-2024-3400) impacting over 82,000 devices earlier this year.

Palo Alto Networks has urged customers to secure management interfaces:
"Risk of these issues are greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines," the company advised.
Read more »
Subscribe to: Posts (Atom)