Lots happening in the infosec world this week!

Lots happening in the infosec world this week (and its not even friday yet!) in case you missed it..

Microsoft have started the new 'Zero Day Quest' bug bounty program, details can be found here:

https://www.microsoft.com/en-us/msrc/microsoft-zero-day-quest

The ACSC/ASD have released their Annual Cyber Threat Report which is an interesting read:

https://www.linkedin.com/posts/australian-signals-directorate_annualcyberthreatreport-cybersecurity-activity-7264746977068818432-unzK

Lots of vulnerabilities in network devices at the moment. Fortinet have just released patches to address the 2 CVE's being actively exploited in the wild, more info can be found here:

https://pentera.io/resources/research/two-zero-days-forticlient-vpn-2024/

Palo Alto have released guidance for the super critical 'hack-my-firewall' authentication bypass zero day that is being actively exploited in the wild, this one should be addressed asap folks! As a basic and best practice remediation, none of your palo alto web interfaces should be exposed to the internet. More details can be found here:

https://security.paloaltonetworks.com/CVE-2024-0012

https://www.theregister.com/2024/11/15/palo_alto_networks_firewall_zeroday/

Apple have also released their fixes to patch the latest zero-day being exploited in the wild:

https://thehackernews.com/2024/11/apple-releases-urgent-updates-to-patch.html

Lastly, Wired have an interesting post about national security risks stemming from companies legally collecting digital advertising data:

https://www.wired.com/story/phone-data-us-soldiers-spies-nuclear-germany/

#danweis #patchmanagement #zeroday #microsoft #apple #paloalto #fortinet #wired #acsc #asd #zerodayquest #vulnerabilitymanagement #infosec #cybersecurity #boardoomcyber