Tony H.的动态

Hackers got into the firewall changing configurations to modify the output setting from 'standard' to 'more.' This is a way for hackers to poke around before deciding to do more sinister things. Often hackers are in your systems months before you even notice. The fix: "To mitigate such risks, it's essential that organizations do not expose their firewall management interfaces to the internet and limit the access to trusted users."

Palo Alto Networks firewall zero-day exploited since March to install backdoor ? A zero-day vulnerability (CVE-2024-3400) in Palo Alto Networks PAN-OS firewall software is being actively exploited in attacks since March 26. ? The attackers installed a custom backdoor called 'Upstyle' to execute commands on compromised devices and steal data. ? The threat actors are likely state-sponsored and have been targeting specific organizations. ? Palo Alto Networks released patches on April 14 and recommends generating a Tech Support File to detect compromise. ? This is the latest in a series of zero-day vulnerabilities affecting network devices, highlighting the need for strong security measures. https://lnkd.in/gWpb66_a

Palo Alto Networks Warns Of PAN-OS Firewall Zero-Day Used In Attacks Palo Alto Networks warns that an unpatched critical command injection vulnerability in its PAN-OS firewall is being actively exploited in attacks, tracked as CVE-2024-3400 with maximum severity score of 10.0. The vendor clarified that the issue affects specific versions of PAN-OS software when both the GlobalProtect gateway and device telemetry features are enabled. The vulnerable versions are PAN-OS 10.2, 11.0, and 11.1, and fixes for these versions are expected by April 14, 2024. The vendor will implement hotfixes by Sunday with the release of the following versions: PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3 The advisory proposes implementing the following measures for mitigation: - Users with an active 'Threat Prevention' subscription can block attacks by activating 'Threat ID 95187' in their system. - Ensure that vulnerability protection is configured on 'GlobalProtect Interfaces' to prevent exploitation. More info on that is available here. - Disable device telemetry until fixing patches are applied. Instructions on how to do that can be found on this webpage. #Cybersecurity #Vulnerability https://lnkd.in/g56Mqfw8

Many organizations are like gumballs, hard on the outside and soft in the middle. i.e. they'll put up a firewall but won't put much security on the inside. So once you're inside you have the run of the place. I've seen many companies expose their Firewall management portal. I guess the thinking is "It's a firewall.. you can't break into a firewall". This vulnerability is quite serious but if your portal is not exposed to the world or has other protections like maybe MFA, then your risk is low. There's also the thinking "We have a firewall so we're good". A firewall isn't doing it's job unless it's setup properly. https://lnkd.in/gDkcyNdt

A maximum-severity flaw in the PAN-OS software that runs on Palo Alto's GlobalProtect firewall products was disclosed late last week.? Tracked as CVE-2024-3400, the flaw is a command injection vulnerability that would allow an unauthenticated attacker to execute arbitrary code with root privileges.? Patches have been released for multiple versions of the operating system. According to Palo Alto Networks, the vulnerability is currently being exploited in the wild and the number of attacks is increasing.? Additionally, a proof-of-concept for the vulnerability is publically available.? This incident is the latest in a string of highly-publicized actively-exploited vulnerabilities targeting enterprise security devices that sit on the edge of corporate networks. https://lnkd.in/ewGUjw9V

?? UPDATE: Fortinet Confirms Critical Zero-Day ?? CVE-2024-55591 in FortiOS & FortiProxy (CVSS 9.6) allows attackers to gain super-admin access & hijack firewalls. Affected versions: FortiOS 7.0.0-7.0.16 & FortiProxy 7.0.0-7.2.12. Upgrade now to 7.0.17+ or 7.0.20+ to mitigate risk. https://lnkd.in/ecJ4k4ph

?? UPDATE: Fortinet Confirms Critical Zero-Day ?? CVE-2024-55591 in FortiOS & FortiProxy (CVSS 9.6) allows attackers to gain super-admin access & hijack firewalls. Affected versions: FortiOS 7.0.0-7.0.16 & FortiProxy 7.0.0-7.2.12. Upgrade now to 7.0.17+ or 7.0.20+ to mitigate risk. https://lnkd.in/guDT-iVB

2,000 Palo Alto firewalls...compromised, according to Shadowserver. CVE-2024-0012 allows an attacker to access the firewall's management interface and gain admin privileges. “Upon successful exploitation, we have observed threat actors attempting to transfer tools into the environment and exfiltrate config files from the compromised devices,” according to Shadowserver. There are tons of threat actors using millions of known bad IPs to attack everything, everywhere, all at once. With threatER, none of those known bad IPs can even talk to your firewall. So even when it's compromised, you've still got protection. It’s like having a safety net—why wouldn’t you want one? https://lnkd.in/eia8y8Yn

2,000 Palo Alto Networks devices compromised in latest attacks: Attackers have compromised around 2,000 Palo Alto Networks firewalls by leveraging the two recently patched zero-days (CVE-2024-0012 and CVE-2024-9474), Shadowserver Foundation’s internet-wide scanning has revealed. Compromised devices are predominantly located in the US and India, the nonprofit says. Manual and automated scanning activity has been spotted Approximately two weeks ago, Palo Alto Networks warned that attackers have been spotted leveraging a zero-day flaw to achieve remote code execution on vulnerable devices, and advised admins to … More → The post 2,000 Palo Alto Networks devices compromised in latest attacks appeared first on Help Net Security.

Palo Alto Networks Confirms New Firewall Zero-Day Exploitation: Palo Alto Networks has confirmed that a zero-day is being exploited in attacks after investigating claims of a firewall remote code execution flaw. The post Palo Alto Networks Confirms New Firewall Zero-Day Exploitation appeared first on SecurityWeek.