Palo Alto Networks Releases Fixes for Firewall Zero-Day as First Attribution Attempts Emerge

April 15, 2024 at 06:54AM Palo Alto Networks has released hotfixes for a zero-day vulnerability (CVE-2024-3400) targeted by state-sponsored actors. Vulnerable firewalls allow remote attackers to execute code with root privileges. Initial mitigations were issued, and more hotfixes are expected. Exploited devices facilitated data exfiltration and deployment of a new Python backdoor. Links to BianLian/Lazarus … Read more

Palo Alto Networks Releases Urgent Fixes for Exploited PAN-OS Vulnerability

April 15, 2024 at 04:21AM Palo Alto Networks has released hotfixes to address a critical security flaw (CVE-2024-3400) in PAN-OS software that is actively exploited. The flaw allows unauthenticated attackers to execute arbitrary code with root privileges on firewalls. This impacts specific PAN-OS versions and cloud-deployed firewall VMs. Threat actors have been leveraging the flaw, … Read more

Palo Alto Networks zero-day exploited since March to backdoor firewalls

April 13, 2024 at 09:01AM Suspected state-sponsored hackers have exploited an unpatched zero-day in Palo Alto Networks firewalls (CVE-2024-3400) since March 26, breaching internal networks to steal data and credentials. Palo Alto Networks released mitigations until the patches were complete. Volexity tracked the malicious activity (UTA0218) and detected the backdoor ‘Upstyle,’ with detailed exploitation methods … Read more

Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack

April 13, 2024 at 05:27AM Threat actors have been actively exploiting a critical zero-day flaw (CVE-2024-3400) in Palo Alto Networks PAN-OS software, allowing unauthorized code execution. Dubbed Operation MidnightEclipse, the attack involves creating cron jobs to run commands from an external server, triggering a Python-based backdoor. The actor UTA0218 displays advanced capabilities and likely state-backing. … Read more

Zero-day exploited right now in Palo Alto Networks’ GlobalProtect gateways

April 12, 2024 at 06:52PM Palo Alto Networks has issued a critical alert for a command-injection flaw in PAN-OS software, affecting firewall and VPN products. The flaw, with a top CVSS severity score, may allow unauthorized code execution. Updates to fix the vulnerability will arrive by April 14. Exploitation by threat actors has been observed, … Read more

State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls

April 12, 2024 at 04:48PM A zero-day vulnerability (CVE-2024-3400) in Palo Alto Networks firewalls has been exploited by threat actor ‘UTA0218’ for over two weeks. The issue permits unauthorized execution of code with root privileges. Palo Alto is expected to release patches by April 14. Organizations are urged to take immediate mitigation steps and be … Read more

Palo Alto Networks Warns of Exploited Firewall Vulnerability

April 12, 2024 at 07:36AM Palo Alto Networks warns of a severe OS command injection vulnerability (CVE-2024-3400) in PAN-OS GlobalProtect, allowing arbitrary code execution with root privileges on affected firewalls. Remediation patches are expected by the end of the week. Customers are advised to check and apply mitigations to prevent exploitation. Volexity is credited for … Read more

Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack

April 12, 2024 at 06:15AM Palo Alto Networks warns of critical flaw (CVE-2024-3400) in GlobalProtect gateways, allowing unauthenticated attackers to execute code with root privileges. Affected PAN-OS versions are < 11.1.2-h3, < 11.0.4-h1, < 10.2.9-h1. Fixes expected on April 14, 2024. Customers advised to enable Threat ID 95187 for protection. Volexity credited with discovery. Chinese ... Read more