November 16, 2024 at 03:48AM Palo Alto Networks has identified a critical zero-day vulnerability in its PAN-OS firewall, allowing unauthenticated remote command execution. Exploited in the wild, this flaw has a CVSS score of 9.3 and could enable persistent access via a web shell. Immediate action is advised until patches are available. ### Meeting Takeaways … Read more
November 15, 2024 at 05:05AM Palo Alto Networks has confirmed the exploitation of a zero-day vulnerability in its firewall, following investigations into claims of a remote code execution flaw. The announcement highlights ongoing security concerns related to the vulnerability. **Meeting Takeaways:** 1. **Zero-Day Confirmation**: Palo Alto Networks has confirmed that a zero-day vulnerability is being … Read more
November 8, 2024 at 12:46PM Palo Alto Networks warned customers about a potential remote code execution vulnerability in the PAN-OS management interface. While no active exploitation has been detected, the company advises restricting access and following best practices. Additionally, CISA highlighted ongoing attacks exploiting another critical vulnerability, urging federal agencies to secure their systems promptly. … Read more
November 7, 2024 at 02:05PM CISA has alerted that attackers are exploiting a critical authentication vulnerability in Palo Alto Networks Expedition, a tool used to migrate firewall configurations from various vendors to PAN-OS. **Meeting Takeaways:** 1. **CISA Warning:** The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a critical vulnerability. 2. **Affected … Read more
October 9, 2024 at 03:03PM Palo Alto Networks urged customers to patch critical vulnerabilities in its Expedition solution, which could allow attackers to hijack PAN-OS firewalls and access sensitive data. The flaws involve command injection, XSS, and SQL injection, with proof-of-concept exploits available. Users should upgrade to Expedition 1.2.96 and rotate credentials. ### Meeting Takeaways … Read more
October 9, 2024 at 08:12AM The Consumer Cyber Readiness Report reveals that while consumers acknowledge cyber threats, their adoption of security measures is low. Only 28% have identity theft protection, 54% use malware protection, and just 10% utilize encryption. There’s slight progress in software updates, but many remain uncertain about their security tools. ### Meeting … Read more
September 4, 2024 at 08:36AM Zyxel has released patches addressing critical vulnerabilities in their networking devices. The patches cover multiple access point and security router models, as well as firewall series devices. The vulnerabilities could allow remote attackers to execute arbitrary commands or cause a denial-of-service condition. Zyxel advises affected product owners to obtain the … Read more
April 25, 2024 at 10:15AM Palo Alto Networks shared remediation instructions for organizations affected by the CVE-2024-3400 firewall vulnerability. They advise updating to the latest PAN-OS hotfix for unsuccessful exploitation attempts. Companies detecting potential exfiltration or interactive command execution should perform private data resets and factory resets, respectively. The zero-day exploit has seen increasing exploitation … Read more
April 24, 2024 at 01:10PM Cisco warns of state-backed hacking involving zero-day vulnerabilities in ASA and FTD firewalls used to infiltrate government networks globally. The cyber-espionage campaign, known as ArcaneDoor, targeted vulnerable edge devices since November 2023. Cisco discovered and fixed two zero-days – CVE-2024-20353 and CVE-2024-20359 – and urges customers to upgrade their devices … Read more
April 15, 2024 at 04:21AM Palo Alto Networks has released hotfixes to address a critical security flaw (CVE-2024-3400) in PAN-OS software that is actively exploited. The flaw allows unauthenticated attackers to execute arbitrary code with root privileges on firewalls. This impacts specific PAN-OS versions and cloud-deployed firewall VMs. Threat actors have been leveraging the flaw, … Read more