Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack

September 4, 2024 at 01:42AM A new malware campaign is using a spoofed version of Palo Alto Networks’ GlobalProtect VPN software to distribute the WikiLoader malware through an SEO campaign. The malware campaign is a shift from previous tactics and involves malicious activities such as delivering malware via fake GlobalProtect download pages and anti-analysis checks … Read more

Cyberattackers Spoof Palo Alto VPNs to Spread WikiLoader Variant

September 3, 2024 at 02:43PM Cybercriminals are posing as sellers of GlobalProtect VPN software from Palo Alto Networks and spreading a new variant of WikiLoader malware through SEO poisoning. The malware, known as WailingCrab, is traditionally spread through phishing and compromised websites. This campaign, discovered by Palo Alto’s Unit 42 team, has targeted US higher … Read more

New Malware Masquerades as Palo Alto VPN Targeting Middle East Users

August 30, 2024 at 06:48AM Cybersecurity researchers have uncovered a new malware campaign targeting users in the Middle East by posing as Palo Alto Networks GlobalProtect VPN tool. The malware can execute remote PowerShell commands, exfiltrate files, and bypass sandbox solutions, representing a significant threat. It employs evasion techniques and sets up connections to a … Read more

Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR

August 15, 2024 at 07:51AM Palo Alto Networks has released patches for high-severity vulnerabilities in its products, including a command injection issue in Cortex XSOAR, impacting the CommonScripts Pack. The Prisma Access Browser and two medium-severity issues have also been addressed. The company is not aware of any exploited vulnerabilities but has experienced targeted attacks … Read more

Thousands of Palo Alto Firewalls Potentially Impacted by Exploited Vulnerability 

April 22, 2024 at 08:03AM Palo Alto Networks disclosed a critical vulnerability (CVE-2024-3400) affecting 6,000 internet-accessible firewalls, allowing unauthenticated remote code execution. Exploited by threat actors, the flaw affected GlobalProtect in PAN-OS devices, leading to sensitive data theft and malware deployment. Mitigations initially included disabling device telemetry, but the vendor later released patches effectively eliminating … Read more

22,500 Palo Alto firewalls “possibly vulnerable” to ongoing attacks

April 19, 2024 at 11:30AM Around 22,500 Palo Alto GlobalProtect firewall devices are likely vulnerable to the critical CVE-2024-3400 flaw, which allows unauthenticated attackers to execute commands with root privileges. Palo Alto Networks released patches between April 14-18, 2024, addressing the vulnerability. Threat actors have actively exploited the flaw, with many unpatched systems remaining possibly … Read more

Exploit code for Palo Alto Networks zero-day now public

April 17, 2024 at 09:40AM Researchers have released proof-of-concept (PoC) exploits for a critical vulnerability in Palo Alto Networks’ PAN-OS used in GlobalProtect gateways. The PoCs were issued shortly after the vendor began releasing hotfixes. Exploits can lead to remote code execution and may affect a large number of organizations. Patching is strongly recommended. Key … Read more

Exploitation of Palo Alto Firewall Vulnerability Picking Up After PoC Release

April 17, 2024 at 07:19AM A recently disclosed vulnerability in Palo Alto Networks firewall, tracked as CVE-2024-3400, is under increasing exploitation after proof-of-concept code was made available. The flaw enables attackers to execute arbitrary code with root privileges on affected firewalls. Various threat intelligence companies have been tracking the attacks, with patches and mitigations being … Read more

Exploit released for Palo Alto PAN-OS bug used in attacks, patch now

April 16, 2024 at 02:38PM A critical vulnerability, tracked as CVE-2024-3400, has been actively exploited in Palo Alto Networks’ PAN-OS firewall software. Threat actors can execute arbitrary code as root via command injection, impacting PAN-OS 10.2, 11.0, and 11.1. Palo Alto Networks is releasing hotfixes, urging users to disable certain features and providing threat prevention … Read more

Palo Alto Network Issues Hotfixes for Zero-Day Bug in Its Firewall OS

April 15, 2024 at 03:50PM Palo Alto Networks released hotfixes to address a zero-day bug (CVE-2024-3400) in PAN-OS software, allowing threat actors to deploy a Python backdoor on affected firewalls. The attacks were limited, but the potential for further exploitation exists. The US CISA has prioritized addressing the flaw, and security experts warn of the … Read more