December 3, 2024 at 06:03AM Cybersecurity researchers identified vulnerabilities in Palo Alto Networks and SonicWall VPN clients, allowing potential remote code execution on Windows and macOS systems. Exploiting these flaws via a rogue VPN server could lead to malicious software installation. Users are urged to apply patches to mitigate risks. No active exploitation reported yet. … Read more
November 27, 2024 at 04:59AM Researchers from AmberWolf revealed a new attack method targeting corporate VPN clients, exposing vulnerabilities in widely used software like Palo Alto Networks and SonicWall. They published NachoVPN, an open-source tool to demonstrate these exploits. While patches exist, exploitation requires users to connect to rogue servers, often via social engineering. ### … Read more
November 22, 2024 at 04:31PM Attackers exploited two recently patched vulnerabilities in Palo Alto Networks firewalls, compromising around 2,000 devices initially but down to 800 later. They deployed backdoors, malware, and cryptocurrency miners. The vulnerabilities enabled remote code execution, and the vendor continues to reference only a “limited number” of affected systems. ### Meeting Takeaways: … Read more
November 21, 2024 at 02:47PM Hackers have compromised thousands of Palo Alto Networks firewalls by exploiting two recently patched zero-day vulnerabilities. **Meeting Takeaways:** 1. **Security Breach**: A significant number of Palo Alto Networks firewalls have been compromised by hackers. 2. **Exploited Vulnerabilities**: The attacks are utilizing two recently patched zero-day vulnerabilities. 3. **Urgency for Action**: … Read more
November 21, 2024 at 11:57AM Approximately 2,000 Palo Alto Networks devices have reportedly been compromised due to recently disclosed security vulnerabilities. The flaws, CVE-2024-0012 and CVE-2024-9474, could enable malicious actions. Palo Alto warns that cyber attacks exploiting these weaknesses may rise and urges users to implement security measures and apply updates promptly. ### Meeting Takeaways … Read more
November 21, 2024 at 11:20AM Palo Alto Networks reported a drop in internet-exposed firewalls, yet around 2,000 devices remain compromised due to critical vulnerabilities CVE-2024-0012 and CVE-2024-9474. Patches were released in mid-November following confirmed exploitation, with attacks primarily affecting devices in the U.S. and India. Key security recommendations include limiting access to trusted IPs. **Meeting … Read more
November 19, 2024 at 10:35AM Palo Alto Networks has issued patches for two zero-day vulnerabilities: CVE-2024-0012, a critical authentication bypass, and CVE-2024-9474, a medium-severity privilege escalation. Users are urged to update urgently. The company warns of ongoing exploitation, particularly from VPN services, and advises restricting access to management interfaces. ### Meeting Takeaways: 1. **New Vulnerabilities … Read more
November 18, 2024 at 03:57PM Palo Alto Networks has released security updates for two zero-day vulnerabilities in its Next-Generation Firewalls (CVE-2024-0012 and CVE-2024-9474). These flaws allow unauthorized access and privilege escalation, affecting a small number of devices. The U.S. cybersecurity agency has urged federal agencies to patch systems by December 9. ### Meeting Notes Takeaways: … Read more
November 18, 2024 at 12:24PM Palo Alto Networks (PAN) issued a warning about a critical remote code execution vulnerability (CVE-2024-0012) in its Expedition firewall, marking the fourth exploit in a week. The company recommends patching systems and limiting management interface access. Over 8,700 vulnerable instances were reported. Expedition will be unsupported after January 2025. ### … Read more
November 16, 2024 at 03:48AM Palo Alto Networks has identified a critical zero-day vulnerability in its PAN-OS firewall, allowing unauthenticated remote command execution. Exploited in the wild, this flaw has a CVSS score of 9.3 and could enable persistent access via a web shell. Immediate action is advised until patches are available. ### Meeting Takeaways … Read more