November 15, 2024 at 04:19PM Palo Alto Networks’ firewall management interface has a critical zero-day vulnerability, allowing remote code execution by unauthenticated attackers. With a CVSS rating of 9.3, it currently lacks a patch. Users are advised to restrict access to the interface. Other vulnerabilities have been identified, with fixes available. ### Meeting Takeaways 1. … Read more
November 15, 2024 at 09:45AM Palo Alto Networks has identified a critical zero-day vulnerability, tracked as ‘PAN-SA-2024-0015,’ in Next-Generation Firewalls’ management interfaces. This vulnerability is actively being exploited in attacks, prompting urgent attention and action from affected users to mitigate potential risks. **Meeting Notes Takeaways:** 1. **Vulnerability Warning**: Palo Alto Networks has issued a warning … Read more
November 15, 2024 at 06:05AM CISA has included two additional vulnerabilities, CVE-2024-9463 and CVE-2024-9465, related to Palo Alto Networks Expedition, in its KEV catalog due to their exploitation in attacks. **Meeting Takeaways:** 1. **New Vulnerabilities Added**: CISA has added two vulnerabilities related to Palo Alto Networks Expedition to its KEV catalog. – CVE-2024-9463 – CVE-2024-9465 … Read more
November 15, 2024 at 05:05AM Palo Alto Networks has confirmed the exploitation of a zero-day vulnerability in its firewall, following investigations into claims of a remote code execution flaw. The announcement highlights ongoing security concerns related to the vulnerability. **Meeting Takeaways:** 1. **Zero-Day Confirmation**: Palo Alto Networks has confirmed that a zero-day vulnerability is being … Read more
November 15, 2024 at 12:33AM CISA has warned of two actively exploited vulnerabilities in Palo Alto Networks Expedition, added to its KEV catalog. Agencies must update by December 5, 2024. CVE-2024-9463 and CVE-2024-9465 could allow attackers to execute commands and access sensitive data. Palo Alto confirmed limited exploitation of these flaws. ### Meeting Takeaways – … Read more
November 14, 2024 at 05:03PM CISA has identified two critical vulnerabilities in Palo Alto Networks’ Expedition migration tool, now actively exploited: CVE-2024-9463 (unauthenticated command injection) and CVE-2024-9465 (SQL injection). Federal agencies must patch affected systems by December 5. Security updates are available in Expedition 1.2.96 and later, and user credentials should be rotated post-update. **Meeting … Read more
November 9, 2024 at 02:12AM Palo Alto Networks issued an advisory addressing a potential remote code execution vulnerability in the PAN-OS management interface. Users are urged to secure access and follow best practices to mitigate risks. Additionally, a critical flaw (CVE-2024-5910) in the Expedition tool has been added to CISA’s KEV catalog, with active exploits … Read more
November 8, 2024 at 12:46PM Palo Alto Networks warned customers about a potential remote code execution vulnerability in the PAN-OS management interface. While no active exploitation has been detected, the company advises restricting access and following best practices. Additionally, CISA highlighted ongoing attacks exploiting another critical vulnerability, urging federal agencies to secure their systems promptly. … Read more
November 8, 2024 at 05:49AM CISA has included a newly identified flaw in Palo Alto Networks Expedition, labeled CVE-2024-5910, in its Known Exploited Vulnerabilities Catalog, indicating its exploitation in ongoing attacks. This alert emphasizes the need for awareness and prompt action regarding this security vulnerability. **Meeting Takeaways:** 1. **Vulnerability Noted**: CISA has included a new … Read more
November 8, 2024 at 12:51AM The U.S. CISA added a critical vulnerability in Palo Alto Networks Expedition (CVE-2024-5910) to its KEV catalog, allowing admin account takeovers. Affected versions are before 1.2.92. Two other flaws were noted, including a severe one in CyberPanel linked to PSAUX ransomware, urging federal agencies to remediate by November 28, 2024. … Read more