November 15, 2024 at 12:33AM CISA has warned of two actively exploited vulnerabilities in Palo Alto Networks Expedition, added to its KEV catalog. Agencies must update by December 5, 2024. CVE-2024-9463 and CVE-2024-9465 could allow attackers to execute commands and access sensitive data. Palo Alto confirmed limited exploitation of these flaws. ### Meeting Takeaways – … Read more
November 14, 2024 at 05:03PM CISA has identified two critical vulnerabilities in Palo Alto Networks’ Expedition migration tool, now actively exploited: CVE-2024-9463 (unauthenticated command injection) and CVE-2024-9465 (SQL injection). Federal agencies must patch affected systems by December 5. Security updates are available in Expedition 1.2.96 and later, and user credentials should be rotated post-update. **Meeting … Read more
November 9, 2024 at 02:12AM Palo Alto Networks issued an advisory addressing a potential remote code execution vulnerability in the PAN-OS management interface. Users are urged to secure access and follow best practices to mitigate risks. Additionally, a critical flaw (CVE-2024-5910) in the Expedition tool has been added to CISA’s KEV catalog, with active exploits … Read more
November 8, 2024 at 12:46PM Palo Alto Networks warned customers about a potential remote code execution vulnerability in the PAN-OS management interface. While no active exploitation has been detected, the company advises restricting access and following best practices. Additionally, CISA highlighted ongoing attacks exploiting another critical vulnerability, urging federal agencies to secure their systems promptly. … Read more
November 8, 2024 at 05:49AM CISA has included a newly identified flaw in Palo Alto Networks Expedition, labeled CVE-2024-5910, in its Known Exploited Vulnerabilities Catalog, indicating its exploitation in ongoing attacks. This alert emphasizes the need for awareness and prompt action regarding this security vulnerability. **Meeting Takeaways:** 1. **Vulnerability Noted**: CISA has included a new … Read more
November 8, 2024 at 12:51AM The U.S. CISA added a critical vulnerability in Palo Alto Networks Expedition (CVE-2024-5910) to its KEV catalog, allowing admin account takeovers. Affected versions are before 1.2.92. Two other flaws were noted, including a severe one in CyberPanel linked to PSAUX ransomware, urging federal agencies to remediate by November 28, 2024. … Read more
November 7, 2024 at 02:05PM CISA has alerted that attackers are exploiting a critical authentication vulnerability in Palo Alto Networks Expedition, a tool used to migrate firewall configurations from various vendors to PAN-OS. **Meeting Takeaways:** 1. **CISA Warning:** The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a critical vulnerability. 2. **Affected … Read more
October 22, 2024 at 05:30AM Palo Alto Networks has enhanced its OT Security solution by incorporating new capabilities for remote access, virtual patching, and firewall functionality. **Meeting Takeaways:** 1. **New Capabilities Added**: Palo Alto Networks has enhanced its OT Security solution. 2. **Specific Enhancements**: – New remote access features – Virtual patching capabilities – Improved … Read more
October 10, 2024 at 02:06AM CISA has added a critical vulnerability (CVE-2024-23113) impacting Fortinet products to its KEV catalog, requiring federal agencies to apply mitigations by October 30, 2024. Meanwhile, Palo Alto Networks disclosed multiple high-risk flaws in Expedition and Cisco patched a critical command execution vulnerability in Nexus Dashboard Fabric Controller. ### Meeting Takeaways … Read more
October 9, 2024 at 03:03PM Palo Alto Networks urged customers to patch critical vulnerabilities in its Expedition solution, which could allow attackers to hijack PAN-OS firewalls and access sensitive data. The flaws involve command injection, XSS, and SQL injection, with proof-of-concept exploits available. Users should upgrade to Expedition 1.2.96 and rotate credentials. ### Meeting Takeaways … Read more