April 26, 2024 at 07:00AM Palo Alto Networks has issued guidance for mitigating a critical security flaw in PAN-OS, identified as CVE-2024-3400, which allows unauthenticated remote command execution. The flaw has been actively exploited as a zero-day by a potentially state-backed hacking group. Remediation advice varies depending on the level of compromise, including updating to … Read more
April 13, 2024 at 05:27AM Threat actors have been actively exploiting a critical zero-day flaw (CVE-2024-3400) in Palo Alto Networks PAN-OS software, allowing unauthorized code execution. Dubbed Operation MidnightEclipse, the attack involves creating cron jobs to run commands from an external server, triggering a Python-based backdoor. The actor UTA0218 displays advanced capabilities and likely state-backing. … Read more
April 12, 2024 at 04:48PM A zero-day vulnerability (CVE-2024-3400) in Palo Alto Networks firewalls has been exploited by threat actor ‘UTA0218’ for over two weeks. The issue permits unauthorized execution of code with root privileges. Palo Alto is expected to release patches by April 14. Organizations are urged to take immediate mitigation steps and be … Read more