PAN-OS | Breaking Cybersecurity News | The Hacker News

Palo Alto Networks has  shared  remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation. The vulnerability, tracked as  CVE-2024-3400  (CVSS score: 10.0), could be weaponized to obtain unauthenticated remote shell command execution on susceptible devices. It has been addressed in multiple versions of PAN-OS 10.2.x, 11.0.x, and 11.1.x. There is evidence to suggest that the issue has been exploited as a zero-day since at least March 26, 2024, by a threat cluster tracked as UTA0218. The activity, codenamed  Operation MidnightEclipse , entails the use of the flaw to drop a Python-based backdoor called UPSTYLE that's capable of executing commands transmitted via specially crafted requests. The intrusions have not been linked to a known threat actor or group, but it's suspected to be a state-backed hacking crew given the tradecraft and the victimology observed. The  latest remediation advice  offered by Palo

Palo Alto Networks has released hotfixes to address a maximum-severity security flaw impacting PAN-OS software that has come under active exploitation in the wild. Tracked as  CVE-2024-3400  (CVSS score: 10.0), the critical vulnerability is a case of command injection in the GlobalProtect feature that an unauthenticated attacker could weaponize to execute arbitrary code with root privileges on the firewall. Fixes for the shortcoming are available in the following versions - PAN-OS 10.2.9-h1 PAN-OS 11.0.4-h1, and PAN-OS 11.1.2-h3 Patches for other commonly deployed maintenance releases are expected to be released over the next few days. "This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls configured with GlobalProtect gateway or GlobalProtect portal (or both) and device telemetry enabled," the company  clarified  in its updated advisory. It also said that while Cloud NGFW firewalls are not impacted by CVE-2024-3400, specific PAN-OS

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

Palo Alto Networks is warning that a critical flaw impacting PAN-OS software used in its GlobalProtect gateways is being actively exploited in the wild. Tracked as  CVE-2024-3400 , the issue has a CVSS score of 10.0, indicating maximum severity. "A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall," the company  said  in an advisory published today. The flaw impacts the following versions of PAN-OS, with fixes expected to be released on April 14, 2024 - PAN-OS < 11.1.2-h3 PAN-OS < 11.0.4-h1 PAN-OS < 10.2.9-h1 The company also said that the issue is applicable only to firewalls that have the configurations for both  GlobalProtect gateway  (Network > GlobalProtect > Gateways) and  device telemetry  (Device > Setup > Telemetry) enabled.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday  added  a security flaw impacting Palo Alto Networks PAN-OS to its  Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. The high-severity vulnerability, tracked as  CVE-2022-0028  (CVSS score: 8.6), is a URL filtering policy misconfiguration that could allow an unauthenticated, remote attacker to carry out reflected and amplified TCP denial-of-service (DoS) attacks. "If exploited, this issue would not impact the confidentiality, integrity, or availability of our products," Palo Alto Networks said in an alert. "However, the resulting denial-of-service (DoS) attack may help obfuscate the identity of the attacker and implicate the firewall as the source of the attack. The weakness impacts the following product versions and has been addressed as part of updates released this month - PAN-OS 10.2 (version < 10.2.2-h2) PAN-OS 10.1 (version < 10.1.6-h6) PAN-O