#BSI WID-SEC-2025-1063: [NEU] [mittel] #PaloAlto #Networks #GlobalProtect: Mehrere Schwachstellen
Ein lokaler Angreifer kann mehrere Schwachstellen in PaloAlto Networks GlobalProtect ausnutzen, um seine Privilegien zu erhöhen, und um einen Denial of Service Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1063
#PaloAltoNetworks advierte de intentos de acceso por fuerza bruta dirigidos a las puertas de enlace #PANOS #GlobalProtect
https://blogs.masterhacks.net/noticias/hacking-y-ciberdelitos/palo-alto-networks-advierte-sobre-intentos-de-fuerza-bruta-dirigidos-a-las-puertas-de-enlace-pan-os-globalprotect/
Palo Alto Networks reports increased brute-force attacks targeting GlobalProtect gateways; no known vulnerabilities exploited. #Cybersecurity #GlobalProtect #BruteForce
More details: https://securityaffairs.com/176446/hacking/brute-force-login-attempts-on-pan-os-globalprotect.html - https://www.flagthis.com/news/13053
Palo Alto warns of brute-force login attempts on PAN-OS #GlobalProtect gateways indicating possible upcoming Attacks
https://securityaffairs.com/176446/hacking/brute-force-login-attempts-on-pan-os-globalprotect.html
#securityaffairs #hacking
Nearly 24,000 IPs behind wave of #PaloAlto #GlobalProtect scans
Any of your employers use #GlobalProtect? Are you also getting this popup multiple times a day?
Gold standard for bad #UIUX choices there.
Firstly, what's the value in knowing this? There's no action to take. Or, rather, SHOULD be no action to take (we have to dismiss the popup).
Secondly, it's conditioning us to ignore notifications from the tool. If there ever IS a problem everyone is going to ignore the warning.
![A popup notification from GlobalProtect saying "Host checks are completed, and your computer is in compliance with [company] standards." Interactable parts of the popup include a "More Notifications" link, an "OK" button, and a "X" to close.](https://files.mastodon.social/media_attachments/files/114/189/839/791/988/744/original/3bdd49aa0562511c.png)
At least the latest Windows patch only made 0.1% of our company computers completely lose all network connections.
Of course all those users called at once.
Here's how to fix a certificate chain on a Palo Alto firewall
https://thedxt.ca/2024/12/palo-alto-certificate-chain-fix/
#PaloAlto #PaloAltoNetworks #Firewall #Certificates #GlobalProtect #PANOS
#BSI WID-SEC-2024-3546: [NEU] [mittel] #PaloAlto #Networks #GlobalProtect: Schwachstelle ermöglicht Privilegieneskalation
Ein lokaler Angreifer kann eine Schwachstelle in PaloAlto Networks GlobalProtect ausnutzen, um seine Privilegien zu erhöhen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3546
Palo Alto Networks #GlobalProtect has finally added support for #macOS #Sequoia in version 6.2.6.
#BSI WID-SEC-2024-3118: [NEU] [hoch] #PaloAlto #Networks #GlobalProtect: Schwachstelle ermöglicht Privilegieneskalation
Ein lokaler Angreifer kann eine Schwachstelle in PaloAlto Networks GlobalProtect ausnutzen, um seine Privilegien zu erhöhen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3118
We monitor various ongoing exploitation activities and for instance we're looking at CVE-2024-3400 affecting Palo Alto #globalprotect
#BSI WID-SEC-2024-1854: [NEU] [mittel] #PaloAlto #Networks #GlobalProtect: Schwachstelle ermöglicht Privilegieneskalation
Ein lokaler Angreifer kann eine Schwachstelle in PaloAlto Networks GlobalProtect ausnutzen, um seine Privilegien zu erhöhen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1854
We are getting more reports of exploit attempts for the PAN GlobalProtect vulnerability (CVE-2024-3400). #paloaltonetworks #pan #globalprotect
Here's a method to help secure GlobalProtect. This can help against CVE-2024-3400
#PaloAlto #vulnerability #GlobalProtect #OperationMidnightEclipse
#PaloAlto releases patches for CVE-2024-3400 Critical Command Injection #vulnerability in #GlobalProtect VPN:
Palo Alto Networks #GlobalProtect 0day exploited since at least March 26 - https://www.bleepingcomputer.com/news/security/palo-alto-networks-zero-day-exploited-since-march-to-backdoor-firewalls/ #paloaltonetworks #commandinjection #vulnerability #infosec #cybersecurity #cve20243400
Volexity discovered a zero-day exploitation of a vulnerability in Palo Alto Networks' GlobalProtect firewall devices, identified as CVE-2024-3400. This vulnerability allowed unauthenticated remote code execution, enabling attackers to execute commands on the device via specially crafted network requests. The attacker, known as UTA0218, attempted to install a custom Python backdoor named UPSTYLE on the firewall. This backdoor was used to execute additional commands on the device. The exploitation was observed to have started on March 26, 2024, with the attacker testing the vulnerability by placing zero-byte files on firewall devices. By April 10, 2024, UTA0218 successfully deployed malicious payloads on multiple devices. After exploiting the devices, the attacker downloaded additional tools to facilitate access to victims' internal networks, extracting sensitive credentials and other files. The exploitation was limited and targeted, but there were signs of potential reconnaissance activity aimed at identifying more vulnerable systems. Palo Alto Networks confirmed the vulnerability and issued an advisory, including a threat protection signature and a timeline for a fix expected by April 14, 2024. Volexity recommends organizations using GlobalProtect firewall devices to read the advisory and take necessary mitigation actions to protect against further exploitation.
#cybersecurity #paloaltonetworks #unit42 #panos #vulnerability #firewall #globalprotect #UTA0218 #volexity
Palo Alto Networks and Unit 42 are actively tracking and sharing information about a critical vulnerability, CVE-2024-3400, which affects their PAN-OS software. This vulnerability allows an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. It has a CVSS score of 10.0, indicating a high severity. The vulnerability is specific to PAN-OS 10.2, 11.0, and 11.1 versions when a GlobalProtect gateway and device telemetry are enabled. It does not impact cloud firewalls, Panorama appliances, or Prisma Access.
Palo Alto Networks has identified malicious exploitation of this vulnerability under the name Operation MidnightEclipse. They believe the initial exploitation is limited to a single threat actor but warn that additional actors may attempt to exploit it in the future. The company is providing interim guidance to mitigate the vulnerability, including recommendations for customers with a Threat Prevention subscription to block attacks by enabling Threat ID 95187. For those who cannot apply this mitigation immediately, Palo Alto Networks suggests temporarily disabling device telemetry until the device is upgraded to a fixed PAN-OS version.
The vulnerability is set to be fixed in an upcoming release of PAN-OS 10.2, 11.0, 11.1, and all later versions, with an estimated release date of April 14, 2024. Palo Alto Networks encourages customers to monitor their networks for abnormal activity and investigate any unexpected network activity as a best practice. They also thank Volexity for discovering this issue and their ongoing collaboration and partnership.
https://unit42.paloaltonetworks.com/cve-2024-3400/
#cybersecurity #paloaltonetworks #unit42 #panos #vulnerability #firewall #globalprotect #cve #midnighteclipse #threat #volexity
📬 GlobalProtect von Palo Alto Networks anfällig für Hacker
#Cyberangriffe #Datenschutz #ITSicherheit #CVE20243400 #GlobalProtect #PaloAltoNetworks #PANOS #Volexity https://sc.tarnkappe.info/bf6b73
