Man
Professional
- Messages
- 3,038
- Reaction score
- 561
- Points
- 113
Hackers combine bugs to gain full control over devices.
Hackers exploited two zero-day vulnerabilities in the software of Palo Alto Networks, which led to the compromise of potentially thousands of organizations around the world. Vulnerabilities found in the PAN-OS operating system, which runs on next-generation firewalls, allowed attackers to gain administrative access and perform actions with elevated privileges. As a result of the attacks, it became possible to remotely place malicious code on devices.
According to researchers, attackers are actively using an exploit chain combining the CVE-2024-0012 and CVE-2024-9474 vulnerabilities to attack a limited number of web-based management interfaces connected to the Internet. CVE-2024-0012 vulnerability allows you to gain administrative privileges, and CVE-2024-9474 allows you to perform actions with root privileges. Combined, these vulnerabilities provide complete control over devices and access to corporate networks.
The Shadowserver Foundation reported that more than 2,000 devices were compromised through newly patched vulnerabilities, with the largest number of affected devices recorded in the United States, India, the United Kingdom, Australia, and China.
Arctic Wolf researchers noted that hackers began using the vulnerabilities on November 19 after the publication of a conceptual exploit. During the attacks, attackers transferred tools to compromised systems and stole configuration files.
Palo Alto Networks has released patches for these vulnerabilities and has strongly recommended that all organizations install the updates as soon as possible. The U.S. agency CISA has included these vulnerabilities in the catalog of known exploitable vulnerabilities, requiring federal agencies to install patches within three weeks.
Analysis of the fixes showed that the vulnerabilities arose due to errors in the development process. This situation highlights the growing challenge of discovering vulnerabilities in corporate security devices such as firewalls, VPNs, and remote access tools. This is the second major vulnerability incident in Palo Alto Networks products this year, along with similar issues from other vendors, including Ivanti and Check Point.
Source
Hackers exploited two zero-day vulnerabilities in the software of Palo Alto Networks, which led to the compromise of potentially thousands of organizations around the world. Vulnerabilities found in the PAN-OS operating system, which runs on next-generation firewalls, allowed attackers to gain administrative access and perform actions with elevated privileges. As a result of the attacks, it became possible to remotely place malicious code on devices.
According to researchers, attackers are actively using an exploit chain combining the CVE-2024-0012 and CVE-2024-9474 vulnerabilities to attack a limited number of web-based management interfaces connected to the Internet. CVE-2024-0012 vulnerability allows you to gain administrative privileges, and CVE-2024-9474 allows you to perform actions with root privileges. Combined, these vulnerabilities provide complete control over devices and access to corporate networks.
The Shadowserver Foundation reported that more than 2,000 devices were compromised through newly patched vulnerabilities, with the largest number of affected devices recorded in the United States, India, the United Kingdom, Australia, and China.
Arctic Wolf researchers noted that hackers began using the vulnerabilities on November 19 after the publication of a conceptual exploit. During the attacks, attackers transferred tools to compromised systems and stole configuration files.
Palo Alto Networks has released patches for these vulnerabilities and has strongly recommended that all organizations install the updates as soon as possible. The U.S. agency CISA has included these vulnerabilities in the catalog of known exploitable vulnerabilities, requiring federal agencies to install patches within three weeks.
Analysis of the fixes showed that the vulnerabilities arose due to errors in the development process. This situation highlights the growing challenge of discovering vulnerabilities in corporate security devices such as firewalls, VPNs, and remote access tools. This is the second major vulnerability incident in Palo Alto Networks products this year, along with similar issues from other vendors, including Ivanti and Check Point.
Source
