Palo Alto Networks says it has observed exploitation of two zero-days in its PAN-OS firewall OS; researchers say hackers have compromised 2,000+ firewalls
Malicious hackers have compromised potentially thousands of organizations by exploiting two new zero-day vulnerabilities found …
TechCrunch Carly Page
Related Coverage
- CVE-2024-0012 PAN-OS: Authentication Bypass in the Management Web Interface (PAN-SA-2024-0015) Palo Alto Networks …
- Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 watchTowr Labs · Sonny
- CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface Palo Alto Networks …
- CISA Adds Three Known Exploited Vulnerabilities to Catalog Cybersecurity …
- Experts warn of Palo Alto firewall exploitation after 2,000 compromises spotted The Record · Jonathan Greig
- Executive Summary — Palo Alto Networks and Unit 42 are engaged in tracking a limited set … Unit 42
- Current Scope of the Attack Unit 42
- Palo Alto Networks patches two firewall zero-days used in attacks BleepingComputer · Sergiu Gatlan
- 2 Palo Alto Networks zero-day vulnerabilities under attack TechTarget · Arielle Waldman
- 2K Palo Alto un-pachted firewalls hacked despite warnings SC Media · Steve Zurier
- CISA: Over Half of Top Routinely Exploited Vulnerabilities in 2023 Affected Network Devices and Infrastructure Security Boulevard · Chris Garland
- Thousands of Palo Alto Networks Firewalls Compromised Channel Futures · Edward Gately
- Follow-Up: Arctic Wolf Observes Ongoing Exploitation of Critical Palo Alto Networks Vulnerability CVE-2024-0012 Chained with CVE-2024-9474 Arctic Wolf · Andres Ramos
- Operation Lunar Peek: More Than 2,000 Palo Alto Network Firewalls Hacked Hackread · Waqas
- Palo Alto Networks pushes back as Shadowserver spots 2K of its firewalls exploited Cybersecurity Dive · Matt Kapko
- Wiz observes exploitation in the wild of PAN-OS vulnerabilities Wiz Blog
- Over 2,000 Palo Alto firewalls hacked using recently patched bugs BleepingComputer · Sergiu Gatlan
- 2,000 Palo Alto Firewalls Compromised Via New Vulnerabilities SecurityWeek · Eduard Kovacs
- More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days Security Affairs · Pierluigi Paganini
- Palo Alto Networks Patches Critical Zero-Day Firewall Bug Dark Reading · Becky Bracken
- U.S. CISA adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog Security Affairs · Pierluigi Paganini
- Palo Alto sounds alarm over PAN-OS zero-day attacks SC Media · Shaun Nichols
- Palo Alto Patches Firewall Zero-Day Exploited In Operation Lunar Peek SecurityWeek · Eduard Kovacs
- Palo Alto firewalls exploited after critical zero-day vulnerability Cybernews.com · Ernestas Naprys
- Palo Alto Networks zero-day firewall flaws caused by basic dev mistakes CSO · Lucian Constantin
- Palo Alto Networks says it fixed two major firewall zero-days being used in thousands of attacks TechRadar
- Progress Kemp LoadMaster, PAN-OS bugs added to CISA exploited vulnerabilities catalog SC Media
- Palo Alto Networks tackles firewall-busting zero-days with critical patches The Register · Connor Jones
- 2,700 firewalls compromised in Palo Alto Networks exploit onslaught Tech Monitor · Refna Tharayil
- How does one prove that they're authenticated to the PAN-OS security product, one might wonder. — Simple. — You provide a “X-PAN-AUTHCHECK: off” HTTP header. — CVE-2024-0012, folks. — https://labs.watchtowr.com/... [image] @wdormann@infosec.exchange · Will Dormann
- I wanted to write something about a recent authentication bypass vulnerability affecting 4 million Wordpress websites. … Krzysztof Pranczk
- today's SSLVPN code spaghetti is the equivalent of ‘turn off authentication, and give me full control - please’. Benjamin Harris
Discussion
-
@shadowserver.bsky.social
@shadowserver.bsky.social
on bluesky
Heads-up! Thanks to collaboration with the Saudi NCA — we are now scanning & reporting Palo Alto Networks devices COMPROMISED as a result of a CVE-2024-0012/CVE-2024-9474 campaign. — Found ~2000 instances compromised on 2024-11-20: — dashboard.shadowserver.org/statistics/ …
-
@iagox86.bsky.social
Ron Bowes
on bluesky
Favorite quote from WatchTowr's blog about PAN-OS vuln: — > I guess auto_prepend_file actually has legitimate use besides writing PHP exploits. — labs.watchtowr.com/pots-and- pan...
-
@elibax.bsky.social
Eli Backs
on bluesky
Palo Alto published an authentication bypass vulnerability scoring severity 9.3. There is no patch available, only some urgent mitigating actions. Get those mgmt interfaces offline and put them private. Found some belgian exposed PA's and reported some. security.paloaltonetwor…
-
@taggart-tech.com
Taggart
on bluesky
Reading the awesome WatchTowr writeup of CVE-2024-0012 and CVE-2024-9474, the Palo Alto RCE/privesc one-two punch. Great work here as always. — labs.watchtowr.com/pots-and- pan... A few things stand out:
-
@amitaico
Amitai Cohen
on x
We've been observing ongoing exploitation of the recent PAN-OS RCE vuln chain (CVE-2024-0012 + CVE-2024-9474) over the past few days and we're sharing our research findings and a few IOCs: https://www.wiz.io/...
-
@stephenfewer
Stephen Fewer
on x
We now have a @metasploit exploit module in the pull queue for the PAN-OS management interface unauthenticated RCE exploit chain (CVE-2024-0012 + CVE-2024-9474), based upon the technical analysis published today by @watchtowrcyber. https://github.com/... [image]
-
@wiz_io
@wiz_io
on x
🚨 ONGOING: Critical PAN-OS vulnerabilities exploited in cloud environments Wiz Research has observed threat actors actively exploiting CVE-2024-0012 and CVE-2024-9474 to deploy malware in cloud environments. Here's what's happening: 🧵 [image]
-
@cisacyber
@cisacyber
on x
🛡️ We added #PaloAltoNetworks PAN-OS & #ProgressKemp LoadMaster vulnerabilities, CVE-2024-0012, CVE-2024-9474, & CVE-2024-1212 to our Known Exploited Vulnerabilities Catalog. Visit https://go.dhs.gov/Z3Q & apply mitigations to protect your org from cyberattacks. #InfoSec [image]
-
@aminovdanielle
Danielle Aminov
on x
🚨 ONGOING: Threat actors are actively exploiting the PAN-OS RCE vulnerability chain (CVE-2024-0012 + CVE-2024-9474) to deploy malware. After observing ongoing exploitation of these vulnerabilities over the past few days, we're sharing our findings. Details and IOCs 👇
-
@unit42_intel
@unit42_intel
on x
This threat brief discusses observed exploitation activity of authentication bypass vulnerability CVE-2024-0012, which affects specific versions of PAN-OS software. We cover current mitigations and more: https://unit42.paloaltonetworks.com/ ... [image]
-
@carlypage_
Carly Page
on x
Hackers have compromised potentially thousands of organizations by exploiting two new zero-day vulnerabilities in software made by cybersecurity giant Palo Alto Networks https://techcrunch.com/...