"Palo Alto Networks Issues Urgent Fixes for Exploited Zero-Day Vulnerabilities"
Palo Alto Networks has released urgent hotfixes to address a critical vulnerability (CVE-2024-3400) in its PAN-OS software, which is being actively exploited in the wild. The flaw, impacting GlobalProtect feature, could allow unauthenticated attackers to execute arbitrary code with root privileges on the firewall. Fixes are available for specific PAN-OS versions, with patches for other releases expected soon. The threat actor exploiting the flaw is tracked as Operation MidnightEclipse, with evidence of potential reconnaissance activity and deployment of a Python-based backdoor called UPSTYLE. Customers are advised to apply the hotfixes immediately to mitigate the risk.
- Palo Alto Networks Releases Urgent Fixes for Exploited PAN-OS Vulnerability The Hacker News
- “Highly capable” hackers root corporate networks by exploiting firewall 0-day Ars Technica
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days Help Net Security
- State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls SecurityWeek
- Palo Alto Networks warns of zero-day in VPN product The Record from Recorded Future News
Reading Insights
0
1
1 min
vs 2 min read
73%
349 → 95 words
Want the full story? Read the original article
Read on The Hacker News