2000+ Palo Alto Firewalls Hacked Exploiting New Vulnerabilities
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Over 2,000 Palo Alto Networks firewalls have been compromised in a widespread attack exploiting recently patched vulnerabilities.
The attack, which began in mid-November 2024, has raised alarm bells across the cybersecurity community and highlighted the critical importance of prompt patching and secure configuration practices.
The attackers exploited two key vulnerabilities in Palo Alto Networks’ PAN-OS software:
When chained together, these vulnerabilities allow unauthenticated attackers to gain root access to affected devices, potentially compromising entire networks.
Dubbed “Operation Lunar Peek” by Palo Alto Networks’ Unit 42 research team, the attack campaign has been ongoing since early November. Threat actors have been observed dropping malware and executing commands on compromised firewalls, indicating the likely availability of a public exploit chain.
Shadowserver, a threat monitoring platform, reported tracking over 2,700 vulnerable PAN-OS devices, with approximately 2,000 confirmed as compromised.
Heads-up! Thanks to collaboration with @NCA_KSA
we are now scanning & reporting Palo Alto Networks devices COMPROMISED as a result of a CVE-2024-0012/CVE-2024-9474 campaign.
Found ~2000 instances compromised on 2024-11-20:https://t.co/7t95RBKdxr
Top affected: US & India pic.twitter.com/Ors5jhMMxz
— The Shadowserver Foundation (@Shadowserver) November 21, 2024
However, Palo Alto Networks has suggested that the actual number of affected devices may be lower, stating that less than half a percent of their deployed firewalls have internet-exposed management interfaces.
The vulnerabilities affect various Palo Alto Networks products running PAN-OS, including:
Palo Alto Networks has issued patches for the vulnerabilities and strongly advises customers to secure their firewalls’ management interfaces by restricting access to trusted internal IP addresses.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added both vulnerabilities to its Known Exploited Vulnerabilities Catalog, requiring federal agencies to patch their firewalls by December 9, 2024.
This incident underscores the critical nature of network security devices and the potential for widespread impact when such devices are compromised. It also highlights the ongoing challenge of securing internet-exposed management interfaces, which continue to be attractive targets for cybercriminals.
As the situation develops, cybersecurity experts urge organizations to remain vigilant, implement recommended security measures, and ensure their Palo Alto Networks devices are promptly updated to the latest patched versions.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_attack #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
2000+ Palo Alto Firewalls Hacked Exploiting New Vulnerabilities
Author: Guru BaranOver 2,000 Palo Alto Networks firewalls have been compromised in a widespread attack exploiting recently patched vulnerabilities.
The attack, which began in mid-November 2024, has raised alarm bells across the cybersecurity community and highlighted the critical importance of prompt patching and secure configuration practices.
The attackers exploited two key vulnerabilities in Palo Alto Networks’ PAN-OS software:
- CVE-2024-0012: A critical authentication bypass flaw with a severity rating of 9.3 out of 10.0.
- CVE-2024-9474: A medium-severity privilege escalation vulnerability rated 6.9 out of 10.0.
When chained together, these vulnerabilities allow unauthenticated attackers to gain root access to affected devices, potentially compromising entire networks.
Dubbed “Operation Lunar Peek” by Palo Alto Networks’ Unit 42 research team, the attack campaign has been ongoing since early November. Threat actors have been observed dropping malware and executing commands on compromised firewalls, indicating the likely availability of a public exploit chain.
Shadowserver, a threat monitoring platform, reported tracking over 2,700 vulnerable PAN-OS devices, with approximately 2,000 confirmed as compromised.
Heads-up! Thanks to collaboration with @NCA_KSA
we are now scanning & reporting Palo Alto Networks devices COMPROMISED as a result of a CVE-2024-0012/CVE-2024-9474 campaign.
Found ~2000 instances compromised on 2024-11-20:https://t.co/7t95RBKdxr
Top affected: US & India pic.twitter.com/Ors5jhMMxz
— The Shadowserver Foundation (@Shadowserver) November 21, 2024
However, Palo Alto Networks has suggested that the actual number of affected devices may be lower, stating that less than half a percent of their deployed firewalls have internet-exposed management interfaces.
The vulnerabilities affect various Palo Alto Networks products running PAN-OS, including:
- Next-generation firewalls
- Panorama appliances (firewall management)
- WildFire appliances (sandbox systems for file analysis)
Palo Alto Networks has issued patches for the vulnerabilities and strongly advises customers to secure their firewalls’ management interfaces by restricting access to trusted internal IP addresses.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added both vulnerabilities to its Known Exploited Vulnerabilities Catalog, requiring federal agencies to patch their firewalls by December 9, 2024.
This incident underscores the critical nature of network security devices and the potential for widespread impact when such devices are compromised. It also highlights the ongoing challenge of securing internet-exposed management interfaces, which continue to be attractive targets for cybercriminals.
As the situation develops, cybersecurity experts urge organizations to remain vigilant, implement recommended security measures, and ensure their Palo Alto Networks devices are promptly updated to the latest patched versions.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_attack #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
