Security News > 2024 > April > Week in review: Palo Alto firewalls mitigation ineffective, PuTTY client vulnerable to key recovery attack

Week in review: Palo Alto firewalls mitigation ineffective, PuTTY client vulnerable to key recovery attack
2024-04-21 08:00

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigationWhile it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE-2024-3400 would be possible by disabling the devices' telemetry, it has now been confirmed that this mitigation is ineffectual.

Geopolitical tensions escalate OT cyber attacksIn this Help Net Security interview, Andrew Ginter, VP of Industrial Security at Waterfall Security, discusses operational technology cyber attacks and their 2024 Threat Report.

AI set to enhance cybersecurity roles, not replace themIn this Help Net Security interview, Caleb Sima, Chair of CSA AI Security Alliance, discusses how AI empowers security pros, emphasizing its role in enhancing skills and productivity rather than replacing staff.

Damn Vulnerable RESTaurant: Open-source API service designed for learningDamn Vulnerable RESTaurant is an open-source project that allows developers to learn to identify and fix security vulnerabilities in their code through an interactive game.

The key pillars of domain securityIn this Help Net Security video, Mark Flegg, Global Director of Security Services at CSC, discusses how CISOs often don't view domains as a foundational component in their security starter plans.

Exposing the top cloud security threatsIn this Help Net Security video, Michal Lewy-Harush, Aqua Security's CIO, discusses the top cloud security threat global businesses.


News URL

https://www.helpnetsecurity.com/2024/04/21/week-in-review-palo-alto-firewalls-mitigation-ineffective-putty-client-vulnerable-to-key-recovery-attack/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-04-12 CVE-2024-3400 Command Injection vulnerability in Paloaltonetworks Pan-Os
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
network
low complexity
paloaltonetworks CWE-77
critical
10.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Putty 1 4 10 7 4 25