Security News

EXCLUSIVE: A bug in the support dashboard of Palo Alto Networks exposed thousands of customer support tickets to an unauthorized individual, BleepingComputer has learned. The exposed information included, names and contact information of the person creating support tickets, conversations between Palo Alto Networks staff members and the customer.

A new zero-day vulnerability has been disclosed in Palo Alto Networks GlobalProtect VPN that could be abused by an unauthenticated network-based attacker to execute arbitrary code on affected devices with root user privileges. Successful exploitation of the flaw necessitates that the attacker strings it with a technique known as HTTP smuggling to achieve remote code execution on the VPN installations, not to mention have network access to the device on the GlobalProtect service default port 443.

Critical RCE in Palo Alto Networks firewalls revealed, patch ASAP!The existence of a critical RCE vulnerability affecting certain versions of Palo Alto Networks firewalls using the GlobalProtect Portal VPN has been revealed by a cybersecurity company that exploited it during red team engagements for the last 12 months. Vulnerabilities in Nucleus NET TCP/IP stack could lead to real-world damageResearchers have unearthed 13 vulnerabilities affecting the Nucleus NET TCP/IP stack and have demonstrated how attackers could exploit them to cause serious real-world damage.

The existence of a critical RCE vulnerability affecting certain versions of Palo Alto Networks firewalls using the GlobalProtect Portal VPN has been revealed by a cybersecurity company that exploited it during red team engagements for the last 12 months. The vulnerability has been patched, but since there are still over 10,000 vulnerable internet-facing installations out there, Randori will refrain from publishing technical details related to the vulnerability for a month, to give affected organizations enough time to patch.

Palo Alto Networks has issued a patch for a CVSS 9.8-rated buffer overflow affecting a VPN component of its widely used firewall software, warning that the flaw allows unauthenticated attackers to execute arbitrary code on unpatched appliances. "A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges," said the company in an advisory published this week.

Researchers have developed a working exploit to gain remote code execution via a massive vulnerability in a security appliance from Palo Alto Networks, potentially leaving more than 70,000 vulnerable firewalls with their goods exposed to the internet. The Randori Attack Team found the zero day a year ago, developed a working exploit and used it against Randori customers over the past year.

Authentic8, provider of Silo, announced it has become a Palo Alto Networks technology partner and unveiled its integration with the Palo Alto Networks Prisma Access cloud-delivered security platform. The integration combines Silo's zero trust web browsing with the secure web gateway capabilities of Prisma Access to deliver comprehensive and seamless secure remote access to business resources, shielding users, devices and applications from malicious web content.

Deloitte has formed a strategic alliance with Palo Alto Networks to deliver integrated, end-to-end zero trust and multi-cloud cybersecurity solutions to their mutual enterprise and government customers. The alliance brings together Deloitte's award-winning cyber risk consulting services and Palo Alto Networks' platform security capabilities to deliver broad solutions designed to help customers simplify complex security infrastructure while increasing speed and agility, enabling them to protect their most important digital initiatives and realize the full value of their cybersecurity investments.

Palo Alto Networks this week announced the availability of patches for security flaws in the Prisma Cloud Compute cloud workload protection solution and Windows agent for the Cortex XDR detection and response platform. The most serious of the bugs - CVE-2021-3042 - is a local privilege escalation issue in the Palo Alto Networks Cortex XDR agent on Windows platforms.

LogPoint launched a content pack for Cortex XSOAR, a security orchestration, automation and response platform from Palo Alto Networks. The integration with Palo Alto Networks Cortex XSOAR builds on the LogPoint strategy to partner with cybersecurity platforms.