Security News

A critical security bug in Palo Alto Networks' Cortex XSOAR could allow remote attackers to run commands and automations in the Cortex XSOAR War Room and to take other actions on the platform, without having to log in. Found internally by Palo Alto, the bug is an improper-authorization vulnerability that "Enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API," according to the security vendor's Tuesday advisory.

A security advisory published on Tuesday by Palo Alto Networks informs customers about the availability of patches for a critical vulnerability affecting the company's Cortex XSOAR product. During an internal security review, Palo Alto Networks discovered that its Cortex XSOAR security orchestration, automation and response platform is affected by an improper authorization issue.

Palo Alto Networks announced the appointment of Aparna Bawa to the company's board of directors. "Aparna is a proven leader who has helped technology companies rapidly scale, and I'm pleased to welcome her to our board," said Nikesh Arora, chairman and CEO of Palo Alto Networks.

A trio of researchers at Palo Alto Networks has detailed vulnerabilities in the JET database engine, and demonstrated how those flaws can be exploited to ultimately execute malicious code on systems running Microsoft's SQL Server and Internet Information Services web server.In a talk today at Black Hat Asia titled Give Me a SQL Injection, I Shall PWN IIS and SQL Server, the three explained they found the JET engine - for years an underlying tech for Microsoft Access and other products, and still downloadable today - has many vulnerabilities.

Palo Alto Networks announced the appointment of Dr. Helene D. Gayle to the company's board of directors and the nominating and corporate governance committee of the board. "We are fortunate to have Dr. Gayle join the Palo Alto Networks' board," said Nikesh Arora, chairman and CEO of Palo Alto Networks.

Palo Alto Networks has described its $156m buy of cloudy DevSecOps biz Bridgecrew as a "Key bet" at a time when the world has never been more reliant on off-premises computing. The buyout was made public early yesterday evening, and Palo Alto said Bridgecrew's "Developer-first infrastructure-as-code security platform" sits well with its Prisma public cloud security product.

Palo Alto Networks announced the release of Prisma Access 2.0 to securely enable work-from-anywhere with the industry's most complete cloud-delivered security platform. As work continues to change and needs to be done securely everywhere, with no compromise on speed, security or performance, Prisma Access 2.0 introduces critical enhancements, including self-healing infrastructure for optimal experience, ML-powered security to help prevent attacks in real time, cloud SWG capabilities for a secure web gateway regardless of user location, and a reimagined cloud management experience.

Palo Alto Networks has made key bets around the shift to cloud and the need for integrated best-in-class security. Today Palo Alto Networks is making a further bet that cloud security must "Shift left," with security increasingly performed during the DevOps process.

Palo Alto Networks on Tuesday snapped up early-stage startup Bridgecrew, adding a cloud security platform for developers to its $3.4 billion-a-year enterprise product portfolio. For Palo Alto, the deal is part of a strategy to spend big to snap up early-stage companies in the cloud security and DevOps workflow space.

Network security giant Palo Alto Networks announced on Wednesday that it has agreed to acquire attack surface management firm Expanse in a deal valued at roughly $800 million. As its largest acquisition to date, Palo Alto will pay $670 million in cash and stock and approximately $130 million in equity awards.