Security News

Palo Alto Networks introduced Enterprise Data Loss Prevention-a cloud-delivered service that brings a fresh, simple and modern approach to data protection, privacy and compliance. "Data breaches are a huge and growing problem worldwide, but the existing legacy and point solutions are not accessible, appropriate or effective for many of the companies that need them," said Anand Oswal, senior vice president and general manager, Firewall as a Platform, Palo Alto Networks.

Palo Alto Networks has threatened legal action against cloud visibility solutions provider Orca Security after the latter published a video comparing products from the two companies. The video made by Orca in August, which is still available on YouTube, is described as a "Detailed competitive comparison" between Orca Security's platform and Palo Alto Networks' Prisma Cloud product.

Palo Alto Networks has threatened a startup with legal action after the smaller biz published a comparison review of one of its products. Israel-based Orca Security received a cease-and-desist letter from a lawyer representing Palo Alto after Orca uploaded a series of online videos reviewing of one of Palo Alto's products and compared it to its own.

Palo Alto Networks this week announced that it has patched critical and high-severity denial-of-service and arbitrary code execution vulnerabilities in its PAN-OS firewall software. Another potentially serious vulnerability, classified as high severity and tracked as CVE-2020-2041, allows a remote, unauthenticated attacker to get all PAN-OS services to enter a DoS condition by causing the device to restart and enter maintenance mode.

Palo Alto Networks remediated vulnerabilities in PAN-OS. Attackers can use these vulnerabilities to gain access to sensitive data or develop the attack to gain access to the internal segments of the network of a company that uses vulnerable protection tools. Attackers can access a special firewall section, place malicious code in one of the web forms, and obtain maximum privileges in the OS. "We performed black-box testing of the NGFW management web interface to detect this vulnerability, which results from the lack of user input sanitization. During a real attack, hackers can, for example, bruteforce the password for the administrator panel, perform RCE, and gain access to the Palo Alto product, as well as the company's internal network," said Mikhail Klyuchnikov, researcher at Positive Technologies.

Palo Alto Networks announced that it has entered into a definitive agreement to acquire The Crypsis Group, a leading incident response, risk management and digital forensics consulting firm. Under the terms of the agreement, Palo Alto Networks will acquire The Crypsis Group for a total purchase price of $265 million, subject to adjustment, to be paid in cash.

Palo Alto Networks announced on Monday that it has agreed to acquire incident response and digital forensics consulting firm The Crypsis Group. Under the terms of the agreement, Palo Alto Networks will pay $265 million in cash, subject to adjustment, to acquire Crypsis.

Palo Alto Networks informed customers on Wednesday that it has patched two high-severity vulnerabilities in PAN-OS, the software running on the company's firewalls. "An attacker would require some level of specific information about the configuration of an impacted firewall or perform brute-force attacks to exploit this issue," the vendor said in its advisory.

Palo Alto Networks has emitted its second software update in as many weeks to address a potentially serious security vulnerability in its products. This latest Palo Alto advisory comes just ten days after the IT supplier sounded the alarm for another remote code execution flaw in its PAN-OS. That vulnerability, CVE-2020-2021, was serious enough to warrant an alert from Uncle Sam's CyberCom, which feared that in-the-wild exploitation attempts were likely.

The U.S. Cybersecurity and Infrastructure Security Agency is warning that foreign hackers are likely to exploit a newly disclosed, critical vulnerability in a raft of Palo Alto Networks firewalls and enterprise VPN appliances, which allows for device takeover without authentication. Palo Alto Networks on Monday posted an advisory on the vulnerability, which affects the devices' operating systems.