Security News

Critical RCE in Palo Alto Networks firewalls revealed, patch ASAP!The existence of a critical RCE vulnerability affecting certain versions of Palo Alto Networks firewalls using the GlobalProtect Portal VPN has been revealed by a cybersecurity company that exploited it during red team engagements for the last 12 months. Vulnerabilities in Nucleus NET TCP/IP stack could lead to real-world damageResearchers have unearthed 13 vulnerabilities affecting the Nucleus NET TCP/IP stack and have demonstrated how attackers could exploit them to cause serious real-world damage.

The existence of a critical RCE vulnerability affecting certain versions of Palo Alto Networks firewalls using the GlobalProtect Portal VPN has been revealed by a cybersecurity company that exploited it during red team engagements for the last 12 months. The vulnerability has been patched, but since there are still over 10,000 vulnerable internet-facing installations out there, Randori will refrain from publishing technical details related to the vulnerability for a month, to give affected organizations enough time to patch.

Palo Alto Networks has issued a patch for a CVSS 9.8-rated buffer overflow affecting a VPN component of its widely used firewall software, warning that the flaw allows unauthenticated attackers to execute arbitrary code on unpatched appliances. "A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges," said the company in an advisory published this week.

Researchers have developed a working exploit to gain remote code execution via a massive vulnerability in a security appliance from Palo Alto Networks, potentially leaving more than 70,000 vulnerable firewalls with their goods exposed to the internet. The Randori Attack Team found the zero day a year ago, developed a working exploit and used it against Randori customers over the past year.

Authentic8, provider of Silo, announced it has become a Palo Alto Networks technology partner and unveiled its integration with the Palo Alto Networks Prisma Access cloud-delivered security platform. The integration combines Silo's zero trust web browsing with the secure web gateway capabilities of Prisma Access to deliver comprehensive and seamless secure remote access to business resources, shielding users, devices and applications from malicious web content.

Deloitte has formed a strategic alliance with Palo Alto Networks to deliver integrated, end-to-end zero trust and multi-cloud cybersecurity solutions to their mutual enterprise and government customers. The alliance brings together Deloitte's award-winning cyber risk consulting services and Palo Alto Networks' platform security capabilities to deliver broad solutions designed to help customers simplify complex security infrastructure while increasing speed and agility, enabling them to protect their most important digital initiatives and realize the full value of their cybersecurity investments.

Palo Alto Networks this week announced the availability of patches for security flaws in the Prisma Cloud Compute cloud workload protection solution and Windows agent for the Cortex XDR detection and response platform. The most serious of the bugs - CVE-2021-3042 - is a local privilege escalation issue in the Palo Alto Networks Cortex XDR agent on Windows platforms.

LogPoint launched a content pack for Cortex XSOAR, a security orchestration, automation and response platform from Palo Alto Networks. The integration with Palo Alto Networks Cortex XSOAR builds on the LogPoint strategy to partner with cybersecurity platforms.

A critical security bug in Palo Alto Networks' Cortex XSOAR could allow remote attackers to run commands and automations in the Cortex XSOAR War Room and to take other actions on the platform, without having to log in. Found internally by Palo Alto, the bug is an improper-authorization vulnerability that "Enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API," according to the security vendor's Tuesday advisory.

A security advisory published on Tuesday by Palo Alto Networks informs customers about the availability of patches for a critical vulnerability affecting the company's Cortex XSOAR product. During an internal security review, Palo Alto Networks discovered that its Cortex XSOAR security orchestration, automation and response platform is affected by an improper authorization issue.