Security News

Palo Alto Networks has threatened a startup with legal action after the smaller biz published a comparison review of one of its products. Israel-based Orca Security received a cease-and-desist letter from a lawyer representing Palo Alto after Orca uploaded a series of online videos reviewing of one of Palo Alto's products and compared it to its own.

Palo Alto Networks this week announced that it has patched critical and high-severity denial-of-service and arbitrary code execution vulnerabilities in its PAN-OS firewall software. Another potentially serious vulnerability, classified as high severity and tracked as CVE-2020-2041, allows a remote, unauthenticated attacker to get all PAN-OS services to enter a DoS condition by causing the device to restart and enter maintenance mode.

Palo Alto Networks remediated vulnerabilities in PAN-OS. Attackers can use these vulnerabilities to gain access to sensitive data or develop the attack to gain access to the internal segments of the network of a company that uses vulnerable protection tools. Attackers can access a special firewall section, place malicious code in one of the web forms, and obtain maximum privileges in the OS. "We performed black-box testing of the NGFW management web interface to detect this vulnerability, which results from the lack of user input sanitization. During a real attack, hackers can, for example, bruteforce the password for the administrator panel, perform RCE, and gain access to the Palo Alto product, as well as the company's internal network," said Mikhail Klyuchnikov, researcher at Positive Technologies.

Palo Alto Networks announced that it has entered into a definitive agreement to acquire The Crypsis Group, a leading incident response, risk management and digital forensics consulting firm. Under the terms of the agreement, Palo Alto Networks will acquire The Crypsis Group for a total purchase price of $265 million, subject to adjustment, to be paid in cash.

Palo Alto Networks announced on Monday that it has agreed to acquire incident response and digital forensics consulting firm The Crypsis Group. Under the terms of the agreement, Palo Alto Networks will pay $265 million in cash, subject to adjustment, to acquire Crypsis.

Palo Alto Networks informed customers on Wednesday that it has patched two high-severity vulnerabilities in PAN-OS, the software running on the company's firewalls. "An attacker would require some level of specific information about the configuration of an impacted firewall or perform brute-force attacks to exploit this issue," the vendor said in its advisory.

Palo Alto Networks has emitted its second software update in as many weeks to address a potentially serious security vulnerability in its products. This latest Palo Alto advisory comes just ten days after the IT supplier sounded the alarm for another remote code execution flaw in its PAN-OS. That vulnerability, CVE-2020-2021, was serious enough to warrant an alert from Uncle Sam's CyberCom, which feared that in-the-wild exploitation attempts were likely.

The U.S. Cybersecurity and Infrastructure Security Agency is warning that foreign hackers are likely to exploit a newly disclosed, critical vulnerability in a raft of Palo Alto Networks firewalls and enterprise VPN appliances, which allows for device takeover without authentication. Palo Alto Networks on Monday posted an advisory on the vulnerability, which affects the devices' operating systems.

Palo Alto Networks revealed on Monday that it has patched a critical authentication bypass vulnerability in its PAN-OS firewall operating system, and U.S. Cyber Command believes foreign APTs will likely attempt to exploit it soon. "When Security Assertion Markup Language authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled, improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability," Palo Alto Networks explained in an advisory.

Palo Alto Networks has patched a critical and easily exploitable vulnerability affecting PAN-OS, the custom operating system running on its next generation firewalls and enterprise VPN appliances, and is urging users to update to a fixed version as soon as possible. Affected PAN-OS versions include versions earlier than PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 8.0.