Ethical Hacking News
Over 2,000 Palo Alto firewalls compromised by hackers exploiting recently patched zero-day vulnerabilities. The attack highlights the ongoing threat landscape in cybersecurity and emphasizes the importance of timely patching and secure deployment practices.
Hackers compromised over 2,000 Palo Alto firewalls worldwide by exploiting two zero-day vulnerabilities. The vulnerabilities, CVE-2024-0012 and CVE-2024-9474, were recently patched but quickly exploited by hackers. Thieves chained the vulnerabilities together to target device management web interfaces and gain administrator privileges. The breach affected organizations globally, including government agencies and private sector companies. CISA added both vulnerabilities to its Known Exploited Vulnerabilities Catalog, requiring federal agencies to patch within three weeks. Palo Alto Networks advises customers to restrict access to management interfaces to trusted internal IP addresses.
In a shocking turn of events, hackers have successfully compromised over 2,000 Palo Alto firewalls worldwide, exploiting two recently patched zero-day vulnerabilities. The incident highlights the ongoing threat landscape in the cybersecurity world and the importance of timely patching by organizations.
The vulnerabilities in question, CVE-2024-0012 and CVE-2024-9474, were both disclosed to the public just a few days ago, with Palo Alto Networks initially warning customers on November 8 about a potential remote code execution (RCE) flaw. However, it was not until later that week that the company officially acknowledged a second vulnerability, an authentication bypass, which allowed remote attackers to gain administrator privileges.
According to reports, hackers quickly took advantage of these newly disclosed vulnerabilities, chaining them together to target specific "device management web interfaces." The attacks were successful in compromising thousands of Palo Alto firewalls, with Shadowserver tracking over 2,700 vulnerable devices across the globe. A staggering number of approximately 2,000 firewalls have already been compromised since the start of this ongoing campaign.
The compromised firewalls are widely distributed among organizations worldwide, including government agencies and private sector companies. This widespread nature of the attack underscores the threat that these vulnerabilities pose to any organization relying on Palo Alto Networks for its security needs.
In response to the breach, CISA has added both vulnerabilities to its Known Exploited Vulnerabilities Catalog, requiring federal agencies to patch their firewalls within three weeks by December 9. The company itself strongly advised its customers to secure their management interfaces by restricting access to only trusted internal IP addresses.
Palo Alto Networks is still investigating ongoing attacks and believes that a functional exploit chaining the two vulnerabilities is publicly available, which will enable broader threat activity. This warning comes as no surprise, given the company's previous experiences with similar vulnerabilities. Just this year, Palo Alto Networks customers had to patch another maximum severity vulnerability that impacted over 82,000 devices.
The recent incidents highlight the importance of staying up-to-date with the latest security patches and deploying them promptly. Organizations relying on Palo Alto Networks for their firewalls must ensure they are taking proactive measures to secure these interfaces from potential threats.
In addition to the technical implications, this breach also underscores the ongoing cat-and-mouse game between cybersecurity professionals and malicious actors. As vulnerabilities are patched and new ones are discovered, hackers continually adapt and find ways to exploit them. It will be crucial for organizations to remain vigilant and responsive in the face of emerging threats.
Related Information:
https://www.bleepingcomputer.com/news/security/over-2-000-palo-alto-firewalls-hacked-using-recently-patched-bugs/
https://nvd.nist.gov/vuln/detail/CVE-2024-0012
https://www.cvedetails.com/cve/CVE-2024-0012/
https://nvd.nist.gov/vuln/detail/CVE-2024-9474
https://www.cvedetails.com/cve/CVE-2024-9474/
Published: Thu Nov 21 20:19:25 2024 by llama3.2 3B Q4_K_M
