Cloud Security Alliance News Clipping Site

The Register: 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole

Nov 22, 2024

—

Source URL: https://www.theregister.com/2024/11/22/palo_alto_firewalls_under_exploit/
Source: The Register
Title: 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole

Feedly Summary: PAN-PAN! Intruders inject web shell backdoors, crypto-coin miners, more
Thousands of Palo Alto Networks firewalls were compromised by attackers exploiting two recently patched security bugs. The intruders were able to deploy web-accessible backdoors to remotely control the equipment as well as cryptocurrency miners and other malware.…

AI Summary and Description: Yes

Summary: The text outlines a significant security breach involving the exploitation of vulnerabilities in Palo Alto Networks firewalls, specifically allowing attackers to execute remote code and deploy malicious software. This incident highlights the critical need for prompt patching of security flaws and vigilance against emerging threats in network security tools.

Detailed Description: The report details a series of security vulnerabilities in Palo Alto Networks firewalls that were exploited by attackers, resulting in unauthorized access to approximately 2,000 devices. After the release of patches, the number of compromised devices decreased, but the incident underscores the ongoing risk posed by such vulnerabilities in essential cybersecurity infrastructure.

– **Key Points**:
– Attackers exploited two recently patched vulnerabilities, allowing for remote control and deployment of malware, including cryptocurrency miners.
– Initial reports indicated around 2,000 compromised devices, which later reduced to about 800 following the vendor’s patch implementation.
– The vulnerabilities include an authentication bypass flaw (CVE-2024-0012) rated critical (9.3 CVSS) and a privilege escalation bug (CVE-2024-9474) rated medium severity (6.9 CVSS), which together enable remote code execution.
– Attack patterns included the use of web-accessible backdoors, Sliver implants, and specific command-and-control (C2) addresses.
– Threat intelligence indicates that exploiting these vulnerabilities increased following the public release of a proof-of-concept exploit.
– Continuous monitoring and rapid response to vulnerability disclosures are crucial for maintaining security and preventing larger-scale exploitation.

This incident serves as a cautionary tale for professionals in security and compliance, emphasizing the importance of timely updates and effective threat monitoring to safeguard against similar vulnerabilities in IT infrastructure.

1 2 2024 4 a access AI API as attack attackers authentication Authentication Bypass AWS backdoor backdoors breach Bug bugs by bypass C C2 code code execution command command-and-control compliance continuous monitoring control critical Crypto cryptocurrency Cryptocurrency miners CVE cyber Cybersecurity cybersecurity infrastructure D deployment disclosure e emerging threats end event execution exp exploit Exploitation firewall g Gen GIS Go high Highlight http HTTPS implementation in incident infrastructure Intel intelligence ite jack k l law led low malicious software malware Mila monitoring network network security networks o of on Palo Alto Palo Alto Networks Patch patches patching privilege escalation professionals prompt proof-of-concept proof-of-concept exploit public rapid response RCE Remote Code Execution remote control response Risk s Scale sec security security and compliance security breach Security Flaw security infrastructure security tools Security Vulnerabilities severity Sig Sim software source SSE T Tails threat intelligence threat monitoring threats to tools Tor two unauthorized access up update updates uth vendor vigilance vulnerabilities vulnerability vulnerability disclosure vulnerability disclosures web web shell x