Kozminski Techblog

Malicious hackers are exploiting two zero-day vulnerabilities in Palo Alto Networks’ PAN-OS, impacting thousands of organizations.
These vulnerabilities, CVE-2024-0012 and CVE-2024-9474, allow attackers to gain administrator privileges and perform actions with higher root privileges on compromised firewalls. When used together, these vulnerabilities enable attackers to remotely implant malicious code on affected firewalls, giving them deep access to company networks.

Palo Alto Networks has observed limited exploitation activity and released patches for these vulnerabilities. The company, along with U.S. cybersecurity agency CISA, is urging organizations to patch their systems quickly. CISA has mandated that civilian federal agencies patch their systems within three weeks.

Hackers have already compromised over 2,000 firewalls, primarily in the United States and India, according to the Shadowserver Foundation. The highest number of compromised devices were found in these countries, with other cases reported in the UK, Australia, and China. Researchers at Arctic Wolf noticed exploitation attempts as early as November 19, following the release of a proof-of-concept exploit. Threat actors have been observed transferring tools and exfiltrating config files from compromised devices.

Security firm watchTowr Labs identified that these flaws resulted from basic development errors. This incident highlights ongoing vulnerabilities in corporate security devices such as firewalls and VPN products. It is the second major security alert this year for Palo Alto Networks, following issues with products from Ivanti and Check Point.

ref. https://techcrunch.com/2024/11/21/palo-alto-networks-warns-hackers-are-breaking-into-its-customers-firewalls-again/

Ai: copilot