Oddbean new post about login | logout CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that two more flaws impacting the Palo Alto Networks Expedition software have come under active exploitation in the wild. To that end, it has added the vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the necessary updates by December 5, 2024. The security flaws: - CVE-2024-9463 (CVSS score: 9.9) - Palo Alto Networks Expedition OS Command Injection Vulnerability - CVE-2024-9465 (CVSS score: 9.3) - Palo Alto Networks Expedition SQL Injection Vulnerability See more The Hackers News https://thehackernews.com/2024/11/cisa-flags-critical-palo-alto-network.html Bleeping Computer: https://www.bleepingcomputer.com/news/security/cisa-warns-of-more-palo-alto-networks-bugs-exploited-in-attacks/ #cybersecurity #injection
Palo Alto Networks warns of critical RCE zero-day exploited in attacks Palo Alto Networks is warning that a critical zero-day vulnerability on Next-Generation Firewalls (NGFW) management interfaces, currently tracked as 'PAN-SA-2024-0015,' is actively being exploited in attacks. The flaw was originally disclosed on November 8, 2024, with Palo Alto Networks warning customers to restrict access to their next-generation firewalls because of a "potential" remote code execution (RCE) vulnerability impacting them. No signs of exploitation were detected at that time, but now, one week later, the situation has changed. See more: https://www.bleepingcomputer.com/news/security/palo-alto-networks-warns-of-critical-rce-zero-day-exploited-in-attacks/ #cybersecurity #rce #zeroday nostr:nevent1qqsft2dh06hte2n8zqw4ncjs3vkpukq5f7y3dr63yx0lx34mk52tmuspz4mhxue69uhkummnw3ezummcw3ezuer9wchsygqkl5n0qqz57es4r34a0yj7mm6ptpss8tce63zlj0mx7h3ykdzz0gpsgqqqqqqs3y406q