Oddbean

CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that two more flaws impacting the Palo Alto Networks Expedition software have come under active exploitation in the wild. To that end, it has added the vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the necessary updates by December 5, 2024. The security flaws: - CVE-2024-9463 (CVSS score: 9.9) - Palo Alto Networks Expedition OS Command Injection Vulnerability - CVE-2024-9465 (CVSS score: 9.3) - Palo Alto Networks Expedition SQL Injection Vulnerability See more The Hackers News https://thehackernews.com/2024/11/cisa-flags-critical-palo-alto-network.html Bleeping Computer: https://www.bleepingcomputer.com/news/security/cisa-warns-of-more-palo-alto-networks-bugs-exploited-in-attacks/ #cybersecurity #injection