On Friday, April 12, Palo Alto Networks published an advisory on CVE-2024-3400, a CVSS 10 zero-day vulnerability in several versions of PAN-OS, the operating system that runs on the company’s firewalls.
According to the vendor advisory, if conditions for exploitability are met, the vulnerability may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Patches are available for some versions as of Sunday, April 14, 2024.
Read more…
Source: Rapid7
Related:
- Tildeb: Analyzing the 18-year-old Implant from the Shadow Brokers’ Leak
December 13, 2018
On April 14, 2017, The Shadow Brokers (TSB) leaked a bevy of hacking tools named “Lost in Translation.” This leak is notorious for having multiple zero-day remote code execution (RCE) vulnerabilities targeting critical protocols such as Server Message Block (SMB) and Remote Desktop Protocol (RDP) and applications like collaboration and web server-based software. The exploit toolkit includes EternalBlue, ...
- For the fourth month in a row, Microsoft patches Windows zero-day used in the wild
December 11, 2018
Today, Microsoft released its monthly security patches –known as the Patch Tuesday updates. This month the Redmond-based company fixed 38 vulnerabilities across a large set of products. For the fourth month in a row, Microsoft patched a Windows OS zero-day vulnerability that was being exploited in the wild. Just like in the last two months, and for ...
- New Adobe Flash Zero-Day Exploit Found Hidden Inside MS Office Docs
December 6, 2018
Cybersecurity researchers have discovered a new zero-day vulnerability in Adobe Flash Player that hackers are actively exploiting in the wild as part of a targeted campaign appears to be attacking a Russian state health care institution. The vulnerability, tracked as CVE-2018-15982, is a use-after-free flaw resides in Flash Player that, if exploited successfully, allows an attacker to ...
- UK’s NCSC Explains How They Handle Discovered Vulnerabilities
December 1, 2018
When the United Kingdom’s National Cyber Security Center (NCSC) performs operational tasks, they may find vulnerabilities in software, hardware, websites, or critical infrastructure. When they find these vulnerabilities, they go through a review process called the “Equities Process” that determines if they are going to disclose the vulnerability so that it is fixed or if ...
- Backdoor in Popular JavaScript Library Set to Steal Cryptocurrency
November 27, 2018
A JavaScript library that scores over two million downloads every week has been injected with malicious code for stealing coins from a cryptocurrency wallet. The affected package is Event-Stream, built to simplify working with Node.js streaming modules and it is available through the npmjs.com repository. Although the malicious code was discovered last week, researchers were able to determine ...
- Old Printer Vulnerabilities Die Hard
November 23, 2018
New research on an old problem reveals despite efforts, the InfoSec professionals still have a way to go when it comes to securing printers. Despite copious warnings and efforts by the security community to harden the defenses of printers, they continue to represent a ripe target for attackers. Just this past summer researchers at Check Point found ...