Palo Alto Networks Releases Critical Security Advisory for PAN-OS


Palo Alto Networks has issued a critical severity security advisory for an authentication bypass vulnerability, known as CVE-2024-0012, affecting the PAN-OS management web interface.

CVE-2024-0012 has a CVSSv4 score of 9.3 when access is allowed to the management interface from external IP addresses on the internet. However, if access is restricted to a jump box that is the only system allowed to access the management interface, the CVSSv4 score would be reduced to 5.9.

Read more…
Source: NHS Digital


Sign up for our Newsletter


Related:

  • Major SABS cyberattack raises questions about entity’s leadership

    December 3, 2024

    The South African Bureau of Standards (SABS) has suffered a major ransomware cyberattack, resulting in critical IT systems going down, Engineering News has learned. This is not the first time the SABS IT infrastructure has been hacked, with previous incidents reported in 2023 and again in April this year. The SABS confirmed the attack, telling Engineering ...

  • Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT

    December 2, 2024

    Recent months have seen a surge in mailings with lookalike email attachments in the form of a ZIP archive containing JScript scripts. The script files – disguised as requests and bids from potential customers or partners – bear names such as “Запрос цены и предложения от Индивидуального предпринимателя <ФИО> на август 2024. According to Kaspersky telemetry, ...

  • Retail outages drag into second week after Blue Yonder ransomware attack

    December 2, 2024

    A ransomware attack on supply chain software giant Blue Yonder continues to cause disruption to the company’s customers, almost two weeks after the outage first began. In a brief update to its cybersecurity incident page on Sunday, Arizona-based Blue Yonder said it is making “good progress” in its recovery from the attack, which hit its manage ...

  • Shin Bet finds 200 Iranian cyberattacks on Israeli personalities

    December 2, 2024

    In recent months, the Shin Bet (Israel Security Agency) has uncovered some 200 efforts made by Iranian hackers to target Israeli civilians, the Shin Bet stated on Monday. The hacking was conducted via phishing attempts against various individuals, including Israeli politicians, academics, and media personalities, the security agency added. The hackers reportedly looked to gain access ...

  • No company too small for Phobos ransomware gang, indictment reveals

    December 2, 2024

    The US Department of Justice has charged a Russian national named Evgenii Ptitsyn with selling, operating, and distributing a ransomware variant known as “Phobos” during a four-year cybercriminal campaign that extorted at least $16 million from victims across the world. The government’s indictment against Ptitsyn should dispel any notion that ransomware gangs only target the largest, ...

  • RansomHub claims to net data hat-trick against Bologna FC

    November 30, 2024

    Italian professional football club Bologna FC is allegedly a recent victim of the RansomHub cybercrime gang, according to the group’s dark web postings. The ransomware crims responsible for attacks on organizations including Planned Parenthood and Christie’s – the same crew thought to have picked up LockBit’s top talent post-disruption – posted an extensive collection of data ...