Palo Alto Networks and Unit 42 are engaged in tracking a limited set of exploitation activity related to CVE-2024-0012 and and CVE-2024-9474 and are working with external researchers, partners, and customers to share information transparently and rapidly.
Fixes for both vulnerabilities are available.
Please refer to the Palo Alto Networks Security Advisories (CVE-2024-0012, CVE-2024-9474) for additional details. An authentication bypass in Palo Alto Networks PAN-OS software (CVE-2024-0012) enables an unauthenticated attacker with network access to the management interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474.
Read more…
Source: Trend Micro
Related:
- Cisco Patches Critical VPN Vulnerability
January 30, 2018
Cisco Systems released a patch Monday to fix a critical security vulnerability in its Secure Sockets Layer VPN solution called Adaptive Security Appliance. The vulnerability, according to a Cisco Security Advisory, could allow an unauthenticated and remote attacker to execute remote code on affected devices. The vulnerability impacts nearly a dozen Cisco products ranging from 3000 Series ...
- Ploutus.D Malware Variant Used in U.S.-based ATM Jackpotting Attacks
January 29, 2018
The United States Secret Service issued a warning on Friday to financial institutions citing “credible information” about “planned” attacks against U.S. cash machines using malware that can quickly drain ATM machines dry of cash. The warning came a day after ATM maker Diebold Nixdorf also warned its customers of “potential” ATM Jackpotting attacks moving from Mexico to the U.S. But journalist Brian ...
- Electron critical vulnerability strikes app developers
January 24, 2018
A critical vulnerability affecting Electron desktop apps has been disclosed. Electron is a node.js, V8, and Chromium framework created for the development of cross-platform desktop apps with JavaScript, HTML, and CSS. Compatible with Mac, Linux, and Windows operating systems, the recently-discovered bug impacts Windows alone. The critical vulnerability affects Electron apps which use custom protocol handlers. Assigned the identifier CVE-2018-1000006, the vulnerability ...
- Now Meltdown patches are making industrial control systems lurch
January 15, 2018
Patches for the Meltdown vulnerability are causing stability issues in industrial control systems. SCADA vendor Wonderware admitted that Redmond’s Meltdown patch made its Historian product wobble. “Microsoft update KB4056896 (or parallel patches for other Operating System) causes instability for Wonderware Historian and the inability to access DA/OI Servers through the SMC,” an advisory on Wonderware’s support site explains. Read ...
- CPU bug patch saga: Antivirus tools caught with their hands in the Windows cookie jar
January 9, 2018
Microsoft’s workaround to protect Windows computers from the Intel processor security flaw dubbed Meltdown has revealed the rootkit-like nature of modern security tools. Some anti-malware packages are incompatible with Redmond’s Meltdown patch, released last week, because the tools make, according to Microsoft, “unsupported calls into Windows kernel memory,” crashing the system with a blue screen of death. In extreme ...
- Triple Meltdown: How So Many Researchers Found A 20-Year-Old Chip Flaw At The Same Time.
January 7, 2018
On a cold Sunday early last month in the small Austrian city of Graz, three young researchers sat down in front of the computers in their homes and tried to break their most fundamental security protections. Two days earlier, in their lab at Graz’s University of Technology, Moritz Lipp, Daniel Gruss, and Michael Schwarz had determined to ...