Found 4 bookmarks
Custom sorting
Surge in Palo Alto Networks Scanner Activity Indicates Possible Upcoming Threats
Surge in Palo Alto Networks Scanner Activity Indicates Possible Upcoming Threats
GreyNoise has observed a significant surge in login scanning activity targeting Palo Alto Networks PAN-OS GlobalProtect portals. Over the last 30 days, nearly 24,000 unique IP addresses have attempted to access these portals. The pattern suggests a coordinated effort to probe network defenses and identify exposed or vulnerable systems, potentially as a precursor to targeted exploitation. Recent patterns observed by GreyNoise suggest that this activity may signal the emergence of new vulnerabilities in the near future: “Over the past 18 to 24 months, we’ve observed a consistent pattern of deliberate targeting of older vulnerabilities or well-worn attack and reconnaissance attempts against specific technologies,” said Bob Rudis, VP of Data Science at GreyNoise. “These patterns often coincide with new vulnerabilities emerging 2 to 4 weeks later.”
#greynoise#EN#2025#Palo#Alto#Networks#Scanner#Activity#PAN-OS#GlobalProtect#portals
·greynoise.io·
Surge in Palo Alto Networks Scanner Activity Indicates Possible Upcoming Threats
Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474
Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474
This is a pair of vulnerabilities, described as ‘Authentication Bypass in the Management Web Interface’ and a ‘Privilege Escalation‘ respectively, strongly suggesting they are used as a chain to gain superuser access, a pattern that we’ve seen before with Palo Alto appliances. Before we’ve even dived into to code, we’ve already ascertained that we’re looking for a chain of vulnerabilities to achieve that coveted pre-authenticated Remote Code Execution.
#watchtowr#EN#2024#CVE-2024-0012#CVE-2024-9474#Palo#Alto#PAN-OS
·labs.watchtowr.com·
Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474
Siemens Industrial Product Impacted by Exploited Palo Alto Firewall Vulnerability
Siemens Industrial Product Impacted by Exploited Palo Alto Firewall Vulnerability
The recently disclosed Palo Alto Networks firewall vulnerability tracked as CVE-2024-3400, which has been exploited in attacks for at least one month, has been found to impact one of Siemens’ industrial products. In an advisory published late last week, Siemens revealed that its Ruggedcom APE1808 devices configured with a Palo Alto Networks virtual next-generation firewall (NGFW) could be affected by CVE-2024-3400.
#securityweek#EN#2024#CVE-2024-3400#Palo#Alto#Networks#firewall#Siemens#IoT
·securityweek.com·
Siemens Industrial Product Impacted by Exploited Palo Alto Firewall Vulnerability