Tag: Exploitation

Palo Alto Networks Discloses Exploitation Of ‘Critical’ Zero-Day Flaw Impacting PAN-OS

April 15, 2024/in Internet Security

The company says that exploits of the vulnerability have been ‘limited’ so far.

Palo Alto Networks disclosed Friday that a “critical” zero-day vulnerability affecting several versions of its PAN-OS firewall software has seen exploitation in attacks.

In an advisory, the cybersecurity giant said it is “aware of a limited number of attacks that leverage the exploitation of this vulnerability.”

Exploits of the flaw “may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall,” Palo Alto Networks said in the advisory.

The vendor said the vulnerability (tracked at CVE-2024-3400) has been rated as a “critical” severity issue. Patches are not yet available but are expected to be released by this coming Sunday, April 14.

Palo Alto Networks provided several recommended workarounds and mitigations for the issue, including temporarily disabling firewall telemetry.

In a statement provided to CRN Friday, Palo Alto Networks said that “upon notification of the vulnerability, we immediately provided mitigations and will provide a permanent fix shortly.”

“We are actively notifying customers and strongly encourage them to implement the mitigations and hotfix as soon as possible,” the company said.

The vulnerability was found in the GlobalProtect feature in PAN-OS firewalls, the company said. The flaw affects the PAN-OS 10.2, PAN-OS 11.0 and PAN-OS 11.1 versions of the firewall software.

“Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability,” the company said. “All other versions of PAN-OS are also not impacted.”

Palo Alto Networks credited researchers at cybersecurity firm Volexity for discovering the vulnerability. In December, Volexity researchers discovered vulnerabilities affecting Ivanti Connect Secure VPN devices, which went on to see mass exploitation by threat actors.

Source…

Zero-day exploitation spikes | SC Media

March 29, 2024/in Internet Security

Threat actors actively exploited 97 zero-day vulnerabilities last year, which is more than 50% higher than in 2022 but lower than in 2021, reports BleepingComputer.

Most of the abused zero-days impacted operating systems, mobile devices, and other end-user platforms, according to a joint Google Threat Analysis Group and Mandiant report. While most state-sponsored attacks leveraging the security bugs were attributed to China, nearly half of all identified zero-days were exploited by commercial spyware vendors.

Among the notable spyware actors involved in zero-day exploits were the Intellexa Consortium behind the Predator spyware, the NSO Group behind the Pegasus spyware, and Variston associated with the Heliconia framework.

“Private sector firms have been involved in discovering and selling exploits for many years, but we have observed a notable increase in exploitation driven by these actors over the past several years,” said researchers.

Such a report comes weeks after sanctions have been imposed by the Treasury Department’s Office of Foreign Assets Control against Intellexa founder Tal Jonathan Dilian.

Source…

NCSC statement following exploitation of Unitronics… – National Cyber Security Centre

November 30, 2023/in Internet Security

NCSC statement following exploitation of Unitronics… National Cyber Security Centre

Source…

CISA Warns of Unitronics PLC Exploitation Following Water Utility Hack

November 29, 2023/in Computer Security

After hackers compromised an industrial control system (ICS) at a water utility in the United States, the cybersecurity agency CISA issued an alert over the exploitation of the targeted device.

The target of the attack was the Municipal Water Authority of Aliquippa in Pennsylvania, which confirmed that hackers took control of a system associated with a station where water pressure is monitored and regulated, but said there was no risk to the water supply or drinking water.

Based on publicly available information, the hackers targeted an Unitronics Vision system, which is a programmable logic controller (PLC) with an integrated human-machine interface (HMI).

A hacktivist group called Cyber Av3ngers, known to be anti-Israel and possibly linked to Iran, has taken credit for the attack, apparently targeting the Israel-made Unitronics PLC.

Unitronics Vision products have been known to be affected by critical vulnerabilities that could expose devices to attacks. However, HMIs are often accessible from the internet without authentication, making them an easy target even for low-skilled threat actors.

In the case of the Municipal Water Authority of Aliquippa, CISA noted that the attackers likely accessed the ICS device “by exploiting cybersecurity weaknesses, including poor password security and exposure to the internet”.

This statement suggests that the attackers likely leveraged the fact that the device was insecurely configured, rather than exploiting an actual vulnerability. This would not be surprising for a hacktivist group as these types of threat actors mostly target low-hanging fruit and do not waste time and energy creating sophisticated exploits.

In order to protect their Unitronics PLCs against potential attacks, organizations have been urged by CISA to change the default ‘1111’ password, require multi-factor authentication for remote access to OT systems, ensure that the controller is not directly exposed to the internet, create backups for the PLC’s logic and configuration in case it gets compromised, change the default port, and update the device to the latest version.

Advertisement. Scroll to continue reading.

Such PLCs are used by organizations in the…

Source…

Tag Archive for: Exploitation