Tag Archive for: Impacting

Palo Alto Networks Discloses Exploitation Of ‘Critical’ Zero-Day Flaw Impacting PAN-OS

/in


The company says that exploits of the vulnerability have been ‘limited’ so far.


Palo Alto Networks disclosed Friday that a “critical” zero-day vulnerability affecting several versions of its PAN-OS firewall software has seen exploitation in attacks.

In an advisory, the cybersecurity giant said it is “aware of a limited number of attacks that leverage the exploitation of this vulnerability.”

[Related: Fortinet Discloses Vulnerabilities In FortiOS, FortiProxy, FortiClient Linux And Mac]

Exploits of the flaw “may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall,” Palo Alto Networks said in the advisory.

The vendor said the vulnerability (tracked at CVE-2024-3400) has been rated as a “critical” severity issue. Patches are not yet available but are expected to be released by this coming Sunday, April 14.

Palo Alto Networks provided several recommended workarounds and mitigations for the issue, including temporarily disabling firewall telemetry.

In a statement provided to CRN Friday, Palo Alto Networks said that “upon notification of the vulnerability, we immediately provided mitigations and will provide a permanent fix shortly.”

“We are actively notifying customers and strongly encourage them to implement the mitigations and hotfix as soon as possible,” the company said.

The vulnerability was found in the GlobalProtect feature in PAN-OS firewalls, the company said. The flaw affects the PAN-OS 10.2, PAN-OS 11.0 and PAN-OS 11.1 versions of the firewall software.

“Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability,” the company said. “All other versions of PAN-OS are also not impacted.”

Palo Alto Networks credited researchers at cybersecurity firm Volexity for discovering the vulnerability. In December, Volexity researchers discovered vulnerabilities affecting Ivanti Connect Secure VPN devices, which went on to see mass exploitation by threat actors.

Source…

SOTI lists key IT trends impacting ANZ markets in 2023

/in


SOTI, the mobile and IoT management solutions provider, predicts four key technology trends that will impact the Australian and New Zealand markets in 2023. Increased technology investment for improved customer experiences, cloud security and the growth of zero trust, device sustainability, and voice search technology is predicted to impact organisations in the year ahead directly.

“With significant economic headwinds anticipated in 2023 due to rising interest rates, organisations are going to be challenged specifically when it comes to growth. In such an environment, solutions that support business mobility, create organisational efficiencies and connections with customers will be central to operational success. Business leaders must be aware of key business mobile technology trends to maintain their competitive edge,” says Michael Dyson, Vice President of Sales, APAC at SOTI. 

Consumers engage and respond well to brands that market to them as individuals, such as through personalised recommendations via email or targeted online ads promoting goods that they have recently viewed. 

In 2023, businesses will likely capitalise on this trend and leverage the vast amounts of customer data available to them to create products and services uniquely tailored to individual consumer needs. It can be achieved by creating personalised touchpoints throughout the customer journey and extending to physical stores. 

By equipping retail associates with mobile devices (such as tablets or mobile computers), customer service personnel can quickly retrieve product information, stock availability and recommendations for loyal customers based on their previous purchases. In addition, it helps customers feel that the products and services are uniquely relevant to them.

“Rising consumer expectations and tighter household budgets present a perfect storm for businesses looking to grow their operations in 2023. As a result, organisations will find that they need to quickly to adopt new approaches, strategies and technology solutions that improve operational effectiveness and offer an outstanding customer experience,” adds Dyson.   

The concept of zero trust, where anything and anyone…

Source…

CHI Health faces ‘IT security incident’ impacting Omaha-area online systems

/in


Make sure you protect yourself online by strengthening your passwords.


CHI Health locations in Omaha are dealing with an “IT security incident” affecting electronic health records and other systems, a spokeswoman said Monday. 

According to Taylor Miller, CHI’s parent company, CommonSpirit Health, was the victim of the security incident that is impacting facilities across the country. She said some information technology systems have been taken offline as a “precautionary measure.”

All CHI Health facilities in Omaha — including Lakeside Hospital, Creighton University Medical Center-Bergan Mercy and Immanuel Medical Center — have been impacted.

“Our facilities are following existing protocols for system outages and taking steps to minimize the disruption,” Miller said in a statement. “We take our responsibility to ensure the privacy of our patients and IT security very seriously.”

This isn’t the first time that Omaha hospitals, including CHI Health, have faced computer security issues. In February 2019, a device brought into a CHI Health location by a third-party vendor introduced a virus, also known as malware, into the health system’s network.

People are also reading…

That required the health system to shut down some devices used to access medical records — specifically portable ones — until teams could check them and make sure they were not infected.

In September 2020, Nebraska Medicine was the target of a cyberattack that shut down computer systems for days. Patients were unable to access online medical and billing information, and nonurgent appointments were postponed.

Source…

Zyxel warns of flaws impacting firewalls, APs, and controllers

/in


Zyxel networking devices

Zyxel has published a security advisory to warn admins about multiple vulnerabilities affecting a wide range of firewall, AP, and AP controller products.

While the vulnerabilities aren’t rated as critical, they are still significant on their own and can be abused by threat actors as part of exploit chains.

Large organizations use Zyxel products, and any exploitable flaws in them immediately capture the attention of threat actors.

The four flaws disclosed in Zyxel’s advisory are the following:

  • CVE-2022-0734: Medium severity (CVSS v3.1 – 5.8) cross-site scripting vulnerability in the CGI component, allowing attackers to use a data-stealing script to snatch cookies and session tokens stored in the user’s browser.
  • CVE-2022-26531: Medium severity (CVSS v3.1 – 6.1) improper validation flaw in some CLI commands, allowing a local authenticated attacker to cause a buffer overflow or system crash.
  • CVE-2022-26532: High severity (CVSS v3.1 – 7.8) command injection flaw in some CLI commands, allowing a local authenticated attacker to execute arbitrary OS commands.
  • CVE-2022-0910: Medium severity (CVSS v3.1 – 6.5) authentication bypass vulnerability in the CGI component, allowing an attacker to downgrade from two-factor authentication to one-factor authentication via an IPsec VPN client.

The above vulnerabilities impact USG/ZyWALL, USG FLEX, ATP, VPN, NSG firewalls, NXC2500 and NXC5500 AP controllers, and a range of Access Point products, including models of the NAP, NWA, WAC, and WAX series.

Impacted firewall products
Impacted firewall products (Zyxel)

Zyxel has released the security updates that address the problems for most of the impacted models.

However, admins must request a hotfix from their local service representative for the AP controllers as a fix is not publicly available.

For the firewalls, USG/ZyWALL addresses the issues with firmware version 4.72, USG FLEX, ATP, and VPN must upgrade to ZLD version 5.30, and NSG products receive the fix via v1.33 patch 5.

While these vulnerabilities are not critical, it is still strongly advised that network admins upgrade their devices as soon as possible.

This advice is especially important for US companies as we head into a holiday weekend when it is…

Source…