Palo Alto Networks

Pierluigi Paganini August 11, 2022
Palo Alto Networks warns of Reflected Amplification DoS issue in PAN-OS

Palo Alto Networks devices running the PAN-OS are abused to launch reflected amplification denial-of-service (DoS) attacks. Threat actors are exploiting a vulnerability, tracked as CVE-2022-0028 (CVSS score of 8.6), in Palo Alto Networks devices running the PAN-OS to launch reflected amplification denial-of-service (DoS) attacks. The vendor has learned that firewalls from multiple vendors are abused to […]

Pierluigi Paganini April 07, 2022
CVE-2022-0778 OpenSSL flaw affects multiple Palo Alto devices

Palo Alto Networks plans to fix CVE-2022-0778 OpenSSL flaw in some of its firewall, VPN, and XDR, products during April 2022. In Mid March, OpenSSL released updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778, that affects the BN_mod_sqrt() function used when certificate parsing. The flaw was discovered by the popular Google Project Zero […]

Pierluigi Paganini November 11, 2021
CVE-2021-3064: Easily exploitable RCE flaw in Palo Alto Networks in GlobalProtect VPN

Palo Alto Networks warns of an easy exploitable Remote Code Execution vulnerability in its GlobalProtect VPN product. Palo Alto Networks disclosed a critical remote code execution vulnerability, tracked as CVE-2021-3064, in its GlobalProtect portal and gateway interfaces. The cybersecurity vendor warns that the vulnerability is easily exploitable by an unauthenticated network-based attacker. Successful exploitation can […]

Pierluigi Paganini June 23, 2021
Palo Alto Networks fixes critical flaw (CVE-2021-3044) in Cortex XSOAR

Palo Alto Networks addresses a critical improper authorization vulnerability (CVE-2021-3044) affecting its Cortex XSOAR security orchestration solution, automation and response (SOAR) platform. Researchers from Palo Alto Networks discovered and addresses a critical improper authorization vulnerability, tracked as CVE-2021-3044, that affects its Cortex XSOAR SOAR platform. The CVE-2021-3044 vulnerability received a CVSS score of 9.8. A […]

Pierluigi Paganini July 09, 2020
Palo Alto Networks addresses another high severity issue in PAN-OS devices

Palo Alto Networks addressed a new severe vulnerability in the PAN-OS GlobalProtect portal that impacts PAN next-generation firewalls. Recently Palo Alto Network addressed a critical vulnerability, tracked as CVE-2020-2021, affecting the PAN-OS operating system that powers its next-generation firewall. The flaw could allow unauthenticated network-based attackers to bypass authentication, it has been rated as critical severity and received a […]

Pierluigi Paganini June 30, 2020
APTs will exploit Palo Alto Networks’s PAN-OS flaw soon, US Cyber Command says

U.S. Cyber Command believes foreign APTs will likely attempt to exploit the recently addressed flaw in Palo Alto Networks’s PAN-OS firewall OS. Recently Palo Alto Network addressed a critical vulnerability, tracked as CVE-2020-2021, affecting the PAN-OS operating system that powers its next-generation firewall. The flaw could allow unauthenticated network-based attackers to bypass authentication, it has has been rated […]

Pierluigi Paganini May 15, 2020
Palo Alto Networks addresses tens of serious issues in PAN-OS

Palo Alto Networks addressed tens of vulnerabilities in PAN-OS, the software that runs on the company’s next-generation firewalls. Palo Alto Networks has issued security updates to address tens of vulnerabilities in PAN-OS, the software that runs on the company’s next-generation firewalls. One of the most severe vulnerabilities, tracked as CVE-2020-2018, is an authentication bypass vulnerability […]

Pierluigi Paganini March 25, 2015
The Installer Hijacking vulnerability exposes 1 of 2 Android users to attack

Experts at Palo Alto Networks discovered the Installer Hijacking vulnerability that exposes half of Android users to attack via Installation Vulnerability. The security researcher Zhi Xu from Palo Alto Networks discovered a critical vulnerability, dubbed Android Installer Hijacking, affecting the Android PackageInstaller system service. By exploiting the flaw, an attacker can gain unlimited permissions on compromised smartphone and data […]

Pierluigi Paganini December 18, 2014
CoolReaper, a Backdoor in million Coolpad Android devices

Palo Alto Networks discovered that the software installed on many of Coolpad high-end Android phones includes a CoolReaper backdoor. The US security firm Palo Alto Networks have discovered that millions of Android smartphones commercialized by the Chinese smartphone maker Coolpad Group Ltd. may contain a “backdoor”, dubbed CoolReaper, that allows the tracking of the users. Palo Alto […]

Pierluigi Paganini November 09, 2014
WireLurker malware is threatening Apple mobile devices

Security Experts at Palo Alto Networks have discovered a new variant of malware dubbed WireLurker that is infecting Apple mobile devices. A new strain of malware dubbed WireLurker  is threatening Apple users, the malicious code is able to infect Apple iPhone and iPad syphoning user’data. The malware was discovered for the first time by experts […]