Lindsay P. Stought, CSM, PMP’s Post

Palo Alto Offers Patch and Reset Options for Critical PAN-OS Exploit (CVE-2024-3400) Key Points: - Update PAN-OS devices immediately (all versions 10.2.x, 11.0.x, 11.1.x). - The level of remediation depends on the severity of the attack. - Patch PAN-OS devices as soon as possible. - Follow Palo Alto Networks' guidance based on the evidence of compromise observed on your device. Summary: - Palo Alto Networks released a patch and remediation guide for a critical zero-day vulnerability (CVE-2024-3400) in PAN-OS firewall software. - The flaw allows attackers to remotely take control of vulnerable devices. - Evidence suggests exploitation since March 2024 (Operation MidnightEclipse) by a potentially state-backed hacking group (UTA0218). - The remediation steps depend on the level of compromise: -- Levels 0 & 1 (probing/testing): Apply the latest hotfix. -- Level 2 (potential data exfiltration): Apply hotfix and perform a Private Data Reset. -- Level 3 (full compromise): Apply hotfix and perform a Factory Reset (wiping all data). #CyberSecurity https://lnkd.in/gHZMexUh

Read the latest research on Ivanti exploitation and persistence in our blog. Ivanti customers are urged to take immediate action to ensure protection if they haven't done so already. A new version of the external Integrity Checking Tool (ICT), which helps detect these persistence attempts, is now available. See Ivanti's security advisory and refer to our updated remediation and hardening guide, which includes the latest recommendations. Learn more: https://bit.ly/49Q4WPd #IncidentResponse #ThreatIntelligence #ZeroDayThreats

“Since our last blog post on Ivanti exploitation, Mandiant has identified UNC5325 exploiting CVE-2024-21893 (SSRF) to deploy additional malware and maintain persistent access to compromised appliances. In addition, we have observed new TTPs that attempted to enable the custom backdoors to persist across factory resets, system upgrades, and patches. The limited attempts observed to maintain persistence have not been successful to date.”

This is just so fascinating case, no less so that now Mandiant connects (with moderate confidence) UNC5325 that is behind Ivanti exploitation with UNC3886, which is a group that went after VMware vCenter and ESXi.

🚨 Drowning in Alerts? 🚨 * Are mass exploitations threatening your business? Fight back with CrowdSec! * Is your security team drowning in alerts from mass exploitation attempts? CrowdSec's real-time, actionable blocklists have you covered! 🦙 Why Choose CrowdSec? Zero False Positives: Accurate threat detection. Daily IP Rotation: Always stay updated. Crowd-Powered Intelligence: Leverage data from 70,000+ users. Simplify your security, reduce costs, and enhance efficiency without changing your infrastructure. #Cybersecurity #CrowdSec #MassExploitation #StaySecure

🕵️♂️ Delve into vulnerabilities in Layer 2 protocols, especially those affecting Cisco devices. On this article I am exploring some of the attack and defense mechanism we can implent to defend our data link layer, including STP, CDP, DTP, and a few others. Learn about legal and illegal capture methods, defending against spoofing attacks like MacOf and Arp Spoof, and securing against CPD, STP, VLAN Hopping, and IRDP Spoofing. Stay informed, implement protective measures, and fortify your network against evolving threats! 💻🔒 #CyberSecurity #NetworkDefense #InfoSec #DataProtection Link in description 👇

Here's the latest commentary from Ben Edwards of Bitsight's security research team. The analysis of how various industries are responding to the a vulnerability in ConnectWise ScreenConnect is interesting. The fact that Lockbit is exploiting this makes it compelling. https://lnkd.in/e6AVhhsy

Unauthenticated attackers can take control of systems by exploiting the zero days, which a suspected state-linked threat actor is chaining together. Suspected state-linked hackers have been exploiting two zero-day vulnerabilities in Ivanti Connect Secure VPN devices since early December, according to research released Wednesday by Volexity. #cyberriskmanagement #thirdpartyriskmanagement #softwaresupplychainsecurity #grc #cyberinsurance

Excellent roundup article by Elisabeth Buscemi on Breach and attack simulation (BAS) platforms, featuring Cymulate, AttackIQ, SafeBreach, Keysight Network Visibility Test & Security. https://lnkd.in/gA_ssMDN What other platforms would you include in this review? #CISOstack #infosec

Palo Alto Networks has released hotfixes to address a maximum-severity security flaw impacting PAN-OS software that has come under active exploitation in the wild. Tracked as CVE-2024-3400 (CVSS score: 10.0), the critical vulnerability is a case of command injection in the GlobalProtect feature that an unauthenticated attacker could weaponize to execute arbitrary code with root privileges on the firewall. https://lnkd.in/eGMv7Pcg