Palo Alto Networks has 2,000 devices. Estimated Compromised as part of a campaign to exploit newly discovered security flaws that have been actively exploited in the wild.
According to Data According to the ShadowServer Foundation, most infections have been reported in the US (554) and India (461), followed by Thailand (80), Mexico (48), Indonesia (43), Turkey (41), the United Kingdom (41). ) (39), Peru (36), and South Africa (35).
Earlier this week, Censys Disclosure that it identified 13,324 publicly exposed next-generation firewall (NGFW) management interfaces, 34% of which are located in the U.S. However, it is important to note that not all of these exposed hosts necessarily Not weak.
gave Errors in the questionCVE-2024-0012 (CVSS score: 9.3) and CVE-2024-9474 (CVSS score: 6.9) are a combination of authentication bypass and elevation of privilege that could allow a bad actor to perform malicious actions. , including configuration and editing. Arbitrary code
Palo Alto Networks, which is tracking an early zero-day exploit of the flaw, dubbed Operation Lunar Pack, said it found malware such as PHP-based web shells to gain command execution and hack firewalls. Being weaponized to quit.
The network security vendor also warned that cyber attacks targeting security flaws are likely to increase as exploits become available in conjunction with them.
For this purpose, this said It “predicts with moderate to high confidence that a functional exploit chaining of CVE-2024-0012 and CVE-2024-9474 is publicly available, which would enable widespread vulnerability activity.”
It further noted that it has observed both manual and automated scanning activity, requiring users to apply the latest fixes as soon as possible and secure access to the management interface in accordance with recommended best practice deployment guidelines. get
This specifically includes restricting access to only trusted internal IP addresses to prevent external access from the Internet.