InfoSecBulletin Cybersecurity for mankind
Palo Alto Networks has warned its users about 34 vulnerabilities in their products and released four security advisories. They haven’t found any attacks yet, but it’s important for users to update their systems quickly.
Certain Palo Alto products, specifically PAN-OS and GlobalProtect App, are affected by vulnerabilities. Some of these security gaps stem from third-party software, underscoring the interconnected nature of today’s digital ecosystem.
BCSI officially announce National Vulnerability Disclosure Program (NVDP)
CVE-2024-9474
Researcher unveil sophisticated backdoor in Palo Alto Networks firewalls
New G-Door Vul Allow Hackers Bypass Microsoft 365 Security With Google Docs
CVE-2024-53961
Adobe alerts of critical ColdFusion bug with PoC exploit available
Splunk targets Bangladeshi market: Investing in local talent
Critical PHP Zero-Day Vulnerability found in Craft CMS To Gain RCE
For US$2.6bn, Mastercard acquires threat intelligence firm Recorded Future
Eight New ICS Advisories released by CISA
Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI
London-based company “Builder.ai” reportedly exposed 1.2 TB data
Prisma Access Browser Update:
The Prisma Access Browser, based on Chromium, has been updated to version 127.100.2858.4. This update includes fixes for 31 vulnerabilities from four “Chromium” updates between July 16 and August 6.
Of particular concern are CVE-2024-7532 and CVE-2024-6990, labeled as “Critical” by Google. Though Palo Alto assigns these a slightly lower CVSSv4.0 base score of 8.6, they still carry a “High” severity rating, emphasizing the need for swift action.
Cortex XSOAR Patch:
Cortex XSOAR version 1.12.33 fixed a command injection vulnerability (CVE-2024-5914) in the CommonScripts Pack. This flaw has a CVSS score of 7.0 and could allow an attacker to execute arbitrary commands without authentication, potentially compromising the system.
Additional Vulnerabilities Addressed:
The advisories also tackled:
CVE-2024-5916 (CVSS 6):
A fixed vulnerability in PAN-OS and Cloud NGFW versions that unintentionally exposed sensitive data
CVE-2024-5915 (CVSS 5.2):
The GlobalProtect app on Windows has a vulnerability that allows local users to run programs with higher privileges. The issue will be fixed in future app updates.
Call to Action:
Palo Alto Networks advises users to update their systems with the latest patches to protect against potential cyber threats. It’s important to stay proactive in cybersecurity to ensure strong defense.
