Article Details

Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack. Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation. The vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), could be weaponized to obtain unauthenticated remote shell command execution on susceptible devices. It has been addressed in multiple versions of PAN-OS 10.2.x, 11.0.x, and 11.1.x. There is evidence to suggest that the issue has been exploited as a zero-day since at least March 26, 2024, by a threat cluster tracked as UTA0218. The activity, codenamed Operation MidnightEclipse, entails the use of the flaw to drop a Python-based backdoor called UPSTYLE that's capable of executing commands transmitted via specially crafted requests. The intrusions have not been linked to a known threat actor or group, but it's suspected to be a state-backed hacking crew given the tradecraft and the victimology observed. The latest remediation advice offered by Palo Alto Networks is based on the extent of compromise - "Performing a private data reset eliminates risks of potential misuse of device data," Palo Alto Networks said. "A factory reset is recommended due to evidence of more invasive threat actor activity." Goodbye, Atlassian Server. Goodbye… Backups? Protect your data on Atlassian Cloud from disaster with Rewind's daily backups and on-demand restores. How to Update and Automate Outdated Security Processes Download the eBook for step-by-step guidance on how to update your security processes as your business grows.