Palo Alto Networks is warning hackers are breaking into its customers’ firewalls — again

Malicious hackers have put thousands of organizations at risk by exploiting a new vulnerability found in widely used software made by cybersecurity giant Palo Alto Networks.

Security researchers at Palo Alto Networks said Wednesday they have identified a “limited set of exploits” related to two vulnerabilities in PAN-OS, the operating system that runs on all of Palo Alto’s next-generation fire engines. Bugs are considered zero days because the company did not have time to release patches before the bugs were exploited.

The company said it has seen exploits for the two bugs, including CVE-2024-0012, which allows an attacker with network access to the administrative web interface to gain administrative privileges, while the second bug, tracked as CVE-2024-9474, allows. an attacker to perform actions on a vulnerable firewall with elevated root permissions.

If these vulnerabilities are used together, an attacker can deploy malicious code remotely to affected sites with the highest possible permissions, allowing deep access to a company’s network.

Palo Alto Networks says attackers are now using their active exploit to combine the two flaws together to target “a limited number of device management web links” exposed on the Internet.

According to the Shadowserver Foundation, a non-profit organization that scans and monitors the Internet for exploits, hackers are already compromising Palo Alto Networks’ affected firewalls by exploiting the two newly disclosed vulnerabilities. The nonprofit found that the highest number of compromised devices were found in the United States, followed by India, and hackers also exploited firefighters across the United Kingdom, Australia, and China.

Palo Alto Networks declined to confirm how many firewalls were compromised when asked by TechCrunch.

US cybersecurity company Arctic Wolf said this week that its researchers have also seen hackers use two vulnerabilities in the Palo Alto fire since November 19 to break into customers’ social networks, following the release of a proof of concept.

“After a successful exploit, we’ve seen malicious actors try to transfer tools locally and extract setup files from compromised machines,” said Andres Ramos, threat intelligence researcher at Arctic Wolf, on the company’s website.

Palo Alto Networks released patches for two vulnerabilities and urged organizations to fix them as soon as possible. The US cybersecurity agency CISA has also added two vulnerabilities to its catalog of Known Exploitable Vulnerabilities, effectively ordering government agencies to patch their systems in a three-week window.

According to researchers from the security company watchTowr Labs, who rolled back the patches in Palo Alto, the bugs are caused by fundamental errors in the development process.

This is the latest vulnerability in recent months discovered in corporate security devices, such as firewalls, VPN products and remote access tools, that sit at the edge of a company’s network to act as digital gatekeepers. This is Palo Alto Networks’ second major security alert of the year, with flaws found in similar products developed by cybersecurity vendors Ivanti and Check Point.