Cybersecurity

The top U.S. cybersecurity agency published a warning on Thursday morning about an attack on Sisense — which provides AI data analytics services to organizations like Philips Healthcare, Verizon, Nasdaq, Air Canada and hundreds more.

1. CVE-2024-3385: High-severity vulnerability that allows a remote and unauthenticated attacker to reboot hardware-based firewalls by sending specially crafted packets. If repeated, the attacks can force the firewall into maintenance mode, requiring manual intervention for reactivation. It only affects PA-5400 and PA-7000 firewalls when GTP security is disabled.

2. CVE-2024-3384: Another high-severity DoS vulnerability in firewalls that can be exploited remotely without authentication. It uses specially crafted NTLM packets to reboot firewalls running PAN-OS, which can also lead to maintenance mode with the need for manual intervention.

3. CVE-2024-3382: DoS vulnerability with a higher attack complexity that allows an attacker to send a series of malicious packets through the firewall, interrupting traffic processing. Only devices with the SSL Forward Proxy feature enabled are affected.

4. CVE-2024-3383: High-severity vulnerability in PAN-OS related to the processing of data received from Cloud Identity Engine (CIE) agents. It can be exploited to modify User-ID groups, impacting user access to network resources, where access may be inappropriately denied or granted based on existing security policy rules.

In addition to these four high-severity vulnerabilities, Palo Alto Networks has fixed medium-severity issues related to decryption exclusions, user impersonation, and third-party open-source components. In the Panorama Software, a medium-severity issue was fixed that could be leveraged to conduct Man-in-the-Middle (MitM) attacks and capture encrypted traffic.

Palo Alto Networks has reported that it is not aware of any malicious exploitation of these vulnerabilities.

NSA recommendations include the use of encryption, tagging, labeling, data-loss prevention strategies, and data rights management tools. The NSA suggestions are intentionally aligned with zero-trust frameworks to help government agencies and enterprises defend against increasingly sophisticated cyberattacks.

The vulnerability, which carries a perfect 10 base severity score, is tracked as CVE-2024-24576. It affects the Rust standard library, which was found to be improperly escaping arguments when invoking batch files on Windows using the Command API.

Hackers are exploiting vulnerabilities (CVE-2024-3272 and CVE-2024-3273) in D-Link NAS devices. Up to 92,000 devices affected.

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

Read about a supply chain attack that involves XZ Utils, a data compressor widely used in Linux systems, and learn how to protect from this threat.