Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)

External Penetration Testing

Secure Internet-facing IT assets.

Internal Penetration Testing

Secure internal networks and servers.

Web Application Penetration Testing

Secure mission-critical Web Apps & APIs.

Medical Device Penetration Testing

Secure smart medical equipment & data.

Cloud Security Services

Secure cloud-hosted assets & environments.

SCADA Cybersecurity Assessment

Secure SCADA / ICS systems & networks.

Cyber Maturity Assessment

Assess and prioritize your cybersecurity.

Red Team Security Services

Protect against sophisticated cyberattacks.

Consulting & Professional Services

Get advice and support from certified experts.

Compliance Services

Meet the requirements of various standards.

View All Vumetric Services →

SOLUTIONS BY STANDARD

SOLUTIONS BY INDUSTRY

SOLUTIONS BY CHALLENGE

Secure your network infrastructure

Protect your network from security breaches.

Secure your applications

Secure your missions-critical applications (Web, Mobile ,etc.).

Secure your cloud infrastructure

Ensure the security of your cloud environments.

Prevent ransomware attacks

Protect your business from ransomware attacks.

Contact a Cybersecurity Specialist →

Featured Resources

WHITEPAPERS

CASE STUDIES

VIEW ALL CYBERSECURITY RESOURCES →

Blog Articles

PENETRATION TESTING

APPLICATION SECURITY

Cybersecurity News

THE LATEST NEWS

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)

2024-04-25

Microsoft releases Exchange hotfixes for security update issues

2024-04-23

Synlab Italia suspends operations following ransomware attack

2024-04-22

MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws

2024-04-22

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

2024-04-17

Cisco Duo provider breached, SMS MFA logs compromised

2024-04-16

Microsoft will limit Exchange Online bulk emails to fight spam

2024-04-16

Hacker claims Giant Tiger data breach, leaks 2.8M records online

2024-04-15

Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400)

2024-04-12

GSMA releases Mobile Threat Intelligence Framework

2024-04-10

Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access

2024-04-09

92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273)

2024-04-08

Home Depot confirms third-party data breach exposed employee info

2024-04-08

Hoya’s optics production and orders disrupted by cyberattack

2024-04-04

New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks

2024-04-04

New Chrome feature aims to stop hackers from using stolen cookies

2024-04-03

AT&T data leaked: 73 million customers affected

2024-04-02

XZ Utils backdoor update: Which Linux distros are affected and what can you do?

2024-04-01

INC Ransom claims responsibility for attack on NHS Scotland

2024-03-28

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022)

2024-03-27

CISA urges software devs to weed out SQL injection vulnerabilities

2024-03-26

Exploit released for Fortinet RCE bug used in attacks, patch now

2024-03-21

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153)

2024-03-19

Nissan breach exposed data of 100,000 individuals

2024-03-18

Google Introduces Enhanced Real-Time URL Protection for Chrome Users

2024-03-15

Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

2024-03-14

Nissan to let 100,000 Aussies and Kiwis know their data was stolen in cyberattack

2024-03-14

About Vumetric

Learn more about Vumetric and discover why hundreds of organizations trust our experts.

Partnership Program

Unlock new business opportunites by reselling top-of-the-line cybersecurity services.

Certifications

Discover our team's cybersecurity and penetration testing certifications.

PTaaS Platform

Discover the modern way to launch and manage your penetration testing projects.

Methodologies

Discover our cybersecurity testing methodologies and standards.

Careers

Explore new career opportunities and join our team of passionate experts.

CISA Warns of Active Exploitation of Palo Alto Networks’ PAN-OS Vulnerability

CISA, Palo Alto
August 23, 2022

The U.S. Cybersecurity and Infrastructure Security Agency on Monday added a security flaw impacting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

The high-severity vulnerability, tracked as CVE-2022-0028, is a URL filtering policy misconfiguration that could allow an unauthenticated, remote attacker to carry out reflected and amplified TCP denial-of-service attacks.

“If exploited, this issue would not impact the confidentiality, integrity, or availability of our products,” Palo Alto Networks said in an alert.

“However, the resulting denial-of-service attack may help obfuscate the identity of the attacker and implicate the firewall as the source of the attack.”

The networking equipment maker said it discovered the vulnerability after being notified that susceptible firewall appliances from different vendors, including Palo Alto Networks, were being used as part of an attempted reflected denial-of-service attack.

In light of active exploitation, customers of affected products are advised to apply the relevant patches to mitigate potential threats.

Share this article on social media: