Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

coralogix

Palo Alto Global Protect Command Injection Vulnerability

Apr 25, 2024 By Hetram Yadav and Aseem Rastogi In Coralogix
On April 12, 2024, Palo Alto disclosed a critical vulnerability identified as CVE-2024-3400 in its PAN OS operating system, which carries the highest severity rating of 10.0 on the CVSS scale. This vulnerability, present in certain versions of Palo Alto Networks’ PAN-OS within the GlobalProtect feature, allows unauthenticated attackers to execute any code with root privileges on the firewall through command injection.
Read Post
mend

Quick Guide to the OWASP OSS Risk Top 10

Apr 25, 2024 By AJ Starita In Mend
CVEs, or known and cataloged software vulnerabilities, dominate the discussion about open source software (OSS) risk. In 2016, 6,457 CVEs were reported. That number has grown every year since, reaching 28,961 CVEs reported in 2023—an increase of nearly 4.5 times in just seven years. 2024 is already on track to beat 2023, and we will likely see even faster growth once AI is earnestly set to the task of finding vulnerabilities (not to mention creating them).
Read Post
bluevoyant

Identify, Respond, & Protect - Defending yourself from the newly disclosed Palo Alto PAN-OS CVE

Apr 25, 2024 By Joel Molinoff In BlueVoyant
On April 12th, Palo Alto disclosed a vulnerability with a maximum severity rating for the PAN-OS Global Protect Gateway. There was clear evidence that the vulnerability was being actively exploited as early as March 26th. When exploited, this vulnerability enables an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Palo Alto expected patches to be released for tested mitigations to block known attacks on April 14th.
Read Post
salt security

Salt Security Addresses Critical OAuth Vulnerabilities Enhancing API Security with OAuth Protection Package

Apr 25, 2024 By Eric Schwake In Salt Security
OAuth is an important part of modern authorization frameworks, granting access to resources across different applications easily. However, vulnerabilities in OAuth implementations can create significant security risks. Following research released by Salt labs that uncovered critical vulnerabilities in the world's most popular authorization mechanism, Salt has released a multi-layered protection package to detect attempts to exploit OAuth and proactively fix the vulnerabilities.
Read Post
jit

Vulnerability Assessments vs. Penetration Testing: Key Differences

Apr 24, 2024 By Moshiko Lev In Jit
In the race for technological innovation, companies often sprint toward product launches but find themselves in a marathon when fixing vulnerabilities. This dichotomy poses a significant challenge, especially with the ever-increasing security loopholes. CISA recommends addressing critical issues in less than 15 days, but it may be wishful thinking. IT teams are inundated with an ever-increasing volume of security alerts, making it challenging to prioritize and address each one effectively.
Read Post
Snyk

360 degrees of application security with Snyk

Apr 24, 2024 By Soumen Mukherjee In Snyk
Application development is a multistage process. The App goes through various stages, each with its own area of focus. However, application security, a.k.a. AppSec, is constant throughout all the stages. For example, when a developer codes, it’s expected that the code will be secure. Similarly, the artifacts that are worked upon or generated as an end output of the respective stages are all required to be secure.
Read Post
indusface

Top 10 Best Practices for Attack Surface Reduction

Apr 24, 2024 By Vinugayathri Chinnasamy In Indusface
Vulnerabilities are everywhere and often exploited. For example, in 2023, over 29,000 critical and high vulnerabilities were discovered across approximately 1,400 applications. The dynamic and evolving attack surfaces make it harder to protect against these threats. When the attack surface gets bigger, so does the risk of cyber attacks. This blog delves into what an attack surface is and recommends best practices in attack surface reduction.
Read Post

Vulnerability Management Benchmarking: Metrics and Practices of Highly Effective Organizations

Apr 24, 2024 By Nucleus In Nucleus
This webinar dives deep into vulnerability management metrics, the challenges of maintaining cloud and ephemeral assets, and the discrepancies in vulnerability management across different organizations. Join us as we unravel the nuances of MTTR (Mean Time to Remediate), SLA (Service Level Agreements), and how high-performing organizations manage cybersecurity threats more efficiently. Don't miss this discussions on the role of data democratization in cybersecurity and how organizations can transition from reactive to proactive vulnerability management, no mature your VM maturity.
View Video
kroll

CVE-2024-3400: Zero-Day Remote Code Execution Vulnerability Exploited to Attack PAN-OS

Apr 23, 2024 By Kroll In Kroll
A command injection vulnerability, being tracked as CVE-2024-3400, was recently discovered in the GlobalProtect feature of Palo Alto Networks PAN-OS software. This vulnerability has a CVSS score of 10 (Critical) and is actively being exploited in the wild. It impacts versions PAN-OS 120.2, PAN-OS 11.0 and PAN-OS 11.1. If exploited on vulnerable PAN-OS versions and distinct feature configurations, an unauthenticated attacker could execute arbitrary code with root privileges on the firewall.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.