Name: US government agency warns of fresh Palo Alto VPN security flaw
Brand: techcrunch.com
SKU: techcrunch-com-210
Availability: OnlineOnly

critic

US government agency warns of fresh Palo Alto VPN security flaw

preview

The U.S. government is warning that foreign nation-state hackers will “likely attempt” to exploit a new “critical”-rated security vulnerability found in a number of widely used Palo Alto Networks’ network appliances, which if exploited could allow an attacker to break into a company’s network with relative ease.That’s from US Cyber Command, a division of the Dept. of Defense and former sister-agency to the NSA, which said&nbsp;enterprises should patch their vulnerable devices as soon as possible.Please patch all devices affected by CVE-2020-2021 immediately, especially if SAML is in use. Foreign APTs will likely attempt exploit soon. We appreciate ’ proactive response to this vulnerability.— USCYBERCOM Cybersecurity Alert (@CNMF_CyberAlert)The flaw lies in the software that powers several Palo Alto Networks’ firewalls and enterprise VPN appliances, which let employees access their corporate network from home — access that is crucial during the pandemic — while keeping unauthorized users out.Typically employees must enter their corporate username and password, and often a two-factor code. But the flaw could, under certain conditions, let an attacker take control of one of these devices without needing a password, granting them access to the rest of the network.Palo Alto said &nbsp;in a software update, but enterprises can also switch off SAML — a way of letting a user log in to the network — to mitigate the flaw.But the clock is ticking on enterprises getting those fixes installed. VPN appliances and firewalls are a huge target for hackers as they can provide unfettered access to a corporate network.Last year, researchers in three corporate VPN appliances — including Palo Alto. Although fixes were quickly rolled out, enterprises that were slow to patch found their networks under attack, prompting Homeland Security’s cyber advisory unit to issue an alert.For the time being, Palo Alto says there’s no evidence yet of hackers exploiting this vulnerability. But given the immediate risk to networks, companies should patch as soon as possible.

The U.S. government is warning that foreign nation-state hackers will “likely attempt” to exploit a new “critical”-rated security vulnerability found in a number of widely used Palo Alto Networks’ network appliances, which if exploited could allow an attacker to break into a company’s network with relative ease.That’s from US Cyber Command, a division of the Dept. of Defense and former sister-agency to the NSA, which said&nbsp;enterprises should patch their vulnerable devices as soon as possible.Please patch all devices affected by CVE-2020-2021 immediately, especially if SAML is in use....

public

Security editor @TechCrunch • +1 646.755.8849 • he/him • zack.whittaker@techcrunch.com • http://tcrn.ch/tips • vaccinated

Zack Whittaker

zackwhittaker

Technology news and analysis with a focus on founders and startup teams. Got a tip? tips@techcrunch.com

techcrunch.com

Credible

Speculation

Anecdotal Evidence

Generalization

Stacking the Deck

Appeal to Authority

Straw Man

Slippery Slope

Emotional Appeal

Red Herring

False Dilemma

Illogical

Moral Equivalency

Ad Hominem

Correlation w/o Causation

Semantics

Begging the Question

Faulty Analogy

Non Sequitur

Bandwagon

Dogmatism

Failing Occam's Razor

Biased

Pure Opinion

Hit Piece

Racial Bias

National Bias

Religious Bias

Financial Incentive

Political Agenda

Gender Bias

Misused Image/Video

Study Misinterpreted

Mistake

Misused Term

Science Misrepresented

Factual Error

Satire

Surface Level

Lack of Reliable Sources

Sensational

Not Credible

Investigative

Balanced

Well Sourced

Great Context

sports

entertainment

U.S.

international

business

technology

science

culture

politics

media

health

US government agency warns of fresh Palo Alto VPN security flaw

No article scores yet.

CRITIC REVIEWS

PUBLIC REVIEWS