Cybersecurity Brief: 3 Critical Vulnerabilities in Palo Alto Firewalls, T-Mobile Breached with AI

How Red Teaming Could Have Prevented these incidents: https://www.youtube.com/watch?v=ZuUzonE2uT0 Learn more about how we can help your business prevent attacks like this Contact Us: https://hubs.ly/Q02JyH5Q0 Pentest ROI Calculator Download: https://hubs.ly/Q02wBB5d0 3 Critical Vulnerabilities in Palo Alto Firewalls Palo Alto Networks (PAN) issued a security advisory highlighting a critical unauthenticated remote code execution (RCE) vulnerability (CVE-2024-0012, CVSS 9.3) actively exploited in its Expedition firewall management interface. This marks the fourth vulnerability in the tool under active attack in just one week. The zero-day flaw stems from a missing authentication check and has prompted PAN to release patches and urge customers to ensure their firewall management interfaces are inaccessible from the public internet. The advisory follows the addition of other critical Expedition flaws, including OS command injection and SQL injection vulnerabilities, to CISA's Known Exploited Vulnerabilities catalog. ShadowServer Foundation reports over 8,700 vulnerable PAN-OS management systems still exposed online as of November 14. With Expedition slated for end-of-life in January 2025, experts stress the urgent need for patching and limiting external access to these systems to mitigate the risk of unauthorized exploitation. More Reading: https://www.darkreading.com/cyberattacks-data-breaches/palo-alto-networks-patches-critical-zero-day-bug-firewalls https://security.paloaltonetworks.com/CVE-2024-0012 https://labs.watchtowr.com/pots-and-pans-aka-an-sslvpn-palo-alto-pan-os-cve-2024-0012-and-cve-2024-9474/ T-Mobile Breached by Chinese APT Utilizing AI T-Mobile has been breached as part of a large-scale cyber-espionage campaign by Salt Typhoon, a Chinese state-sponsored hacking group. The attack targeted major U.S. telecommunications providers, including AT&T, Verizon, and Lumen Technologies, as well as international firms. Hackers infiltrated critical systems used for law enforcement surveillance, compromising sensitive communications. Salt Typhoon exploited vulnerabilities in telecom infrastructure, such as Cisco Systems routers, to access call records, unencrypted messages, and audio communications from targeted individuals. While T-Mobile stated that no significant impacts to its systems or customer data have been identified, federal agencies and security experts remain concerned about the breach's scope. The campaign, believed to have lasted at least eight months, involved advanced use of artificial intelligence to enhance access and intelligence-gathering efforts. Victims reportedly include U.S. government officials involved in national security and policy-making, raising fears about potential counterintelligence risks. The breach has exposed significant weaknesses across the telecommunications sector, classified as critical infrastructure under U.S. federal law. Federal agencies, including the FBI and CISA, are continuing to investigate, while telecommunications companies are strengthening their defenses. More reading: https://www.infosecurity-magazine.com/news/tmobile-breached-chinese/ 00:00 Introduction 01:39 3 Critical Vulnerabilities in Palo Alto Firewalls 09:11 T-Mobile Breached by Chinese APT Utilizing AI 13:44 Outro