Risky Business #771 -- Palo Alto's firewall 0days are very, very stupid
Nov 20, 2024
auto_awesome
Andrew Morris, the founder of GreyNoise, dives into the world of cybersecurity, highlighting alarming vulnerabilities in edge devices. He reveals a new zero-day discovered by their AI system, emphasizing that the threat landscape is even worse than commonly perceived. The conversation also tackles the ineffectiveness of phishing training and underscores the critical security flaws in high-security IP cameras. As always, the episode blends humor with serious insights, making it both engaging and informative.
Palo Alto Networks faces critical scrutiny due to a zero-day vulnerability allowing potentially devastating remote command executions on its firewall products.
Microsoft's new security features aim to enhance recovery capabilities and vulnerability management, indicating a significant shift towards machine-readable data accessibility.
The rise of edge device vulnerabilities and attacker tactics mirrors historical cyber threats, emphasizing an urgent need for improved security measures.
Deep dives
Mass Exploitation of Edge Devices
There has been a significant increase in attacks targeting edge devices on the internet, with the scale of exploitation being much larger than previously recognized. Attackers are not only aiming to gain access to vulnerable networks but also to establish operational relay boxes, which facilitate further intrusions. These trends echo the tactics of the 1990s, where compromised systems served as staging points for larger-scale attacks. The ongoing mass scanning illustrates a persistent and evolving threat landscape, indicating that addressing vulnerabilities in these devices has become increasingly critical.
Microsoft's New Recovery Features
Microsoft has announced features intended to enhance remote recovery capabilities in response to incidents, such as the CrowdStrike attack earlier this year. These new tools aim to allow administrators to restore systems that become unbootable without physical access, thereby reducing downtime and operational hassles. Additionally, Microsoft plans to develop features that will enable security products to function outside of kernel mode, which may streamline deployment for some. However, this shift introduces complexities and trade-offs regarding performance and effectiveness, as security solutions traditionally rely on kernel-level access for comprehensive protection.
Improved Vulnerability Data from Microsoft
Microsoft has begun publishing machine-readable vulnerability information, a shift aimed at making it easier for organizations to access and utilize vulnerability data effectively. Utilizing a standardized JSON file format, this initiative seeks to alleviate past challenges associated with scraping information from web interfaces. While the move is generally perceived as positive, concerns remain about the quality of information provided and the motivation behind maintaining detailed records. This transformation in sharing vulnerability data reflects a step towards more transparent and accessible cybersecurity practices.
Palo Alto Networks Faces Zero-Day Vulnerability
Palo Alto Networks is dealing with a critical zero-day vulnerability affecting multiple products, which has raised significant concern within the cybersecurity community. Certain models of their firewall and management interfaces have been discovered to include an authentication bypass alongside a command injection vulnerability, potentially allowing attackers to execute remote commands. Despite the widespread impact of this bug, the company has struggled to mitigate it across all affected devices, largely due to the complicated nature of their supply chains with OEM partners. This situation has underscored the ongoing need for rigorous security measures within industry-standard products.
Facial Recognition Controversy in Retail
Bunnings, a major retailer in Australia, faced scrutiny for implementing facial recognition technology to enhance staff safety by identifying individuals with prior incidents. The Office of the Australian Information Commissioner ruled against Bunnings for violating privacy regulations, even after the company released security footage justifying their practices. While critics argue the use of such technology is invasive, the retailer's intentions reflect a nuanced approach to protecting employees in potentially dangerous situations. This case illustrates the tension between leveraging technology for security and addressing privacy concerns, raising questions about acceptable boundaries.
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
Microsoft introduces some sensible sounding post-Crowdstrike changes
Palo Alto patches hella-stupid bugs in its firewall management webapp
CISA head Jen Easterly to depart as Trump arrives
AI grandma tarpits phone scammers in family-tech-support hell
Academic research supports your gut-reaction; phishing training doesn’t work
And much, much more.
This week’s episode is sponsored by Greynoise. The always excitable Andrew Morris joins to remind us that the edge-device vulnerabilities Pat and Adam complain about on the show are in fact actually even worse than we make them out to be. Andrew also tells us about a zero-day Greynoise’ AI system truffle-pigged out of their data set.
