Palo Alto Networks firewalls, VPNs vulnerable to OpenSSL bug – BleepingComputer


American cybersecurity company Palo Alto Networks warned customers on Wednesday that some of its firewall, VPN, and XDR products are vulnerable to a high severity OpenSSL infinite loop bug disclosed three weeks ago.

Threat actors can exploit this security vulnerability (tracked as CVE-2022-0778) to trigger a denial of service state and remotely crash devices running unpatched software.

Even though the OpenSSL team released a patch two weeks ago when it publicly disclosed the bug, customers will have to wait until later this month (during the week of April 18) when Palo Alto Networks plans to release security updates.

“PAN-OS, GlobalProtect app, and Cortex XDR agent software contain a vulnerable version of the OpenSSL library and product availability is impacted by this vulnerability. For PAN-OS software, this includes both hardware and virtual firewalls and Panorama appliances as well as Prisma Access customers,” the company said.

“This vulnerability has reduced severity on Cortex XDR agent and GlobalProtect app as successful exploitation requires an attacker-in-the-middle attack (MITM).”

The bug impacts PAN-OS 8.1 and later releases and all versions of GlobalProtect app and Cortex XDR agent.

The cybersecurity vendor added that this vulnerability does not impact its Prisma Cloud and Cortex XSOAR products.

Mitigation available for some customers

While PAN-OS hotfixes are still in development, customers with Threat Prevention subscriptions can enable Threat IDs 92409 and 92411 to block known attacks for this vulnerability and “reduce the risk of exploitation from known exploits.”

Luckily, even if proof-of-concept exploits are available online, Palo Alto Networks has no evidence of exploitation of this issue on any of its products.

Although attackers can abuse the OpenSSL infinite loop flaw in low complexity attacks without user interaction, the OpenSSL team says the impact of successful exploitation is limited to triggering a denial of service.

“The flaw is not too difficult to exploit, but the impact is limited to DoS. The most common scenario where exploitation of this flaw would be a problem would be for a TLS client accessing a malicious server that serves up a problematic certificate,” an OpenSSL spokesperson told BleepingComputer.

“TLS servers may be affected if they are using client authentication (which is a less common configuration) and a malicious client attempts to connect to it. It is difficult to guess to what extent this will translate to active exploitation.”

Last week, network-attached storage (NAS) maker QNAP also warned customers that this OpenSSL DoS bug impacts most of its NAS devices, with a patch to be released as soon as possible.




What is a VPN? Can it really protect my online privacy and security? – Fox News

Privacy has never been in such short supply.  There’s one technology I’ve found essential to fighting back against big tech’s prying and spying routine.   A VPN, or virtual private network, can be a very good idea for you to secure your internet connection, and it can be an effective way for you to protect your online privacy and security.


Read More

How to Pick a VPN for Torrenting – How-To Geek


When you pick a VPN for torrenting, you need to look out for a few key security features, like a kill switch and transparent no-log policy. Also, avoid United States-based VPN providers and servers.

If you’re going to torrent, you’re going to need a VPN to protect yourself while doing so. How do you pick a good VPN for torrenting, though, is there something …….

Read More

The best Thailand VPN in 2023 – TechRadar

Thailand isn’t just beautiful beaches, breath-taking jungles, playful monkeys and yummy Pad Thai. Something that tourists often forget is that authorities are infamous for their strong grip on the internet. That’s where the best Thailand VPN apps can come handy.

Following the 2006 military coup d’état, online censorship and surveillance have been growing year by year. Now beyond solely …….

Read More