OVERKILL
$100 Site Donor 2021
Northwave Cyber Security has identified a sophisticated backdoor: LITTLELAMB.WOOLTEA, targeting Palo Alto Networks firewalls (headline borrowed from linked article).
Northwave original report can be found here:
https://northwave-cybersecurity.com...chnical writeup Schrijver and Oudenaarden.pdf
Thanks again to @Rand for the heads-up on this one.
CVE-2024-9474
https://security.paloaltonetworks.com/CVE-2024-9474
is actively being exploited in the wild using a very complex backdoor that conceals itself as a legitimate logd service and makes configuration changes to persist across reboots and upgrades. It also communicates over already open ports to obscure its communication.
Article speculates that the complexity of this attack points to it being a construct of a state actor. I would assume China or Russia.
Article here:
https://securityonline.info/cve-202...tea-backdoor-discovered-in-palo-alto-devices/
Northwave original report can be found here:
https://northwave-cybersecurity.com...chnical writeup Schrijver and Oudenaarden.pdf
Thanks again to @Rand for the heads-up on this one.
CVE-2024-9474
https://security.paloaltonetworks.com/CVE-2024-9474
is actively being exploited in the wild using a very complex backdoor that conceals itself as a legitimate logd service and makes configuration changes to persist across reboots and upgrades. It also communicates over already open ports to obscure its communication.
Article speculates that the complexity of this attack points to it being a construct of a state actor. I would assume China or Russia.
Article here:
https://securityonline.info/cve-202...tea-backdoor-discovered-in-palo-alto-devices/
