"Palo Alto Networks Shares Remediation Advice for Hacked Firewalls"

Palo Alto Networks recently shared remediation instructions for organizations whose firewalls have been hacked through the exploitation of the vulnerability tracked as CVE-2024-3400. The company noted that customers who detect unsuccessful exploitation attempts are advised to update to the latest PAN-OS hotfix. The same must be done by organizations that find evidence of someone testing their firewall to see if it's vulnerable, this typically involves creating an empty file on the firewall, but no unauthorized commands are executed. Palo Alto Networks initially released patches only for some of the impacted PAN-OS versions, but fixes are now available for all versions. The company said that if there are signs of potential data exfiltration, this involves a file such as "running_config.xml" being copied to a location that is accessible via web requests, customers must not only update PAN-OS but also perform a private data reset, which eliminates the risk of device data misuse. Companies that find evidence of interactive command execution, which is the worst case scenario, need to perform a factory reset of the device in addition to updating PAN-OS. The company noted that if the attacker has executed commands, they may have deployed backdoors or exfiltrated data. Palo Alto said that the private data reset and factory reset will remove the possibility of capturing forensic artifacts that may be needed to conduct an investigation.

SecurityWeek reports: "Palo Alto Networks Shares Remediation Advice for Hacked Firewalls"