A flaw in the defenses of “Paloalto Networks”

A flaw in the defenses of “Paloalto Networks” puts in trouble those who have trusted
Terrible breakthrough for one of the most important cyber security providers.

Umberto RAPETTO Giugno 24, 2021

Una falla delle difese di “PaloAlto Networks” mette nei guai chi ci si è affidato

There are those who consider it a kind of Achilles heel: a weak point as unexpected as lethal alarms those who had thought of sleeping peacefully thanks to the installation of the platform “Cortex” which – mythology aside – was considered “immortal”.
To put everyone on alert was the same Paloalto Networks, world leader in the field of cybersecurity, which has provided to spread a bulletin that explains the painful finding of vulnerability labeling the problem with the acronym CVE-2021-3044.

The “problem”, if you want to consider it as such (and it is not), translates into a significant opportunity for malicious people who can unduly obtain an access authorization that allows them to access the server on which “runs” Cortex XSOAR, which is the security guard.
The acronym SOAR, not surprisingly, stands for “security orchestration, automation and response” and therefore encloses the entire biological cycle of initiatives to be put in place to ensure the protection of a computer system.
An expression not only commercial, but the real description of the features that this solution should be able to offer with extreme reliability to those who install it trusting in the centralization of protection activities.
To understand that this is not a trivial matter, it is enough to know that gravity is 9.8 out of 10 on the “CVSS vulnerability scale”, which is considered the Mercalli scale or the Richter scale for computer “earthquakes”.
An expression not only commercial, but the real description of the features that this solution should Considering that “Cortex XSOAR” is a defensive platform of cybersecurity used in a wide range of situations, the circumstance is not at all reassuring. In practice it is as if it was passed to the enemy the “sentinel” responsible for the automation of security operations, the management for intelligence on incoming or already looming threats, the procedures of contrast and recovery for ransomware attacks, coordinating the security of cloud resources.
An expression not only commercial, but the real description of the features that this solution should Considering that “Cortex XSOAR” is a defensive platform of cybersecurity used in a wide range of situations, Cortex is objectively a very well integrated solution because it also implements automated workflows, intervention schemes in response to aggressions, collaboration dynamics between the different teams involved, forming a kind of shield for companies and large organizations.
Unfortunately, if the attackers manage to virtually set foot in the so-called War Room (or the button room, the control room), for them it becomes a breeze, unduly execute commands and start automated procedures with deleterious effects
Simply put, they can potentially do anything, For example, by going to subvert monitoring and any security investigation activity that has hitherto been carried out or by having the opportunity to steal information on the cyber-defense action plans of the targeted system.
Paloalto Networks claims to have no news of any intrusions that have exploited this vulnerability. Maybe, but even the host claims that the wine he is mixing is genuine.