CyberSecurity news
FlagThis - #paloaltonetworks
|
Pierluigi Paganini@Security Affairs
//
Palo Alto Networks has issued a warning regarding brute-force login attempts targeting PAN-OS GlobalProtect gateways. This comes after security researchers observed a surge in suspicious scanning activity directed at these portals. While Palo Alto Networks has confirmed the observation of password-related attacks, they emphasize that there is no evidence of any vulnerability exploitation at this time. The company is actively monitoring the situation and analyzing the reported activity to determine its potential impact and assess the need for mitigations.
Threat intelligence firm GreyNoise reported that this activity began around March 17, 2025, with a peak of nearly 24,000 unique IP addresses involved in the scanning before the numbers dropped toward the end of the month. This pattern suggests a coordinated effort to probe network defenses and potentially identify systems that may be exposed or vulnerable. The scanning activity primarily targeted systems located in the United States, the United Kingdom, Ireland, Russia, and Singapore. Palo Alto Networks urges customers to implement several mitigation strategies to defend against potential brute-force attacks. These recommendations include ensuring that systems are running the latest versions of PAN-OS, enforcing multi-factor authentication (MFA), configuring GlobalProtect to facilitate MFA notifications, setting up security policies to detect and block brute-force attacks, and limiting unnecessary exposure to the internet. The security community continues to monitor the situation, emphasizing the importance of proactive security measures to protect against credential compromise.
Share:
References :
Classification:
|