A vulnerability is disclosed in Palo Alto VPN hardware/software, the company who discovered this: Randori may not have disclosed this to the vendor in a timely fashion. The premise that is suggested for this, is that as Randori are a Red Teaming company they used this Vulnerability to infiltrate their clients who used Palo Alto VPN’s much more easily than they may otherwise have.
Without knowing the details of this Palo Alto VPN vulnerability I would suggest that the company who discovered it were less than honourable, using it in secret to make their Red teaming look more successful than it may have been in other cases.
I imagine the Randori Red team sales rep would engage a potential client.
First Sales question: What VPN are you using? Palo Alto, Check ✅✅✅, salesman then says to the client, “I can guarantee we will be into your network in hours!”.
Client response: ” Pfft, we are using the best security tools available, no way!”
All products cyber security and otherwise have vulnerabilities and all will be discovered at some point, what this demonstrates to me is:
- It is our job in Cyber security (yes including red teams) to disclose vulnerabilities as soon as we can, otherwise we can not call ourselves “good people”
- Avoid using a single vendor for all security requirements, because code is reused between products where it makes sense.
- Make sure you have some form of detection and response capability, this is your blue team!
- Finally, and unfortunately – we can not implicitly trust cyber security companies to have our best interests at heart.
#cybersecurity #paloaltonetworks #cyberattack #vpn
