Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/paulasadoorian/statuses/113878576299051785">Paul Asadoorian (paulasadoorian@infosec.exchange)'s status on Friday, 24-Jan-2025 01:38:06 JST</a><a href="https://infosec.exchange/@paulasadoorian" title="paulasadoorian@infosec.exchange"><img src="https://gnusocial.jp/avatar/30611-48-20230313152200.webp" width="48" height="48" alt="Paul Asadoorian" style="position: absolute; left: 0; top: 0;">Paul Asadoorian</a></section><article><p>Firewalls, VPNs, and network devices require extra scrutiny when it comes to security, given the current threat landscape. New findings from Eclypsium highlight missing and misconfigured security controls (bootloader &amp; UEFI vulns)...Our latest findings are here: <a href="https://eclypsium.com/research/pandoras-box-vulns-in-security-appliances/" rel="nofollow">https://eclypsium.com/research/pandoras-box-vulns-in-security-appliances/</a> (including a demo exploit video).</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4433503#notice-8674066">In conversation</a><time datetime="2025-01-24T01:38:06+09:00" title="Friday, 24-Jan-2025 01:38:06 JST">about 3 months ago</time> <span>from <span><a href="https://infosec.exchange/@paulasadoorian/113878576299051785" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@paulasadoorian/113878576299051785">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/3995575">Untitled attachment</a></label><br><a href="https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/878/576/203/194/295/original/7dd6b0da975930b3.jpeg" rel="external">https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/878/576/203/194/295/original/7dd6b0da975930b3.jpeg</a></li><li><article><header><div>Domain not in remote thumbnail source whitelist: eclypsium.com</div><h5><a href="https://eclypsium.com/research/pandoras-box-vulns-in-security-appliances/">Supply Chain Risks in Security Appliances - Eclypsium | Supply Chain Security for the Modern Enterprise</a></h5><div> from <span>@eclypsium</span></div></header><div>The security landscape for network appliances is complex and vulnerable. This blog examines specific Palo Alto Networks appliances to reveal various security gaps, from vulnerabilities to evade Secure Boot to multiple instances of unpatched firmware. These findings underscore a critical truth: even devices designed to protect can become vectors for attack if not properly secured and maintained.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Paul Asadoorian (paulasadoorian@infosec.exchange)'s status on Friday, 24-Jan-2025 01:38:06 JST Paul Asadoorian
Firewalls, VPNs, and network devices require extra scrutiny when it comes to security, given the current threat landscape. New findings from Eclypsium highlight missing and misconfigured security controls (bootloader & UEFI vulns)...Our latest findings are here: https://eclypsium.com/research/pandoras-box-vulns-in-security-appliances/ (including a demo exploit video).
In conversationabout 3 months ago from infosec.exchangepermalink
Attachments
1. Untitled attachment
  https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/878/576/203/194/295/original/7dd6b0da975930b3.jpeg
2. Domain not in remote thumbnail source whitelist: eclypsium.com
  Supply Chain Risks in Security Appliances - Eclypsium | Supply Chain Security for the Modern Enterprise
  from @eclypsium
  The security landscape for network appliances is complex and vulnerable. This blog examines specific Palo Alto Networks appliances to reveal various security gaps, from vulnerabilities to evade Secure Boot to multiple instances of unpatched firmware. These findings underscore a critical truth: even devices designed to protect can become vectors for attack if not properly secured and maintained.

Public

Embed Notice

HTML Code

Corresponding Notice