Hello and welcome to the Monday, April 15th,

2004 edition of the Sands and at Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from London, England.

I'm deviating from my usual schedule, and I'm recording this podcast on Saturday evening instead of Sunday evening.

Two particular reasons for this.

First of all, my travel schedule.

But then we also have some breaking news that I would like to dedicate this podcast to

and also would like to keep you in the loop in case you're able to listen to this a little bit before Monday morning.

The problem we have here is a new vulnerability in Palo Alto Network's Global Protect Software.

Some exploitation of this vulnerability has been reported by Walexity.

Vlexity has seen exploits as early as end of March, March 26th,

and has since then seen some novel backdoors being deployed using this vulnerability. It's a remote code execution

vulnerability. It does give the attacker full route access. And given that Global Protect is

typically a VPN solution, giving remote users access to internal network resources.

These devices are being compromised here can then be leveraged in order to pivot into an

organization's network.

Palo Alto Networks released an advisory regarding this vulnerability on Friday, which is

why we didn't get around to cover this for

the Friday podcast and stated that a patch should be available no later than Sunday. Again,

I'm recording this here Saturday evening in the UK, and at this point, I don't see a patch available yet, but

maybe released by the time you are listening to this podcast.

Short of applying a patch and outright disabling, a global protect, the other option you

...