heise online

Palo Alto Globalprotect: Malicious code weakness via weak certificate validation

Palo Alto Networks Globalprotect app is used to establish VPN connections. A vulnerability allows attackers to inject malicious code and install it on vulnerable computers with elevated privileges. In ...
Ars Technica

Researchers wait 12 months to report vulnerability with 9.8 out of 10 severity rating

About 10,000 enterprise servers running Palo Alto Networks’ GlobalProtect VPN are vulnerable to a just-patched buffer overflow bug with a severity rating of 9.8 out of a possible 10. Security firm ...
CRN

Ingram Micro Attack Did Not Involve GlobalProtect VPN: Palo Alto Networks

The VPN was not ‘the source of the vulnerability or impacted’ in the ransomware attack against distribution giant Ingram Micro, Palo Alto Networks says. Reports connecting the GlobalProtect VPN system ...
Dark Reading

Palo Alto Networks Does Not Fully Address Vulnerability in GlobalProtect SSL VPN Solution

Palo Alto Networks has published an advisory about its Palo Alto GlobalProtect SSL VPN solution which is used by many organizations. The advisory was a response to research carried out by Orange Tsai ...