🚨 Firewall 0-Day Under Attack & Proton Pass Vault Bypass Exposed
Two security stories making waves today — one affecting the enterprise firewalls that protect millions of businesses, and another that could let someone walk right into your password vault. Here's what you need to know.
🔥 Palo Alto Firewall Zero-Day Is Being Exploited Right Now
Palo Alto Networks just warned customers about a critical, unpatched vulnerability in the PAN-OS User-ID Authentication Portal — and attackers are already exploiting it in the wild. The flaw is a buffer overflow that lets attackers run any code they want as root, meaning full control over the firewall itself.
Why should you care? PAN-OS firewalls sit at the front door of countless enterprises, banks, hospitals, and government agencies. If attackers own your firewall, they own your network. There is no patch yet — Palo Alto is rushing one out — so the urgent advice is to restrict or disable access to the affected portals immediately. If your organization runs Palo Alto gear, treat this as a drop-everything moment.
🔑 Proton Pass: How an Attacker Could Steal Your Whole Vault Without Your Second Password
Proton Pass advertises a "second password" as an extra wall around your password vault — a separate secret that even Proton itself doesn't know. Researchers at Zolder found a clever way to walk straight past that wall using Proton's own Emergency Access feature. If an attacker gains access to your email inbox (think reused passwords or a phished login) and the emergency wait time is set to "None," they can add themselves as an instant emergency contact, hide the notification emails using mailbox rules, and then export your entire vault — no second password required.
The takeaway for everyday users: your password manager is only as secure as the email account guarding it. Lock down your email with a strong unique password and a hardware security key or authenticator app, and review the Emergency Access settings inside Proton Pass today.
Stay ahead of threats with GOCO Security at gocosecurity.com.
.jpg)
Comments
Post a Comment