A New York school district had US$3.8M pilfered by cyber-criminals, who may have used a common banking trojan to gain valid login credentials to the district’s accounts.  The very same trojan making the rounds on social networks like Facebook.  The district has recovered most of the money, but is still out nearly US$500K.

Since the inaugural Application Usage and Risk Report (Spring Edition, 2008), browser-based file-sharing usage in terms of frequency has steadily increased to the point where it now exceeds that of peer-to-peer file sharing.

As a follow up to last week’s post regarding Mariposa infection research, Yamata Li of the Palo Alto Networks Threat Research Team has developed a Wireshark plugin that will allow you to view obfuscated pcaps of traffic from a Mariposa infected client and actually decrypt them within Wireshark. The software is available to all as [...]

Over the past month, we’ve been pulled in by customers to analyze various “weird” behavior on the network. One of these instances happened a few weeks ago. A large Fortune 200 customer was reviewing application usage on the network using the Palo Alto Networks devices and discovered that there were a few devices in globally [...]

When asked who’s the best illusionist of all time, you’ll likely hear anything from Harry Houdini to David Copperfield to David Blane, but they don’t have anything on your IPS vendor.
I often hear the question, how big or how good is Palo Alto Networks’ vulnerability research team? If you look at the website or collateral [...]

Greg Young and John Pescatore just authored an excellent note on next-generation firewalls (see the liner notes/background in Greg’s blog).
In the note, “Defining the Next-Generation Firewall,” Greg and John do an excellent job laying out the definition, the requirements, and their recommendations for next-generation firewalls in the enterprise.  Gartner notes that due to their dependence [...]

No doubt the first question you might have is what is Yoics! Simply put, Yoics! is a remote desktop access application that has been found in many of our customer’s networks. It is a good example of the types of applications being found that are not necessarily endorsed by corporate policy.
Let’s take a quick look [...]

Microsoft has announced an out-of-band release for a vulnerability (CVE-2009-3103) in the SMB2 protocol which exposes Windows Server 2008 and Windows Vista users to possible remote code execution attacks. It does not appear that Windows 2000 and Windows XP are affected because they do not have the vulnerable SMB2 driver. The vulnerability is labeled as [...]