The Application and Threat Research Team has done a great job of provide insight into what the Mariposa threat as well as how to quickly analyze their networks to see if Mariposa is present via the WireShark plugin. Based on the applications that Mariposa uses to spread itself exactly how exposed are we? To gain [...]

We often use the term evasive as a means of describing how an application can bypass a traditional stateful inspection firewall. “Applications use tactics such as port hopping, non-standard ports, SSL encryption and emulation to evade the firewall.” While wholly accurate, the term carries negative connotations, implying the application is behaving badly. In reality, [...]

As some of you may know, Palo Alto Networks discovered 2 critical vulnerabilities for Microsoft DirectX which were released today via Microsoft’s July security bulletin. Successful exploitation of these critical vulnerabilities can allow an attacker to run remote code on a victim’s PC. The 2 vulnerabilities CVE-2009-1538 (DirectX Pointer Validation Vulnerability) and CVE-2009-1539 (DirectX Size [...]

Conficker is back in the news as there are reports of new variants popping up. I’m sure that you’ve all heard the news and hype about how many endpoints Conficker has infected, and even more speculation on what the bot herder will do with the massive botnet. Here’s some background info on Conficker and what [...]

Holy Crap! Heartland, a card processing service for more that 250,000 small businesses discloses a malware generated breach on inauguration day. The scope is unfathomable. If each of the customers had only 10 credit card customers…you do the math.
Like vultures feeding on roadkill, no doubt every security vendor will call on Heartland telling them [...]

Microsoft announced their scheduled November security bulletin today at 10am PST which covers 4 Microsoft vulnerabilities. Palo Alto Networks released coverage for the Microsoft vulnerabilities covered in the November security bulletin in content version 94 which was released today at 1pm PST.
Here are the vulnerabilities that were released by Microsoft today:
Microsoft Windows SMB Authenticate by [...]

Microsoft announced an unscheduled security bulletin today at 10AM PST that they have a critical vulnerability (MS08-067) which affects Windows 2000, XP, 2K3 Server, Vista, and 2K8 operating systems. This vulnerability is a buffer overflow in the Windows Server service. The vulnerability exists in the way the Server service handles Remote Procedure Call (RPC) requests. [...]

ALERT – If you don’t, your employees probably do. There is a lot of stock discussion that goes on in the financial message boards and there are many examples of well-intentioned employees responding to comments on these boards with “clarifications” to claims made.
In this weeks content release, we have added the ability to identify [...]

ALERT – WeBot is an application that turns your computer into a streaming media server. WeBot allows users to gain real-time access to their digital media files at home via an Internet enabled computer. In addition to providing immediate access from an Internet enabled computer, WeBot even makes it possible to stream music and pictures [...]

ALERT – SSL (Secure Socket Layer) is a protocol designed to provide encryption with minimal to no configuration, and has been used extensively to encrypt web communications through HTTPS (HTTP in SSL). Most security devices, including most firewalls, are not able to decrypt the traffic to see what is running inside SSL, and have little [...]