Articles Tagged ‘threat prevention’

Mariposa: How Exposed Are We?

November 1st, 2009

The Application and Threat Research Team has done a great job of provide insight into what the Mariposa threat as well as how to quickly analyze their networks to see if Mariposa is present via the WireShark plugin. Based on the applications that Mariposa uses to spread itself exactly how exposed are we? To gain [...]

Balancing the Risks and Benefits of Evasive Applications

September 8th, 2009

We often use the term evasive as a means of describing how an application can bypass a traditional stateful inspection firewall. “Applications use tactics such as port hopping, non-standard ports, SSL encryption and emulation to evade the firewall.” While wholly accurate, the term carries negative connotations, implying the application is behaving badly. In reality, [...]

Vulnerabilities Discovered for Microsoft DirectX

July 15th, 2009

As some of you may know, Palo Alto Networks discovered 2 critical vulnerabilities for Microsoft DirectX which were released today via Microsoft’s July security bulletin. Successful exploitation of these critical vulnerabilities can allow an attacker to run remote code on a victim’s PC. The 2 vulnerabilities CVE-2009-1538 (DirectX Pointer Validation Vulnerability) and CVE-2009-1539 (DirectX Size [...]

New Conficker Variants

March 23rd, 2009

Conficker is back in the news as there are reports of new variants popping up. I’m sure that you’ve all heard the news and hype about how many endpoints Conficker has infected, and even more speculation on what the bot herder will do with the massive botnet. Here’s some background info on Conficker and what [...]

Heartland Corporation: Malware Causes Largest Data Breach In History

January 21st, 2009

Holy Crap! Heartland, a card processing service for more that 250,000 small businesses discloses a malware generated breach on inauguration day. The scope is unfathomable. If each of the customers had only 10 credit card customers…you do the math.
Like vultures feeding on roadkill, no doubt every security vendor will call on Heartland telling them [...]

Microsoft Security Bulletin – November 2008

November 11th, 2008

Microsoft announced their scheduled November security bulletin today at 10am PST which covers 4 Microsoft vulnerabilities. Palo Alto Networks released coverage for the Microsoft vulnerabilities covered in the November security bulletin in content version 94 which was released today at 1pm PST.
Here are the vulnerabilities that were released by Microsoft today:
Microsoft Windows SMB Authenticate by [...]

Out-of-Band Microsoft Security Bulletin

October 22nd, 2008

Microsoft announced an unscheduled security bulletin today at 10AM PST that they have a critical vulnerability (MS08-067) which affects Windows 2000, XP, 2K3 Server, Vista, and 2K8 operating systems. This vulnerability is a buffer overflow in the Windows Server service. The vulnerability exists in the way the Server service handles Remote Procedure Call (RPC) requests. [...]

Got any hot stock tips?

August 7th, 2008

ALERT – If you don’t, your employees probably do. There is a lot of stock discussion that goes on in the financial message boards and there are many examples of well-intentioned employees responding to comments on these boards with “clarifications” to claims made.
In this weeks content release, we have added the ability to identify [...]

WeBot Can Turn Any PC into a Streaming Media Server

October 18th, 2007

ALERT – WeBot is an application that turns your computer into a streaming media server. WeBot allows users to gain real-time access to their digital media files at home via an Internet enabled computer. In addition to providing immediate access from an Internet enabled computer, WeBot even makes it possible to stream music and pictures [...]

MPack Malware Leverages SSL for Secure Transmission

August 7th, 2007

ALERT – SSL (Secure Socket Layer) is a protocol designed to provide encryption with minimal to no configuration, and has been used extensively to encrypt web communications through HTTPS (HTTP in SSL). Most security devices, including most firewalls, are not able to decrypt the traffic to see what is running inside SSL, and have little [...]