Palo Alto Networks

Research

Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions Workflows

In today’s post, we look at action pinning, one of the profound mitigations against supply chain attacks in the GitHub Actions ecosystem. It turns out, though, that action pinning comes with a downside — a pitfall we call "unpinnable actions" that allows attackers to execute code in GitHub Actions workflows.

As we discussed in the previous blog post, Third-Party GitHub Actions: Effects of an Opt-Out Permission Model, the permissive nature of GitHub Actions...

CI/CD

DevOps

Aug 30, 2023

By Yaron Avital

Palo Alto Networks

Products and Services

Partners

Cloud Security, Cloud Security Posture Management, Cloud Workload Protection Platform

10 Cloud Security Risks Organizations Should Address

Through advances in cloud technology, data access is now readily available. This is a boon for developers. For security practitioners, though, it presents a challenge. With dataset...

May 15, 2023

By Nathaniel Quist

Must-Read Articles

Unlocking the Black Box: Transparency for ML-Based Incident Risk Scoring

In our last blog post, we introduced SmartScore, a revolutionary ML-based engine that allows our customers to automatically receive risk scores for cyber incidents generated on our...

Mar 23, 2023

By Guy Mazaltrim, Tuvia Newman and Sharon Datner

Announcement, Cloud Native Application Platform, Cloud Security, DevOps, DevSecOps, Must-Read Articles

Cloud-Native Security Survey: Patterns and Tipping Points in New Report

Did you know that 72% of organizations from around the world moved 30% or more of their workloads to the cloud in the la...

Mar 07, 2023

By Bob West

Announcement, DevSecOps, Partners

Business Value of Prisma Cloud for Google Cloud

Realize quantified benefits worth an average of $3.78 million per organization when pairing Google Cloud together with Prisma Cloud by Palo Alto Networks.

Sep 29, 2022

By Derek Rogerson

Must-Read Articles

Beating Alert Fatigue with Cortex XDR SmartScore Technology

It's no secret that today, more than ever, organizations are facing an extremely difficult mission of protecting their digital assets from sophisticated cybersecurity threats. Tren...

Aug 04, 2022

By Niv Sela, Guy Mazaltrim, Gal Itzhak and Yinnon Meshi

CSO Perspective

Legislation Incoming: How Prepared Is the Cybersecurity Community?

It’s hard to miss the spotlight shone on the cybersecurity industry recently. There’s been a procession of infamous, high-profile cyberattacks. At the same time, organisations are...

Nov 08, 2017

By Greg Day

CSO Perspective

The Proof Is in the Eating!

It’s now been just over a year since I joined Palo Alto Networks. Like I’m sure all of us do, I did my due diligence on the company prior to joining and was taken back by the focus of the business to build capabilities that truly natively work together as a platform. Th...

Nov 10, 2016

By Greg Day

CIO/CISO, Cybersecurity

Building Strategies to Make Sure Cybersecurity Is Everybody's Business

Cybersecurity is continually a focus of news headlines and remains very much a topic under discussion across the globe. As the world, its devices and its systems become increasingl...

Jul 29, 2016

By Greg Day

Cybersecurity

Want to be Among the First to Receive New Threat Intelligence from Unit 42?

You can have the latest Unit 42 insights, research and threat intelligence delivered right to your inbox!

Jun 16, 2016

By Chad Berndtson

Cybersecurity, Threat Prevention, Unit 42

Don’t Forget to Subscribe to Unit 42 Threat Intelligence Alerts

Want to have all of the latest insights, research and threat intelligence from our research team delivered right to your inbox? You can.

Nov 21, 2014

By Chad Berndtson

Unit 42

NetWire and MITRE ChopShop

On August 4, Unit 42, the Palo Alto Networks threat intelligence team, released a tool to decrypt the traffic from a Remote Administration Tool (RAT) named NetWire (part of the NetWiredRC malware family). For details of the encryption protocol used please see our earli...

Aug 25, 2014

By Phil Da Silva

Threat Advisories - Advisories, Unit 42

New Release: Decrypting NetWire C2 Traffic

On July 22, Palo Alto Networks threat intelligence team, Unit 42, released our first report on the evolution of “Silver Spaniel” 419 scammers. Of particular note is how these actors use a Remote Administration...

Aug 04, 2014

By Phil Da Silva, Rob Downs and Ryan Olson

Cybersecurity, Threat Advisory/Analysis, Threat Prevention

CVE-2014-1776: How Easy It Is To Attack These Days

Just about a week ago, everyone was alarmed due to a new zero-day vulnerability affecting Internet Explorer 6 through 11. The vulnerability was used in attacks in the wild, which targeted IE 8 to IE 11. The imp...

May 06, 2014

By Palo Alto Networks

Load more blogs