Date

By Source

By Technology

By Services

By Audience

Displaying 2491 to 2520 of 10068

Palo Alto Networks News of the Week – October 22, 2016

Did you miss any of this week’s Palo Alto Networks action? Don’t worry, we’ve rounded up the top news right here. Unit 42 researchers discovered two zero-day vulnerabilities in Adobe Reader. Federal CSO John Davis weighed in on Singapore’s proactive cybersecurity strategy. Unit 42 released a report on the Sofacy group’s new Flash Player exploit platform dubbed DealersChoice. Stephen Perciballi shared a new use case on AutoFocus and actionable threat intelligence. EMEA CSO Greg Day gave tips on how to avoid awkward conversations about cybersecurity with senior management. Can I …

Justin Hall,
  • 0
  • 0

MineMeld VMWare Desktop RE: Updates for MineMeld and Ubuntu?

Is there a release date for MindMeld on RHEL?   Until then I was wondering how are we to treat the VMWare desktop version? Can we consider it as an appliance and assume that both the OS and Mindmeld will auto-update itself or do we need to assume patching on

pwebber,
  • 0
  • 1

How to View Enterprise Agreements on the Support Portal

Enterprise Support Agreement (ESA), VM Enterprise Support Agreement (VM ESA) Enterprise License Agreement (ELA) and VM Enterprise License Agreement (VM ELA) authorization codes will automatically be applied to the Support Portal accounts designated in your purchase order.  ESAs/ELAs may be activated across multiple accounts. VM ESAs/VM ELAs may be activated

plieb,
  • 0
  • 4

Video: Disable New Apps in Content Update

 The 'Disable new apps in content update' option is new for PAN-OS 7.1.     Video Transcript: This is Joe Delio from the Palo Alto Networks Community team. This video is going to be covering a new option that started with PAN-OS 7.1. This new option is called Disable new

jdelio,
  • 0
  • 0

How to Block QUIC Protocol

What is QUIC?   QUIC (Quick UDP Internet Connections, pronounced quick) is an experimental transport layer network protocol developed by Google. QUIC supports a set of multiplexed connections between two endpoints over User Datagram Protocol (UDP), and was designed to provide security protection equivalent to TLS/SSL, along with reduced connection

vsathiamoo,
  • 0
  • 2

How to Safely Enable access to Office 365 using MineMeld

Overview As customers migrate to Office 365 they find themselves whitelisting a range of App-IDs for the various workloads they might use in the Office 365 product sets, such as Skype for Business, OneNote, Exchange Online and so on. Because Microsoft publishes Office 365 over a huge range of URLs,

sperich,
  • 0
  • 2

Sofacy's Flash Player Exploit Platform Exposed

Using weaponized Word documents as attachments to phishing emails is not a new attack method, but Palo Alto Networks researchers have discovered an interesting variation: an RTF document with an embedded OLE Word document containing embedded Flash exploits. The purpose is to disguise the attack in layers of obfuscation. Unit 42, the research team of Palo Alto Networks, recently discovered two variations of this attack, which it has named DealersChoice.A and DealersChoice.B.

  • 0
  • 1530

Channel Scoop – October 21, 2016

Sit back and relax. Let us do the information gathering and give you the channel scoop. Tick-Tock: With 10 days left in Q1 FY17, this Channel Scoop will focus on items that can help you win down the stretch. Let’s start with the product summary specifications sheet, which allows you to compare key features and performance specifications of Palo Alto Networks Next-Generation Firewalls. Traps: Customers hesitating to make a move from legacy anti-virus endpoint to next-generation endpoint due to compliance concerns, can accelerate their transition thanks to the recent news …

Lang Tibbils,
  • 0
  • 0

Palo Alto Networks Granted U.S. Department of Homeland Security SAFETY Act Certification

We are pleased to announce that we have received the U.S. Department of Homeland Security’s (DHS) SAFETY Act Certification for Palo Alto Networks Next-Generation Firewall and a number of related subscription services that are fully integrated within our security platform. The services included in this certification are Threat Prevention, URL Filtering and WildFire (which identifies and automatically generates preventive measures against zero-day and advanced persistent threats). SAFETY Act Certification is an important development that not only benefits Palo Alto Networks but also helps provide liability protection for our customers.  Specifically, …

Palo Alto Networks,
  • 0
  • 0

Palo Alto Networks Researcher Discovers Four Critical Vulnerabilities in Adobe Flash Player

Palo Alto Networks was recently credited with the discovery of four new vulnerabilities affecting Adobe Flash Player. Researcher Tao Yan discovered critical vulnerabilities CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985 affecting Adobe Flash Player. Descriptions of each, as well as details on affected versions and products, are included in the Adobe Security Bulletin. Adobe has released security updates for Adobe Flash Player. For current customers with a Threat Prevention subscription, Palo Alto Networks has also released IPS signatures providing proactive protection for these vulnerabilities. Palo Alto Networks is a regular contributor to vulnerability research in Microsoft, Adobe, Apple, …

Ryan Olson,
  • 0
  • 1

Customer Spotlight: Delta Holding Prevents Ransomware by Upgrading Security Posture

Delta Holding is a Belgrade-based organization made up of three distinct companies running autonomously while under central direction from the holding company. As one of the largest businesses in Serbia, Delta Holding’s subsidiaries span a variety of services including import-export, real estate, retail and wholesale. To protect central operations and individual businesses, Delta Holding routes traffic from more than 500 network devices in 100 geographically dispersed locations through a single termination point in its corporate data center. Delta Holding’s legacy system was made up of two separate firewalls – one …

Leiann Bonnet,
  • 0
  • 2

Tech Docs: Malware Takes Cover as New WildFire Cloud Emerges Over Europe

We recently announced the new WildFire EU cloud and you can start using it today! The WildFire EU cloud is designed to adhere to European Union (EU) data privacy regulations. Files and links that you submit to the regional cloud do not leave the WildFire European data center—the WildFire EU cloud analyzes these files and links and then generates signatures to detect malware independently of the WildFire global cloud. Malware reports and signatures are shared between the WildFire global and regional clouds so that you can continue to benefit from …

Claire Nolan,
  • 0
  • 1

Meet AutoFocus!

Tired of sorting through endless logs to find the threats in your network that matter most? Meet AutoFocus! Our new threat intelligence service harnesses global threat data and spotlights meaningful and pervasive events, so that you can take action now. Ready to get started? Use the AutoFocus cheat sheet!

Claire Nolan,
  • 0
  • 7

Can I spam from here: An Unusually Clever Spambot Tests Blacklists

Unit 42 researchers recently observed an unusually clever spambot’s attempts to increase delivery efficacy by abusing reputation blacklist service APIs. Rather than sending spam as soon as the host is infected, the bot checks common blacklists to confirm its e-mails will actually be delivered, and if not, shuts itself down. This spambot, commonly downloaded by the Andromeda malware, has been observed delivering pharmaceutical industry spam as well as further propagating the main Andromeda bot. Microsoft refers to this family of malware as Sarvdap, however it must be noted that the …

Brandon LeveneBrandon Young,
  • 0
  • 1

‘DealersChoice’ is Sofacy’s Flash Player Exploit Platform

Unit 42 has reported on various Sofacy group attacks over the last year, most recently with a post on Komplex, an OS X variant of a tool commonly used by the Sofacy group. In the same timeframe of the Komplex attacks, we collected several weaponized documents that use a tactic previously not observed in use by the Sofacy group. Weaponizing documents to exploit known Microsoft Word vulnerabilities is a common tactic deployed by many adversary groups, but in this example, we discovered RTF documents containing embedded OLE Word documents further …

Robert FalconeBryan Lee,
  • 0
  • 2

The Cybersecurity Download: Ransomware

Ransomware…we know it’s a threat; but what can be done to prevent it? What makes organizations a target and how do individuals fall victim to an attack? Most importantly, how can you protect yourself from ransomware? 

Eila Shargh,
  • 0
  • 20

Which file types are supported by the Source Code Policy Rule in Aperture?

The Aperture service extracts metadata and textual content for the following file formats for the Source Code Policy Rule:   asm c cpp cs cxx c+ h hp hxx h+ java js m php pl py r rb s v vb vhdl    

ntrubic,
  • 0
  • 1

Panorama CLI Workaround for Offline Upgrade of Managed Device

Issue When attempting to upgrade PAN-OS on managed devices with Panorama, in a non-Internet-connected environment, the user may observe the following symptoms: The Panorama-managed devices do not appear as upgrade targets in the GUI after selecting Panorama > Device Deployment > Software, selecting a download (or manually uploaded) and applicable PAN-OS version and

gbalulis,
  • 0
  • 3

Upgrading PAN-OS on an Offline Panorama Instance

Issue In a non-internet-connected environment, it is possible for Panorama to not have its own support license loaded.  As Panorama presently must contact the Palo Alto Networks support server to obtain or update its support license, Panorama will not be able to contact the support site.    Symptom This results

gbalulis,
  • 0
  • 0

Tips & Tricks: How to Use 'Disable New Apps' in Content Update

Our Tips and Tricks topic covers a new option introduced with PAN-OS 7.1. This new option is called Disable new apps in content update.   What does the 'Disable new apps in content update' option do? When scheduling recurring downloads and installations for content updates, you can choose to disable

jdelio,
  • 0
  • 0

Weekly Recap 42

NEW!! Discussion of the Week DotW: Block Web Ads with an External Dynamic List From the article, send comments to @kiwi -- Thanks to @KevinTucker @BPry @Brandon_Wertz @mivaldi @birkhojk @mstand others! How do you block web ads using an external dynamic list, or EDL, and get an 'Ad blocked' page? The Palo

editeur,
  • 0
  • 0

Exploit Kits

Exploit kits, which first became popular in 2006, are used to automate the exploitation of vulnerabilities on victims’ machines, most commonly while users are browsing the web. Over the past decade they have become an extremely popular means for criminal groups to distribute mass malware or remote access tools (RAT), because they lower the barrier to entry for attackers and can enable opportunistic attacks at scale. To understand this phenomenon, we must understand the ecosystem that surrounds exploit kits, including the actors, campaigns and terminology involved.

  • 0
  • 2981

Exploit Kits

Exploit kits, which first became popular in 2006, are used to automate the exploitation of vulnerabilities on victims’ machines, most commonly while users are browsing the web. Over the past decade they have become an extremely popular means for criminal groups to distribute mass malware or remote access tools (RAT), because they lower the barrier to entry for attackers and can enable opportunistic attacks at scale. To understand this phenomenon, we must understand the ecosystem that surrounds exploit kits, including the actors, campaigns and terminology involved.

  • 1
  • 5596

Russian APT's DealersChoice exploit tool is a raw deal for Flash users

Russian advanced persistent threat group Sofacy has another ace up its sleeve: a Flash Player exploit tool, dubbed DealersChoice, that in some ways resembles a Russian nesting doll. Discovered by Palo Alto Networks' Unit 42 threat research team, the tool generates RTF documents that contain embedded OLE Word documents that in turn contain embedded, malicious Adobe Flash (.SWF) files, whose contents are designed to abuse flaws in Flash software.

  • 0
  • 1480

How to Avoid Awkward Conversations About Cybersecurity With Senior Management

Our recent study of security professionals’ attitudes towards upcoming EU legislation – namely the General Data Protection Regulation (GDPR) and Network and Information Security (NIS) Directive – highlight that many see the legislative changes as positive in both reducing incidents and changing perceptions. Whilst many expect some uncomfortable discussions with their senior management, this is an opportunity to educate business leaders – and in doing so to find a more real-world balance of expectations – as incident analysis and notification will drive greater knowledge and experience across the industry. There …

Greg Day,
  • 0
  • 1

AutoFocus: Actionable Threat Intelligence Leads to Shorter Response Times

Following up on my initial post, AutoFocus: Your Answer to Actionable Threat Intelligence, this second post in the series provides another daily use case. Searching From Firewalls Something that happens from time to time is administrators will see remnants of malware coming from hosts inside the network but not the actual malware itself. This is a prime example of when administration teams should use actionable threat intelligence so they can arm themselves with information about what and whom they are up against, leading to shorter response times to an attack. …

Stephen Perciballi,
  • 0
  • 0

Migration tool version 3.3.14 no base configuration pull down

No base configurations available in the base configuration pull down ? This a New install loaded base 31, applied mt3310c.bundle then updated to 3.3.14   

daqi01,
  • 0
  • 0

Tips & Tricks: TCP Split Handshake Drop

Most network engineers are familiar with the TCP 3-way handshake as described by US-CERT and illustrated below:   3-way handshake 1.  A --> B  SYN 2.  A <-- B  SYN/ACK 3.  A --> B  ACK   In short: a TCP session typically begins with a client sending a synchronization packet (SYN), to

kiwi,
  • 0
  • 1

Top 3 Cloud Security Considerations

This brief discusses the top three considerations for securing traditional and cloud-based data centers, as well as key requirements for cloud security.

  • 0
  • 54

Palo Alto Networks Application for QRadar

Overview Palo Alto Networks and IBM have partnered to deliver advanced security reporting and analytics to the the widely used IBM® QRadar® SIEM. Integrate QRadar seamlessly with the Palo Alto Networks platform to streamline operations and improves security. The Palo Alto Networks app for QRadar enables these capabilities by allowing

btorresgil,
  • 0
  • 2
Displaying 2491 to 2520 of 10068