Date

By Source

By Technology

By Services

By Audience

Displaying 2551 to 2580 of 10468

2016 Updates to Shifu Banking Trojan

Overview Shifu is a Banking Trojan first discovered in 2015. Shifu is based on the Shiz source code which incorporated techniques used by Zeus. Attackers use Shifu to steal credentials for online banking websites around the world, starting in Russia but later including the UK, Italy, and others. Palo Alto Networks Unit 42 research has found that the Shifu authors have evolved Shifu in 2016. Our research has found that Shifu has incorporated multiple new techniques to infect and evade detection on Microsoft Windows systems. Some of these include: Exploitation …

Dominik Reichel,
  • 0
  • 2

DragonOK Updates Toolset and Targets Multiple Geographic Regions

The DragonOK group has been actively launching attacks for years. We first discussed them in April 2015 when we witnessed them targeting a number of organizations in Japan. In recent months, Unit 42 has observed a number of attacks that we attribute to this group. Multiple new variants of the previously discussed sysget malware family have been observed in use by DragonOK. Sysget malware was delivered both directly via phishing emails, as well as in Rich Text Format (RTF) documents exploiting the CVE-2015-1641 vulnerability (patched in MS15-033) that in turn …

Josh Grunzweig,
  • 0
  • 3

Migration tool - reuse existing Addresses and Services

I imported a base PA config that has existing objects (addresses) and services that I would like to use in migrating a Cisco ASA config.  However I am unable to change the  Cisco migrated policy addresses and services to the existing addresses and services in the base config.  Can anyone

jasonrakers,
  • 0
  • 0

Pseudo-Darkleech Remains Prominent Distributer of Ransomware

The pseudo-Darkleech campaign, one of the long-standing prominent distributers of ransomware, is expected to remain strong in 2017, after going through a series of important changes last year, Palo Alto Networks researchers warn.

  • 0
  • 1793

How to Copy User-ID Agent Configuration from one Server to Another

If you ever need to have a User-ID agent setting on multiple machines with the same config, please read these instructions about how to perform this.   Instead of configuring the User-ID (UID) agent on each machine, you can copy the configuration file from one machine and paste it into

schopra,
  • 0
  • 1

False Positive Rate of the Threat Intelligence of Minemeld

Hi Guys, Does anyone use the default blocklist (including spamhaus_DROP, spamhaus_EDROP and dshield etc) for their Palo's external block list? If so I am wondering if there is any IP listed there shouldn't be dropped?    Thanks for any response.    

Fengrui,
  • 0
  • 0

How Automation Can Help Agencies Thwart Today’s Cyber Adversaries

Pamela Warren, director of government and industry solutions, discusses why agencies need to be more efficient about cybersecurity, because every lost minute can make the difference between a successful attack and an unsuccessful one.

  • 0
  • 1464

Exploit Kits: A Series of Unfortunate Events

This brief discusses the different stages of an exploit kit that must be successfully completed in order for the attacker to gain control of the host.

  • 1
  • 305

Migrating multiple Cisco FWSMs into single Palo Alto Vsys

Hi there,    Has anyone migrated multiple Cisco FWSMs firewall contexts into a single Palo Alto Virtual System ? Is this possible at all ?   Cheers Ed

EdPlansky,
  • 0
  • 0

Next-Generation Security for Local Governments

Palo Alto Networks meets the security needs of local governments by automatically preventing cyberthreats and controlling access to sensitive data.

  • 1
  • 537

RADIUS authentication fails on Microsoft Network Policy Server (NPS)

Symptoms RADIUS authentication fails when Microsoft Network Policy Server (NPS) passwords contain accented characters. For example: ó, ò, ñ Diagnosis NPS does not encode RADIUS password in UTF-8 as expected by RFC286.   NPS is encoding password in EASCII.   As we comply with RFC, passwords will mismatch when received and

nbilly,
  • 0
  • 1

Group names in allow-list of an LDAP authentication profile

Question Are group names case sensitive when configured in allow-list of an authentication profile case? Answer When configuring a group name in allow-list of an authentication profile, goup names are case sensitive. It is important as we are using allow-lists for various authentication protocols (LDAP, RADIUS, TACACS+ and so on).  

nbilly,
  • 0
  • 1

SSO Kerberos Authentication for Admin Access Keytab Generation

Kerberos SSO: Kerberos Authentication for Admin access Keytab generation is used to supply the windows credentials automatically to the login prompt when a user accesses the WebGUI of the firewall. A network that supports Kerberos SSO prompts a user to log in only for initial access to the network (for

schopra,
  • 0
  • 2

Syslog miner indicator

Hi, i'm trying creating a indicator for SLW injections events , extract src_ip and insert into    Down below the code attached to the syslogminer class stdlib.syslogMiner , unfortunaltely validate process reports errors with the only suggestions "Condition is invalid", could be either a formatting erro or a logical erro, hard to say.

AlbertoZanon,
  • 0
  • 0

Weekly Recap 52

DotW: DISCUSSION OF THE WEEK RESTORING CONFIGURATION BETWEEN PLATFORMS Are you planning a hardware upgrade and want to reuse a configuration file? Are you trying to figure out how to go about restoring a backup configuration from a PA5000 series to a PA3000? Can you just move a config file from one

editeur,
  • 0
  • 0

Palo Alto Networks News of the Week – December 31, 2016

Did you miss any of this week’s Palo Alto Networks action? Don’t worry, we’ve rounded up the top news right here. Our Cybersecurity Predictions series continued with sure things and long shots for cybersecurity in 2017. This week’s predictions include: Automation and Playbook Models Take On Key Roles in Threat Intelligence Sharing The Technical Documentation team introduced the new Palo Alto Networks Compatibility Matrix The Technical Documentation team also shared a post covering the latest Aperture features and how you can use them to protect your SaaS applications. Unit 42 …

Justin Hall,
  • 0
  • 0

What Palo Alto Networks Has in Store for the Public Sector in 2017

We’ve had some exciting activity in the U.S. federal sector at Palo Alto Networks over the past year and we have more in store for 2017 with the launch of our inaugural Federal Ignite conference in Washington, D.C. next October. With the end of the year around the corner, I wanted to share more about the incredible momentum we’ve had in the public sector in 2016 and preview what we have on deck in the new year. Palo Alto Networks Launches Public Sector Subsidiary As we continue to expand our …

Nick Urick,
  • 0
  • 0

How to Install User-ID Agent and Prevent 'Start service failed with error 1069'

This article outlines the steps required to install the UserID Agent and account permissions required for it to function properly. If not all access is granted, you may encounter the following error: "Start service failed with error 1069: The service did not start due to a logon failure."   In this

pankaj.kumar,
  • 0
  • 2

Don’t Let Your Users Unknowingly Be the Weak Link in Your Security Infrastructure

Hackers are becoming increasingly stealthy and creative, relentlessly trying to gain access to sensitive data, while organizations work tirelessly to prevent security breaches and data theft. In this complex game of cat and mouse, security practitioners are being forced to rethink how they identify and control traffic on the network, shifting to an application-focused approach, rather than port- and protocol-based policy, to defend against successful cyberattacks and uphold business integrity. User-based access controls, based on user identity information, rather than IP address, allow organizations to safely enable applications traversing the …

Stephanie Johnson,
  • 0
  • 1

Campaign Evolution: pseudo-Darkleech in 2016

Darkleech is long-running campaign that uses exploit kits (EKs) to deliver malware. First identified in 2012, this campaign has used different EKs to distribute various types of malware during the past few years. We reviewed the most recent iteration of this campaign in March 2016 after it had settled into a pattern of distributing ransomware. Now dubbed “pseudo-Darkleech,” this campaign has undergone significant changes since the last time we examined it. Our blog post today focuses on the evolution of pseudo-Darkleech traffic since March 2016. Chain of events Successful infections …

Brad Duncan,
  • 0
  • 2

TechDocs: Protect Your SaaS with the Latest Aperture Features

The Aperture team is working hard to make your life easier and keep your SaaS applications secure. New features introduced recently include: Automatic Risk Remediation: The Aperture service introduces a powerful new feature that can automatically discover and remediate risks. You can create policy rules that automatically quarantine compromised assets, change sharing to maintain network security, and notify owners when an asset is vulnerable. When you automatically remediate risks, the Aperture service can process and fix large volumes of risks in record time with minimal overhead. Aperture supports automatic remediation …

Charissa Fleischer,
  • 0
  • 1

Cybersecurity in 2017: Automation, Adversaries and Orchestration

Threat intelligence sharing among vendor and industry peers has come a long way, and in 2017 there will be more opportunities than ever to demonstrate its value; especially as conversations around sharing intelligence between the public and private sectors continues.

  • 0
  • 2325

Palo Alto Networks to Present at Upcoming Investor Conference

Palo Alto Networks® (NYSE: PANW), the next-generation security company, today announced that members of its management team will be presenting at the following financial community event: 19th...

Santa Clara, CA
  • 0
  • 256

How can I validate that my TAXII output miner is working?

Hi!  Been testing the product for a couple of weeks, and I really am impressed, but while the TAXII/STIX miners work well from HailATAXII, I'm trying to feed output from my aggregator into a TAXII output to push to other tools down the line that can ingest the indicators and

twisterdavemd,
  • 0
  • 0

Minemeld not pulling low and medium confidence feeds?

Hello,   My firewall is able to pull several feeds from our minemeld server. However, it is not pulling our Low and Medium Confidence inbound feeds. Worked with PA support and they said there must be something wrong with our Minemeld server and suggested I post a question here.  

BobHarrison,
  • 0
  • 0

How to resolve get-ldap-data-failure error in system logs

This document provides resolution for the error "get-ldap-data failure"  repeatedly in the system logs.   Issue Getting the error "get-ldap-data-failure" in the system logs every few minutes.     Cause This issue is caused when the firewall is trying to fetch the group information from the AD and the group

mgarg,
  • 0
  • 0

Panorama config edits

Here is the scenario   I have a M-100 with configs templates and devices groups for about 20 clusters of Palo’s ranging from 500’s to 7000’s.  I have imported the Panorama config into the migration tool.  I am editing one pair of 500s and have re-worked applications and changed the

sdssd,
  • 0
  • 1

Palo Alto Networks News of the Week – December 24, 2016

Did you miss any of this week’s Palo Alto Networks action? Don’t worry, we’ve rounded up the top news right here. Our Cybersecurity Predictions series continued with sure things and long shots for cybersecurity in 2017. This week’s predictions include: Japan Confronts SMB Cyber Resilience, Anticipating Tokyo 2020 Recruiters Search for Cyber Talent Outside of Security Unit 42 shared a review of regional malware trends in EMEA. Get the new technical documentation for Traps 3.4.2. When it comes to cloud security, ever wonder who’s responsible for what? We announced our …

Justin Hall,
  • 0
  • 0

Japanese Government Updates Cybersecurity Guidelines: Increased Focus on Cybersecurity Investments and SMBs

In December 2016, the Japanese Ministry of Economy, Trade and Industry (METI) and its Information-Technology Promotion Agency (IPA) released Cybersecurity Guidelines for Business Leadership ver. 1.1. (this is a Japanese link), an update of  ver. 1.0 published in December 2015 (this is a Japanese link; English press release is here). As our May 2016 blog post pointed out, METI’s Guidelines are aimed squarely at business executives. The December 2016 update builds upon the original document’s three principles and 10 action items, with two notable changes. First, the update includes a …

Danielle KrizMihoko Matsubara,
  • 0
  • 0

2017 Cybersecurity Predictions: Recruiters Search for Cyber Talent Outside of Security

This post is part of an ongoing blog series examining “Sure Things” (predictions that are almost guaranteed to happen) and “Long Shots” (predictions that are less likely to happen) in cybersecurity in 2017.   Cybersecurity is facing a shortage of qualified professionals to occupy the many openings within the sector. Earlier this year, Forbes and other sources pegged job vacancies for available cybersecurity sector jobs at 74 percent for the last five years, and that percentage number is expected to increase globally as security concerns become greater for small, medium …

Wendy BarnesJoe Strongone,
  • 0
  • 0
Displaying 2551 to 2580 of 10468