Last week, we reported on attacks observed against East Asia that used Google Code for command and control (C2). As follow-on to that work, we pivoted on the C2 indicators of compromise (IoCs) within our WildFire platform, looking for additional malicious activity. One sample in particular caught our attention, downloaded on June 18 from 211.233.89.182

Palo Alto Networks® (NYSE: PANW), the leader in enterprise security, and Westcon Group, the value-added distributor of security, unified communications, network infrastructure, and data center solutions, today announced that the companies have expanded their global distribution agreement.

Yesterday, TrustedSec, a security consultancy based on Ohio, wrote that the recent breach at Community Health Systems (CHS) was the result of exploitation of the Heartbleed OpenSSL vulnerability (CVE-2014-0160). CHS’s 8-K filing on Monday did not reveal how the attackers got into their network, only that the records of approximately 4.5 million patients were stolen in

Palo Alto Networks® (NYSE: PANW), the leader in enterprise security, today presented new research highlighting security risks in the internal storage used by applications on Google Android devices. More than 94 percent of popular Android applications are potentially vulnerable.

Today, Palo Alto Networks researcher Claud Xiao is delivering a presentation titled “Insecure Internal Storage in Android” at the Hacks in Taiwan Conference (HITCON). Claud is discussing techniques for accessing private data in Android’s internal storage system using the Android Debug Bridge (ADB) backup/restore functionality. While over 85% of active Android devices are vulnerable to

Palo Alto Networks researchers discovered 3 new critical Internet Explorer (IE) vulnerabilities covering IE versions 8, 9, 10 and 11. Each of these discoveries allows full remote code execution using a memory corruption vulnerability in IE. They have been documented in Microsoft Security Bulletin MS14-051and part of the August 2014 Security Bulletin. Palo Alto Networks researcher Bo

Recently, FireEye published a blog titled “Operation Poisoned Hurricane” which detailed the use of PlugX malware variants signed with legitimate certificates that used Google Code project pages for command and control (C2). We were able to uncover multiple additional samples exploiting the same technique as well as an additional Google Code account with multiple projects

Summary Mutex analysis is an often overlooked and useful tool for malware author fingerprinting, family classification, and even discovery. Far from the hypothesized “huge amount of variability” in mutex names, likely hypothesized due to the seemingly random appearance of them, practical mutex usage is embarrassingly consistent. In fact, over 15% of all collected worms share

Steve Hoffman, Vice President of Sales for Palo Alto Networks Federal Josh Canary, Account General Manager for CSC - Department of Homeland Security, MPPD, and more importantly the CDM program. In this segment, Palo Alto Networks and CSC discuss Continuous Diagnostic and Mitigation (CDM) and the importance of an integrated platform to improve response times to zero days and APTs.

Steve Hoffman, Vice President of Sales for Palo Alto Networks Federal Josh Canary, Account General Manager for CSC - Department of Homeland Security, MPPD, and more importantly the CDM program. In this segment, Palo Alto Networks and CSC discuss Continuous Diagnostic and Mitigation (CDM) requirements and how Palo Alto Networks and CSC work together to meet them.

Steve Hoffman, Vice President of Sales for Palo Alto Networks Federal Josh Canary, Account General Manager for CSC - Department of Homeland Security, MPPD, and more importantly the CDM program. In this segment, Palo Alto Networks and CSC discuss how Continuous and Diagnostic Mitigation (CDM) relates to the existing Einstein program.

Read about the Palo Alto Networks enterprise security platform, which prevents all known file types from traversing government networks in-line.

Defense in Depth does not mean more security tools. The key to thwarting advanced attacks in today’s government networks is to reduce the attack surface to increase visibility to what matters: the anomalies in your network, across the kill chain.