https://live.paloaltonetworks.com/t5/general-topics/hidden-cobra-fbi-alert/m-p/215940#M62584 <P>Any update from PA on this alert by FBI</P><P>&nbsp;</P><P><A href="https://www.us-cert.gov/ncas/alerts/TA18-149A" target="_blank">https://www.us-cert.gov/ncas/alerts/TA18-149A</A></P> Wed, 30 May 2018 15:01:49 GMT raji_toor 2018-05-30T15:01:49Z https://live.paloaltonetworks.com/t5/general-topics/hidden-cobra-fbi-alert/m-p/215940#M62584 <P>Any update from PA on this alert by FBI</P><P>&nbsp;</P><P><A href="https://www.us-cert.gov/ncas/alerts/TA18-149A" target="_blank">https://www.us-cert.gov/ncas/alerts/TA18-149A</A></P> Wed, 30 May 2018 15:01:49 GMT https://live.paloaltonetworks.com/t5/general-topics/hidden-cobra-fbi-alert/m-p/215940#M62584 raji_toor 2018-05-30T15:01:49Z https://live.paloaltonetworks.com/t5/general-topics/hidden-cobra-fbi-alert/m-p/216054#M62598 <P>Both joanap and brambul are identified and signatures are available through dynamic updates</P> <P><A href="https://threatvault.paloaltonetworks.com/" target="_blank">https://threatvault.paloaltonetworks.com/</A></P> <P>&nbsp;</P> <P>The DHS' mitigation strategies are best practices so I'd also recommend you apply them (patch OSs, update AV and dynamic updates and make sure to scan all traffic, restrict users install capabilities (TRAPS helps in this regard) , be wary of email attachments, ...)</P> <P>&nbsp;</P> <P>They provided a list of IPs you can import to block malicious hosts (either by external dynamic list/minemeld, or creating an object and pasting the IPs)</P> <P>&nbsp;</P> <P>keep an eye on Unit 42 for official publications: <A href="https://www.paloaltonetworks.com/threat-research" target="_blank">https://www.paloaltonetworks.com/threat-research</A></P> Thu, 31 May 2018 07:30:43 GMT https://live.paloaltonetworks.com/t5/general-topics/hidden-cobra-fbi-alert/m-p/216054#M62598 reaper 2018-05-31T07:30:43Z