Threat & Vulnerability Discussions

Welcome to the Threat and Vulnerability Discussion Board

Welcome to the Threat and Vulnerability Forum

The purpose of this forum is to discuss security vulnerabilities and threats. Palo Alto Networks believes that understanding todays threat landscape is critical to effectively detecting and preventing cyb

...

Microsoft Directory Services/ms-ds-smbv3 - Virus/Win32.WGeneric.yurld?

We are see numerous alarms from our SIEM from our Palo Alto firewall. Here is a copy of a scrubbed log message below. When asking the user about their activity, they only RDP'ed into various servers from their laptop via the Globalprotect VPN for rem

...

Wildfire is allowed to dynamic analysis for File Type Unknown Extention

We just need to know the wildfire file type which is allowed to dynamic analysis.

As I know the following URL described allowed file type for sandboxing but what happened with unknown Extention when it classified as an unknown file.

https://docs.paloa

...

Threat 109020001 detection, dropping LAN traffic after 10.0.0 upgrade

After upgrading from v9.1.3 to v10.0.0, I'm seeing detections for 109020001 (newly registered domain) for traffic to/from addresses in a private class C subnet. It's also taking a drop action.

I can't find the signature in vulnerability profiles to

...

Resolved! Virus/Win32.WGeneric.akzslp - ffmpeg.dll

Hi,

Since 2020-07-20 I have been getting Virus alerts in the Threat log on my PAN. It has pointed out that ffmpeg.dll is the culprit.

I pivoted a search by <<Virus/Win32.WGeneric[.]akzslp>> on THREAT VAULT: I found the hash "ea3e32a18d5d2c3dfcf9ff8238

...

Block VPN for School Students

Good afternoon

I'm hoping someone might have an answer for me. I'm trying to see if there is a way to block any traffic coming from a Student IPad or Laptop when they try and use a VPN Client or more so a VPN Add-On in Firefox or Chrome. I'm hoping

...

Resolved! Exception for DNS signature which is showing the ID as 0 and FQDN as unknow

Getting false positive for the Link tivoli.com.qa as threat name(68360795).Its getting DNS sinkholing.Can anyone help to know how we give the exception only for the threat ID 68360795 and the Fqdn is tivoli.com.qa. Attached screenshots below

Resolved! Ripple20 Vulnerability Group

Hi there

About 14 days ago a group of new 19 vulnerabilities were published under the name of "ripple20" by JSOF (https://www.jsof-tech.com/ripple20/). So far I could not find any information about in the community (which I find very strange... Maybe

...

Resolved! Digium Asterisk WebSocket Frame Empty Payload Denial-of-Service Vulnerabi

How do I report or provide feedback regarding the Cortex Alert named "Digium Asterisk WebSocket Frame Empty Payload Denial-of-Service Vulnerability" that are being generated by the PAN NGFW, with the Initiator CMD of:

"C:\Program Files\WindowsApps\Mic

...

find IoC already in Minemeld

I have a miner set up in Minemeld, to which I can add IP addresses for blocking. I would like to find out if our Minemeld, or PA NGFW, is already blocking an IP address. How can I do that?

Thanks

Resolved! Virus/Win32.WGeneric.ajdriy - OneDriveSetup.exe

Hi,

Since yesterday April 13/2020 I have been getting Virus alerts in the Threat log on my PAN 3020. It has pointed out that OneDriveSetup.exe is the culprit.

I went to a few machines and searched for OneDriveSetup.exe and uploaded it to VirusTotal.

...

Is this false positive

office365-enterprise-access app getting dropped.

Resolved! Virus/Win32.WGeneric.aktpum - OneDriveSetup.exe detected via an Antivirus

Hello,
Are seeing the following in Cortex XDR
'Threat ID #348815361' generated by PAN NGFW detected on host 10.x.x.x involving user ZZZZ\first.last

Threat ID: 2418537

Current Release: 3394 (2020-06-28 UTC)

First Release: 3394 (2020-06-28 UTC)

SHA256:

...

Security profile testing

I am currently building out more granular policies that have application groups applied as well as security profiles for AV, malware, vulnerability and URL filtering. I will be applying these to a test firewall and would like to build out a test plan

...

Resolved! URL Filtering

http://shodan.io/ URL is categorized as hacking website.

Can someone advise as internal users want access to it?

Resolved! We have enabled ssl inbound decryption and able to exploit the vulnerabilty

We have ssl inbound decryption configured and from outside we are able to exploit the vulnerabilty.

Need to know why PA allows the connection for that signature.

Vul threat id is 57230

Name Telerik Web UI

Discussions

Welcome to the Threat and Vulnerability Discussion Board

Microsoft Directory Services/ms-ds-smbv3 - Virus/Win32.WGeneric.yurld?

Wildfire is allowed to dynamic analysis for File Type Unknown Extention

Threat 109020001 detection, dropping LAN traffic after 10.0.0 upgrade

Resolved! Virus/Win32.WGeneric.akzslp - ffmpeg.dll

Block VPN for School Students

Resolved! Exception for DNS signature which is showing the ID as 0 and FQDN as unknow

Resolved! Ripple20 Vulnerability Group

Resolved! Digium Asterisk WebSocket Frame Empty Payload Denial-of-Service Vulnerabi

find IoC already in Minemeld

Resolved! Virus/Win32.WGeneric.ajdriy - OneDriveSetup.exe

Is this false positive

Resolved! Virus/Win32.WGeneric.aktpum - OneDriveSetup.exe detected via an Antivirus

Security profile testing

Resolved! URL Filtering

Resolved! We have enabled ssl inbound decryption and able to exploit the vulnerabilty

TID 95187 is not on my signature list

What's the difference between antivirus signatures and WildFire signatures

EDL Dynamic Domain list that is allowed in Anti-spyware profile> DNS Polices is getting sinkholed

false positive 626399763

Are there signature release for CVE-2023-6237 etc?

Re: cytray.exe "bad image" errors following Agent update

Re: cytray.exe "bad image" errors following Agent update

Re: cytray.exe "bad image" errors following Agent update

Query regarding CVE-2024-3400

Re: TID 95187 is not on my signature list

Unlock your full community experience!

Resolved! Virus/Win32.WGeneric.akzslp - ffmpeg.dll

Resolved! Exception for DNS signature which is showing the ID as 0 and FQDN as unknow

Resolved! Ripple20 Vulnerability Group

Resolved! Digium Asterisk WebSocket Frame Empty Payload Denial-of-Service Vulnerabi

Resolved! Virus/Win32.WGeneric.ajdriy - OneDriveSetup.exe

Resolved! Virus/Win32.WGeneric.aktpum - OneDriveSetup.exe detected via an Antivirus

Resolved! URL Filtering

Resolved! We have enabled ssl inbound decryption and able to exploit the vulnerabilty