Resolved! Ripple20 Vulnerability Group

Hi there

About 14 days ago a group of new 19 vulnerabilities were published under the name of "ripple20" by JSOF (https://www.jsof-tech.com/ripple20/). So far I could not find any information about in the community (which I find very strange... Maybe

Resolved! Digium Asterisk WebSocket Frame Empty Payload Denial-of-Service Vulnerabi

How do I report or provide feedback regarding the Cortex Alert named "Digium Asterisk WebSocket Frame Empty Payload Denial-of-Service Vulnerability" that are being generated by the PAN NGFW, with the Initiator CMD of:

"C:\Program Files\WindowsApps\Mic

Resolved! Virus/Win32.WGeneric.ajdriy - OneDriveSetup.exe

Hi,

Since yesterday April 13/2020 I have been getting Virus alerts in the Threat log on my PAN 3020. It has pointed out that OneDriveSetup.exe is the culprit.

I went to a few machines and searched for OneDriveSetup.exe and uploaded it to VirusTotal.

Resolved! Virus/Win32.WGeneric.aktpum - OneDriveSetup.exe detected via an Antivirus

Hello, 
Are seeing the following in Cortex XDR 
'Threat ID #348815361' generated by PAN NGFW detected on host 10.x.x.x involving user ZZZZ\first.last

Threat ID: 2418537

Current Release: 3394 (2020-06-28 UTC)

First Release: 3394 (2020-06-28 UTC)

SHA256:  

Resolved! URL Filtering

http://shodan.io/ URL is categorized as hacking website.

Can someone advise as internal users want access to it?

Resolved! We have enabled ssl inbound decryption and able to exploit the vulnerabilty

We have ssl inbound  decryption configured  and from outside we are able to exploit the vulnerabilty.

Need to know why PA allows the connection for that signature.

Vul  threat id is 57230

Name Telerik Web UI

Resolved! Spyware with DNS Protection

Hi All,

Our Firewall drop DNS traffic of C&C ( us.jaxonsorensen.club, news.sqllitlerver.info & log.osloger.biz) with source IP Address of Firewall. This issue after update the Threat 28/05/2020. 

Will appreciate any help/suggestions.

Best regards,

Khai

Resolved! Microsoft Directory Services/ms-ds-smbv3 - Virus/Win32.WGeneric.yurld

We are see numerous alarms from our SIEM from our Palo Alto firewall. Here is a copy of a scrubbed log message below. When asking the user about their activity, they only RDP'ed into various servers from their laptop via the Globalprotect VPN for rem

Resolved! Microsoft URL being DNS sinkholed suddenly?

Has anyone else started getting DNS sinkhole threat alerts for the below domain? About half a day ago I started getting a tonne of sinkhole alarms from our PA for this URL. It looks to be a legitimate Microsoft domain and IP. In the PA threat log it

Resolved! DNS issues after implementing GeoBlock policy.

Hey guys, wanted to see if I can can get any input on this here - had to Geoblock one of  the countries for inbound/outbound traffic completely. Everything was fine until I found out that one of the employees started having issues with email delivery