Threat & Vulnerability Discussions

Welcome to the Threat and Vulnerability Discussion Board

Welcome to the Threat and Vulnerability Forum

The purpose of this forum is to discuss security vulnerabilities and threats. Palo Alto Networks believes that understanding todays threat landscape is critical to effectively detecting and preventing cyb

...

Resolved! We have enabled ssl inbound decryption and able to exploit the vulnerabilty

We have ssl inbound decryption configured and from outside we are able to exploit the vulnerabilty.

Need to know why PA allows the connection for that signature.

Vul threat id is 57230

Name Telerik Web UI

Resolved! Spyware with DNS Protection

Hi All,

Our Firewall drop DNS traffic of C&C ( us.jaxonsorensen.club, news.sqllitlerver.info & log.osloger.biz) with source IP Address of Firewall. This issue after update the Threat 28/05/2020.

Will appreciate any help/suggestions.

Best regards,

Khai

...

Resolved! Microsoft Directory Services/ms-ds-smbv3 - Virus/Win32.WGeneric.yurld

We are see numerous alarms from our SIEM from our Palo Alto firewall. Here is a copy of a scrubbed log message below. When asking the user about their activity, they only RDP'ed into various servers from their laptop via the Globalprotect VPN for rem

...

Resolved! Microsoft URL being DNS sinkholed suddenly?

Has anyone else started getting DNS sinkhole threat alerts for the below domain? About half a day ago I started getting a tonne of sinkhole alarms from our PA for this URL. It looks to be a legitimate Microsoft domain and IP. In the PA threat log it

...

incorrect destination zone in threat logs

Hi,

if the firewall is configured with zone protection profiles and the setting "set system setting additional-threat-log on" is configured, i have noticed the destination zone is not correctly (in my example 8.8.8.8 is reachable over the outside zon

...

Resolved! DNS issues after implementing GeoBlock policy.

Hey guys, wanted to see if I can can get any input on this here - had to Geoblock one of the countries for inbound/outbound traffic completely. Everything was fine until I found out that one of the employees started having issues with email delivery

...

SSL Self Signed Certificate Vulnerability

Does anybody know how to mitigate this vulnerability? This is being detected on our PA-3020 series firewalls running PAN OS 8.1.13.

Resolved! Microsoft office/teams malicious traffic

We are seeing bunch of Microsoft office 365/teams related traffic categorized as vulnerable/virus. But we don't find anything malicious about it, although it is being dropped.

Resolved! Malicious traffic blocked by PAN : Virus/Win32.WGeneric.ajbecg(340897548)

Hi Team,

These are the below sign identified in our network and want to know the reason for this trigger.

Please provide the related application effected? Why are this signature identified and what the user is trying to access so that PAN blocked the t

...

Virus/Win32.WGeneric.ajqxax

Starting yesterday I have seen virus alerts on my firewall relating to the above virus. The file names in question are Teams.nuspec and Teams-1.3.00.12058-full.nupkg. Googling around it appears the files are legit. File 1.3.00.12058-full.nupkg is the

...

How to stop MortiAgent Malware using the snort rule ?

Software Version

9.0.5

Problem Description: How to stop MortiAgent Malware using snort rule ?

I want to stop the MoriAgent malware by applying /using snort rule & also using yara rule?

How to configure this in Palo alto ?

Below are snort & Yara Rules:

1

...

Minemeld Syslog Miner Not parsing Messages

Hi, I am working with a new installation of Minemeld running on ubuntu 16.04. if I do a TCP dump I can see the Syslog but minemeld is not parsing them. I check the /var/log/Syslog and found this.

It seems that some modules are missing and that gives a

...

Tofsee TLS Fingerprint Detection

Hi all,

Since the moment we updated our threat database to 8204-5736 we see THOUSANDS of 'Tofsee TLS Fingerprint Detection' threat matches.

I assume they are false positives? Anyone else seeing the same?

It's skewing our monitoring stats significantly s

...

How to detect zip bomb file?

Hi,

I got following new malicious nature.

https://fossbytes.com/zipbomb-unzips-46mb-file-into-4-5-petabytes/

https://www.bamsoftware.com/hacks/zipbomb/

Can PA or Wildfire detect a zip bomb file?

DNS sinkhole v9.0.1

Have 2 HA VMs with 9.0.1

Following this article: https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-admin/threat-prevention/use-dns-queries-to-identify-infected-hosts-on-the-network/identify-infected-hosts.html

In section 3), how does this need to b

...

Discussions

Welcome to the Threat and Vulnerability Discussion Board

Resolved! We have enabled ssl inbound decryption and able to exploit the vulnerabilty

Resolved! Spyware with DNS Protection

Resolved! Microsoft Directory Services/ms-ds-smbv3 - Virus/Win32.WGeneric.yurld

Resolved! Microsoft URL being DNS sinkholed suddenly?

incorrect destination zone in threat logs

Resolved! DNS issues after implementing GeoBlock policy.

SSL Self Signed Certificate Vulnerability

Resolved! Microsoft office/teams malicious traffic

Resolved! Malicious traffic blocked by PAN : Virus/Win32.WGeneric.ajbecg(340897548)

Virus/Win32.WGeneric.ajqxax

How to stop MortiAgent Malware using the snort rule ?

Minemeld Syslog Miner Not parsing Messages

Tofsee TLS Fingerprint Detection

How to detect zip bomb file?

DNS sinkhole v9.0.1

Alert on domain fronting attempt

Threat ID: 640412733 - Virus/Win32.WGeneric.efuusy -> is this also a False Positive?

TID 95187 is not on my signature list

What's the difference between antivirus signatures and WildFire signatures

EDL Dynamic Domain list that is allowed in Anti-spyware profile> DNS Polices is getting sinkholed

Unlock your full community experience!

Resolved! We have enabled ssl inbound decryption and able to exploit the vulnerabilty

Resolved! Spyware with DNS Protection

Resolved! Microsoft Directory Services/ms-ds-smbv3 - Virus/Win32.WGeneric.yurld

Resolved! Microsoft URL being DNS sinkholed suddenly?

Resolved! DNS issues after implementing GeoBlock policy.

Resolved! Microsoft office/teams malicious traffic

Resolved! Malicious traffic blocked by PAN : Virus/Win32.WGeneric.ajbecg(340897548)