Threat & Vulnerability Discussions

Welcome to the Threat and Vulnerability Discussion Board

Welcome to the Threat and Vulnerability Forum

The purpose of this forum is to discuss security vulnerabilities and threats. Palo Alto Networks believes that understanding todays threat landscape is critical to effectively detecting and preventing cyb

...

Application risk factor

Is there any document explaining how and why an application is assigned a certain risk factor?

DNS Sinkhole - What constitutes investigation?

I have implemented DNS sinkholing and am curious what constitutes investigation. I am seeing some clients hitting the sinkhole but only for a short period (1-2 minutes or less).

I'm not sure if these could be drive-by download attempts, or what they

...

CVE-2019-9511 Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS)

Hi,

Just wondering on expected release for signature for this Vulnerability?

CVE-2019-9511 till CVE-2019-9518 capable of DoS attack. Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, po

...

Resolved! C2 threat Wgeneric.aazufa (threatid 269587899)

I am seeing this traffic on my network from a particular user so thought I would just check out a bit about it, but I can't find any reference to aazufa on the web (via google) other than the threat vault entry.

How come there is a threat which no-on

...

Resolved! URL Filtering - Dynamic Updates

Hello,

We have URL filtering with the PAN-DB license. If a URL is determined to be malicious, (from other URL checking websites, but not from Palo Aloto's yet, since they only categorized it as high risk and unknown at the moment). What is the best wa

...

Resolved! Hotmail session end Reason "threat"

im trying to allow hotmail. i have created a policy to allow hotmail. when going to the web site "mail.live.com" action is "allowed" however the session is ended because "threat" i cant quite find why and/or where hotmail application is being catago

...

Why are APPID and Threats not Separate Updates?

Don't tell me how to fix this, I already know how it works.

I need to know why Palo Alto does not have a separate APPID update and Threat update just like AV and WF are separate.

Using PA as an everything device we actually need Vulnerability and Ant

...

How to test DNS Security Properly?

In reading up on DNS Security I found that URL's provided for testing in the following document, Enabling DNS Security, do not accurately ensure DNS Security feature license is installed and configured. A very accurate indicator of this is that all o

...

PAN-SA-2019-0013 Mitigating Control

Does restricting the management interface from external exposure reduce the likelihood external exploitation of this vulnerability?

DNS logs

Is there a way to view and/or log dns queries and responses (outside of anti-spyware rules)? The passive DNS telemetry configuration seems to do what we want but those fqdn to IP mappings are sent to Palo and it doesn't appear that we can view what f

...

Resolved! stop dns tunnneling

what config i need to stop dns tunneling on the PA?

Traps CVE-2019-0708

Does Traps offer protection against CVE-2019-0708 ?

Credential Phishing Protection troubleshooting

hey community -

tearing my hair out here...I've set up a RoDC in my environment and added a test group to the allowed password replication group. I've configured the user and credential agents on the RoDC and they say connected to my firewall, and

...

New signature for polarbearrepo ( new zero-day from SandboxEscaper)?

As far as I can tell there isn't a CVE for this yet, but I would guess there will be one pretty soon. Hoping that Palo Alto is working on a signature as I write this, since SandboxExcaper released a POC...

Resolved! CVE-2019-0708 Remote Desktop Services Remote Code Execution Vulnerability - Expected Signature

Hi,

just wondering on expected release for signature for this Vulnerability?

CVE-2019-0708 - Remote Desktop Services Remote Code Execution Vulnerability

Details here:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

reg

...

Discussions

Welcome to the Threat and Vulnerability Discussion Board

Application risk factor

DNS Sinkhole - What constitutes investigation?

CVE-2019-9511 Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS)

Resolved! C2 threat Wgeneric.aazufa (threatid 269587899)

Resolved! URL Filtering - Dynamic Updates

Resolved! Hotmail session end Reason "threat"

Why are APPID and Threats not Separate Updates?

How to test DNS Security Properly?

PAN-SA-2019-0013 Mitigating Control

DNS logs

Resolved! stop dns tunnneling

Traps CVE-2019-0708

Credential Phishing Protection troubleshooting

New signature for polarbearrepo ( new zero-day from SandboxEscaper)?

Resolved! CVE-2019-0708 Remote Desktop Services Remote Code Execution Vulnerability - Expected Signature

Cannot update Adobe Creative Cloud

App & Threat Content Comparison Utility

Wildfire False Positive for THREAT-ID 614284446

Alert on domain fronting attempt

Threat ID: 640412733 - Virus/Win32.WGeneric.efuusy -> is this also a False Positive?

Re: Cannot update Adobe Creative Cloud

Microsoft Directory Services/ms-ds-smbv3 - Virus/Win32.WGeneric.yurld

Unlock your full community experience!

Resolved! C2 threat Wgeneric.aazufa (threatid 269587899)

Resolved! URL Filtering - Dynamic Updates

Resolved! Hotmail session end Reason "threat"

Resolved! stop dns tunnneling

Resolved! CVE-2019-0708 Remote Desktop Services Remote Code Execution Vulnerability - Expected Signature