Threat & Vulnerability Discussions
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Threat & Vulnerability Discussions
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
About Threat & Vulnerability Discussions

Welcome to the Threat and Vulnerability discussion forum. This forum exists as a resource for security professionals to discuss and share information pertaining to the topics of threats and vulnerabilities.
Not a LIVEcommunity member? Simply click here and register!

Discussions

Mass unsubscribe

I work for an email marketing company.  We have a sender who sent out 3 separate emails blast to over 1 million contacts.   They had a very high unsubscribe rate.  After our engineering team looked at the logs, we see that all the unsubscribes happen

...

NoyesJ by L1 Bithead
  • 8823 Views
  • 8 replies
  • 0 Likes

Resolved! IP blcoking on ip scan

I wonder if there is dynamic blocking IP if on short period of time that IP did ip scan or try the same vulnerability attack on our IP range, becuse the attack was once on each policy rule it doesn't reach the vulnerability protection limit for block

...

SShnap by L3 Networker
  • 10494 Views
  • 5 replies
  • 0 Likes

Resolved! Youtube risk

Hi guys.

 

In Palo Alto Firewall 7.1.8 version, Youtube-base application is categorized with risk 4, because is Used by Malware and Has Known Vulnerabilities. I try to search for information about it but I couldn't find it yet. There is some informatio

...

DNT_FLAR by L0 Member
  • 5955 Views
  • 2 replies
  • 0 Likes

Command & Control or Just Ads?

In the last few days I have seen alerts for berbew.jb C2 traffic(192730665) and dynamer.bayo C2 traffic(192442683).  The odd thing here is that in the alert the same url is being accessed (ad.afy11.net/ad?mode=7&publisher_dsp_id=67&external_user_id=X

...

bayo.PNG
berbew.PNG
DIRTT by L2 Linker
  • 8329 Views
  • 5 replies
  • 3 Likes

Resolved! Daily Shodan scan?

Hello all,

 

We just recently made the Shodan wall of fame and I'm now getting their scan showing up every day in my Threat log. Our action is set to reset. What do you typically do in this case? Should I ignore this and accept I will be seeing this sc

...

ShodanScan.PNG

Threat ID for Unsafe Characters in URLs

Is there a Threat signature to detect Unsafe/ Illegal characters in an URL? I've searched the ThreatVault but I couldn't find any unfortunately.

 

For clarity this is what I'm talking about - https://perishablepress.com/stop-using-unsafe-characters-in-

...

adcar by L2 Linker
  • 3530 Views
  • 2 replies
  • 0 Likes
  • 511 Posts
  • 71 Subscriptions
Top Liked Authors