This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Threat & Vulnerability Discussions
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Threat & Vulnerability Discussions
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
About Threat & Vulnerability Discussions

Welcome to the Threat and Vulnerability discussion forum. This forum exists as a resource for security professionals to discuss and share information pertaining to the topics of threats and vulnerabilities.
Not a LIVEcommunity member? Simply click here and register!

Discussions

Start a conversation

Resolved! CVE-2023-38802

Hi,

 

Regarding CVE-2023-38802, DDOS in BGP software,  would this apply only to public ASNs/BGP sessions established on public internet?   I have BGP configured on PAN firewalls but only running BGP over IPSec tunnels using private ASNs

 

I would thi

...

Malicious .zip file detected as "HackTool/Win32.mimikatz" by AV policy and action shows as 'reset-both' but the file was not blocked

Hello,

 

While doing testing around our security controls, we did intentionally try to download Mimikatz onto an isolated workstation to see if Palo Alto blocks the download, however though Palo did alert with multiple threat names starting with "Hac

...

Network

Hi Team,

We have a customer he is facing issue with, Sliver Framework Command and Control Traffic Detection - ThreatID 86680.

He is getting below sync error,

URL : mail.google.com/sync/u/0/i/s?hl=en&c=649&rt=r&pt=ji 

I have gone through the below art

...

Resolved! Spyware Detections

Hi Community,

 

Lately we are noticing on one of our clients environment where PA is flagging traffic to "mail.google.com" as Spyware. The captured signature is "sliver framework command and control traffic detection".

 

I did run the captured URL "m

...

Resolved! dns sinkhole rule

hi all

 

 

we are in a dilemma, we have enable dns sinkhole in our anti-spyware profile enable:

dns sinkhole > DNS Policies > default-paloalto-dns > sinkhole enable .

DNS Sinkhole Setting> IPv4 > X.X.X.X

Now, this profile is also added to our securit

...

Resolved! Blocking Scammer website (cryptocurrency)

I stumbled accros this article on Bleeping Computers

https://www.bleepingcomputer.com/news/security/tiktok-flooded-by-elon-musk-cryptocurrency-giveaway-scams/

To my surprise the URL's mentioned in the article where considered safe. 

Palo Alto had the

...

Remko by L1 Bithead
  • 6527 Views
  • 7 replies
  • 0 Likes

Cortex XDR Remote account enumeration

Hello,

today we have interesting alert

 

At least 33 distinct non-existing accounts failed to remotely log in to XX-Laptop1. Users list: name.user, user name, user.name, username

 

User has no idea - all day at school, behind NAT. What I cannot reall

...

LukasB_0-1663265938108.png
LukasB_1-1663266012645.png
LukasB by L2 Linker
  • 4094 Views
  • 3 replies
  • 1 Likes
  • 509 Posts
  • 69 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks