Threat & Vulnerability Discussions
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Threat & Vulnerability Discussions
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
About Threat & Vulnerability Discussions

Welcome to the Threat and Vulnerability discussion forum. This forum exists as a resource for security professionals to discuss and share information pertaining to the topics of threats and vulnerabilities.
Not a LIVEcommunity member? Simply click here and register!

Discussions

Missing CVE

Dear Team,

 

Kindly we need to know if the below high vulnerabilities will be added soon as there are no signatures for them on Palo Alto:

 

1- CVE-2022-2601 regarding the below:

https://linux.oracle.com/cve/CVE-2022-2601.html

2- CVE-2022-3775 regard

...

Resolved! OneNote Extension File blocking

There has been an increase of reports of malware using One Note files in malware campaign but i dont see the .one extension listed in the file blocking list. 

 

I see the Microsoft Office, I am not sure if .one is included in that category but i dont

...

PyPI repository attack

Hi team,

The maintainers of Python Package Index (PyPI), the official third-party software repository for the Python programming language, have temporarily disabled the ability for users to sign up and upload new packages until further noti

...

Koberoi3 by L0 Member
  • 766 Views
  • 0 replies
  • 0 Likes

DNS Signatures

some logs showing the message “Suspicious DNS Query”, it will easy for us to analyse. But the logs showing code “577407756(577407756)”, we are not able to understand what it mean for.

DNS Signature for threat logs-1.png

EvilExtractor

We have concerns about the Evil Extractor malware posted here: https://www.fortinet.com/blog/threat-research/evil-extractor-all-in-one-stealer
I have not been able to find anything on the PA Cortex or Firewall Pages and need to get information back to

...

AUkill Tool - EDR Killer

What are the things needs to be configured to protect our infrastructure from New AuKill Tool, which is used by Ransomware group Or our Current Cortex XSIAM version is capable to detect and prevent this.

"AuKill to disable Endpoint Detection & Respon

...

Jitu by L0 Member
  • 1483 Views
  • 1 replies
  • 1 Likes

Resolved! Security profiles best practise

Palo Alto have the following Security profiles by default (pre-defined)

 

Antivirus - default 

Antivirus - default & strict

Vulnerability protection- default & strict

 

Would like to Palo alto recommendation on applying the different security profile

...

GKumar10 by L0 Member
  • 2162 Views
  • 1 replies
  • 0 Likes
  • 498 Posts
  • 63 Subscriptions
This widget could not be displayed.
Top Solution Authors