This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Threat & Vulnerability Discussions
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Threat & Vulnerability Discussions
This forum provides information regarding how to detect and prevent the impact of vulnerabilities, malware, and other threats through the use of the Palo Alto Networks security platform.
About Threat & Vulnerability Discussions

Welcome to the Threat and Vulnerability discussion forum. This forum exists as a resource for security professionals to discuss and share information pertaining to the topics of threats and vulnerabilities.
Not a LIVEcommunity member? Simply click here and register!

Discussions

Start a conversation

Student extensive use of VPNs.

Hello Livecommunity. We are in a bind. We have numerous students on our school networks that are bypassing security profile rules with VPNs. So frustrating. I do have rulesets that look for annnomizers and proxies. I also have explicit rules that loo

...

JCMoritz by L1 Bithead
  • 6054 Views
  • 4 replies
  • 0 Likes

Resolved! CVE-2023-38802

Hi,

 

Regarding CVE-2023-38802, DDOS in BGP software,  would this apply only to public ASNs/BGP sessions established on public internet?   I have BGP configured on PAN firewalls but only running BGP over IPSec tunnels using private ASNs

 

I would thi

...

Malicious .zip file detected as "HackTool/Win32.mimikatz" by AV policy and action shows as 'reset-both' but the file was not blocked

Hello,

 

While doing testing around our security controls, we did intentionally try to download Mimikatz onto an isolated workstation to see if Palo Alto blocks the download, however though Palo did alert with multiple threat names starting with "Hac

...

Network

Hi Team,

We have a customer he is facing issue with, Sliver Framework Command and Control Traffic Detection - ThreatID 86680.

He is getting below sync error,

URL : mail.google.com/sync/u/0/i/s?hl=en&c=649&rt=r&pt=ji 

I have gone through the below art

...

Resolved! Spyware Detections

Hi Community,

 

Lately we are noticing on one of our clients environment where PA is flagging traffic to "mail.google.com" as Spyware. The captured signature is "sliver framework command and control traffic detection".

 

I did run the captured URL "m

...

Resolved! dns sinkhole rule

hi all

 

 

we are in a dilemma, we have enable dns sinkhole in our anti-spyware profile enable:

dns sinkhole > DNS Policies > default-paloalto-dns > sinkhole enable .

DNS Sinkhole Setting> IPv4 > X.X.X.X

Now, this profile is also added to our securit

...

Resolved! Blocking Scammer website (cryptocurrency)

I stumbled accros this article on Bleeping Computers

https://www.bleepingcomputer.com/news/security/tiktok-flooded-by-elon-musk-cryptocurrency-giveaway-scams/

To my surprise the URL's mentioned in the article where considered safe. 

Palo Alto had the

...

Remko by L1 Bithead
  • 8220 Views
  • 7 replies
  • 0 Likes
  • 538 Posts
  • 74 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks