Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
6 résultats taggé PaloAlto  ✕
GreyNoise detects 500% surge in scans targeting Palo Alto Networks portals https://securityaffairs.com/182939/hacking/greynoise-detects-500-surge-in-scans-targeting-palo-alto-networks-portals.html
04/10/2025 23:15:51
QRCode
archive.org
thumbnail

securityaffairs.com
October 04, 2025
Pierluigi Paganini

GreyNoise saw a 500% spike in scans on Palo Alto Networks login portals on Oct. 3, 2025, the highest in three months.
Cybersecurity firm GreyNoise reported a 500% surge in scans targeting Palo Alto Networks login portals on October 3, 2025, marking the highest activity in three months.

On October 3, the researchers observed that over 1,285 IPs scanned Palo Alto portals, up from a usual 200. The experts reported that 93% of the IPs were suspicious, 7% malicious.
Most originated from the U.S., with smaller clusters in the U.K., Netherlands, Canada, and Russia.

GryNoise defined the traffic targeted and structured, aimed at Palo Alto login portals and split across distinct scanning clusters.

The scans targeted emulated Palo Alto profiles, focusing mainly on U.S. and Pakistan systems, indicating coordinated, targeted reconnaissance.

GreyNoise found that recent Palo Alto scanning mirrors Cisco ASA activity, showing regional clustering and shared TLS fingerprints linked to the Netherlands infrastructure. Both used similar tools, suggesting possible shared infrastructure or operators. The overlap follows a Cisco ASA scanning surge preceding the disclosure of two zero-day vulnerabilities.

“Both Cisco ASA and Palo Alto login scanning traffic in the past 48 hours share a dominant TLS fingerprint tied to infrastructure in the Netherlands. This comes after GreyNoise initially reported an ASA scanning surge before Cisco’s disclosure of two ASA zero-days.” reads the report published by Grey Noise. “In addition to a possible connection to ongoing Cisco ASA scanning, GreyNoise identified concurrent surges across remote access services. While suspicious, we are unsure if this activity is related. “

GreyNoise noted in July spikes in Palo Alto scans sometimes preceded new flaws within six weeks; The experts are monitoring if the latest surge signals another disclosure.
“GreyNoise is developing an enhanced dynamic IP blocklist to help defenders take faster action on emerging threats.” concludes the report.

securityaffairs.com EN 2025 GreyNoise PaloAlto Networks portals scan scanning
Palo Alto Releases Patch for PAN-OS DoS Flaw https://thehackernews.com/2024/12/palo-alto-releases-patch-for-pan-os-dos.html
27/12/2024 10:54:12
QRCode
archive.org

Palo Alto Networks has disclosed a high-severity vulnerability impacting PAN-OS software that could cause a denial-of-service (DoS) condition on susceptible devices.

The flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), impacts PAN-OS versions 10.X and 11.X, as well as Prisma Access running PAN-OS versions. It has been addressed in PAN-OS 10.1.14-h8, PAN-OS 10.2.10-h12, PAN-OS 11.1.5, PAN-OS 11.2.3, and all later PAN-OS versions.

thehackernews EN 2024 PaloAlto PAN-OS DoS Flaw CVE-2024-3393
EDR as an Offensive Tool https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
09/07/2024 12:26:36
QRCode
archive.org
thumbnail

Learn how SafeBreach developed malware integrated within Palo Alto Networks Cortex XDR, exploiting its ransomware protection feature.

safebreach EDR 2024 malware integrated XDR Paloalto Cortex
Palo Alto - Putting The Protecc In GlobalProtect (CVE-2024-3400) https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/
17/04/2024 11:04:20
QRCode
archive.org
thumbnail

Welcome to April 2024, again. We’re back, again.

Over the weekend, we were all greeted by now-familiar news—a nation-state was exploiting a “sophisticated” vulnerability for full compromise in yet another enterprise-grade SSLVPN device.

We’ve seen all the commentary around the certification process of these devices for certain .GOVs - we’re not here to comment on that, but sounds humorous.

watchtowr EN 2024 CVE-2024-3400 SSLVPN Paloalto GlobalProtect analysis
Deactivating Cortex XDR via repair function https://badoption.eu/blog/2024/03/23/cortex.html
26/03/2024 08:37:51
QRCode
archive.org

It is trivially possible to disable the Cortex EDR as a non-admin user by triggering a repair function. This is only working, if the Tamper Protection is not enforced! TL;DR; Trigger the repair via GUID Disrupt it when EDR is deactivated Done

badoption EN 2024 Cortex EDR non-admin installer repair Paloalto
Threat Actors Rapidly Adopt Web3 IPFS Technology https://unit42.paloaltonetworks.com/ipfs-used-maliciously/
19/04/2023 23:00:08
QRCode
archive.org
thumbnail

Web3 technologies are seeing widespread adoption — including by TAs. We discuss Web3 technology InterPlanetary File System (IPFS), and malicious use of it.

unit42 EN 2023 paloalto IPFS malicious use Web3
4817 links
Shaarli - Le gestionnaire de marque-pages personnel, minimaliste, et sans base de données par la communauté Shaarli - Theme by kalvn