All news with #palo alto networks tag

Palo Alto Networks Salesforce Breach Exposes Support Data

🔒 Palo Alto Networks confirmed a Salesforce CRM breach after attackers used compromised OAuth tokens from the Salesloft Drift incident to access its instance. The intrusion was limited to Salesforce and exposed business contacts, account records and portions of support cases; technical attachments were not accessed. The company quickly disabled the app, revoked tokens and said Unit 42 found no impact to products or services.

Palo Alto Networks Salesforce Breach Exposes Customer Data

🔒 Palo Alto Networks confirmed a Salesforce data breach after attackers abused OAuth tokens stolen in the Salesloft Drift supply-chain incident to access its CRM. The intruders exfiltrated business contact, account records and support Case data, which in some instances contained sensitive IT details and passwords. Palo Alto says products and services were not affected, tokens were revoked, and credentials rotated.

Palo Alto Networks Response to Salesloft/Drift Breach

🔐 Palo Alto Networks confirmed last week that a breach of Salesloft’s Drift third‑party application allowed unauthorized access to customer Salesforce data, affecting hundreds of organizations including Palo Alto Networks. We immediately disconnected the vendor integration from our Salesforce environment and directed Unit 42 to lead a comprehensive investigation. The investigation found the incident was isolated to our CRM platform; no Palo Alto Networks products or services were impacted, and exposed data primarily included business contact information, internal sales account records and basic case data. We are proactively contacting a limited set of customers who may have had more sensitive data exposed and have made support available through our customer support channels.

Salt Typhoon APT Expands to Netherlands, Targets Routers

🔒 Salt Typhoon, a persistent Chinese-aligned threat actor, has expanded operations into the Netherlands by compromising routers at smaller ISPs and hosting providers. Intelligence agencies report the group exploits known flaws in Ivanti, Palo Alto Networks, and Cisco devices to obtain long-term access and pivot through trusted provider links. Authorities urge organizations to audit configurations, disable management access, enforce public-key administrative authentication, remove default credentials, and keep vendor-recommended OS versions up to date to reduce exposure.

Joint Advisory Reveals Salt Typhoon APT Techniques Worldwide

🔍 Salt Typhoon, a Chinese state-aligned APT also tracked as Operator Panda/RedMike, is the subject of a joint advisory from intelligence and cybersecurity agencies across 13 countries. The report links the group to Chinese entities tied to the PLA and MSS and documents repeated exploitation of n-day flaws in network edge devices from vendors such as Ivanti, Palo Alto Networks and Cisco. It details persistence via ACL modifications, tunneled proxies, credential capture via RADIUS/TACACS+, and exfiltration over peering and BGP, and urges telecoms to hunt for intrusions, patch quickly and harden management interfaces.

Salt Typhoon Exploits Router Flaws to Breach 600 Orgs

🔒Salt Typhoon, a China-linked APT, exploited vulnerabilities in Cisco, Ivanti, and Palo Alto Networks edge devices to compromise and persistently control routers worldwide. The actors modified device configurations, created GRE tunnels, and used on-box Linux containers to stage tools and exfiltrate data. Agencies from 13 countries linked the campaign to three Chinese firms and warned of espionage impacting telecoms, government, transport, lodging, and military sectors.

Chinese Tech Firms Linked to Salt Typhoon Espionage

🔍 A joint advisory from the UK, US and allied partners attributes widespread cyber-espionage operations to the Chinese APT group Salt Typhoon and alleges assistance from commercial vendors that supplied "cyber-related products and services." The report names Sichuan Juxinhe Network Technology, Beijing Huanyu Tianqiong Information Technology and Sichuan Zhixin Ruijie Network Technology. It warns attackers exploited known vulnerabilities in edge devices to access routers and trusted provider connections, and urges immediate patching, proactive hunting using supplied IoCs, and regular review of device logs.

Palo Alto Networks Named Leader in HMF Magic Quadrant

🔐 Palo Alto Networks has been named a Leader in the inaugural 2025 Gartner Magic Quadrant for Hybrid Mesh Firewall, recognized for both Completeness of Vision and Ability to Execute. The announcement highlights the Strata Network Security Platform, which unifies hardware, virtual, container, cloud-native and FWaaS deployments under a single, cloud-based management plane. Powered by Precision AI®, the platform delivers consistent policy, automation and real-time threat prevention across hybrid environments.

Countering PRC State-Sponsored Network Compromise Worldwide

🛡️ U.S. and international agencies warn that People's Republic of China (PRC) state-sponsored actors have been compromising global networks since at least 2021 to collect communications and other intelligence. Actors targeted telecommunications backbone routers, provider- and customer-edge devices, and infrastructure across government, transportation, lodging, and military sectors. They exploited known CVEs (for example CVE-2024-21887, CVE-2024-3400, Cisco CVEs), modified devices to maintain persistence using on-box PCAP/containers and tunnels, and exfiltrated data via peering and covert channels. The advisory includes IP indicators, binary hashes, Yara/Snort rules, hunting guidance, and prioritized mitigations to patch, isolate management planes, harden credentials, and detect PCAP creation.

Palo Alto Networks Named Leader in IDC IR Services

🔒 Palo Alto Networks' Unit 42 has been named a Leader in the 2025 IDC MarketScape for Worldwide Incident Response Services. Published 2025-08-26 by Sam Rubin, the announcement highlights Unit 42's threat-informed, tech-driven methodology combining telemetry from over 70,000 customers, tracking of more than 200 threat groups, and 150+ intel partnerships. Deep integration with Palo Alto Networks platforms, notably Cortex, plus AI and automation, is credited with faster detection, containment, and reduced dwell time. Unit 42 emphasizes post-incident transformation mapped to MITRE ATT&CK and NIST to help organizations not only recover but emerge more resilient.

Hybrid Mesh Firewall: Unified Security for Hybrid Networks

🔒 Today’s distributed, cloud-first enterprises face complex security gaps across on-premises, cloud and edge environments. The article introduces the Hybrid Mesh Firewall (HMF) model and positions Palo Alto Networks as delivering a complete platform that unifies hardware, virtual, container and FWaaS firewalls under Strata Cloud Manager. It emphasizes Precision AI for continuous, real-time threat prevention and cites integrated security services to simplify operations and reduce blind spots.

Frenemies in Cybersecurity: Balancing Competition & Sharing

🤝 In a Threat Vector podcast, Michael Sikorski and Michael Daniel of the Cyber Threat Alliance discuss how competing vendors must nonetheless collaborate to counter shared threats. Daniel recalls how pooled observations during the 2017 WannaCry outbreak revealed its worm-like propagation and accelerated industry response. He emphasizes that the main obstacles to sharing are human—culture, legal risk, and lack of executive prioritization—and that concrete guardrails (antitrust-compliance statements, embargo protocols, and equal treatment) build the trust needed for timely intelligence exchange. The post cautions that as adversaries adopt AI and automation, systematic collaboration is essential.

Value Exchange in Cybersecurity: Aligning Vendors & Partners

🤝 Strong vendor–partner alignment drives faster resolution, tailored deployments and sustained security outcomes for customers. Palo Alto Networks frames this mutual commitment as the value exchange and supports it with investments such as a refreshed Learning Center for Partners to build role-based expertise. When vendors and partners operate as a unified ecosystem, platformization reduces silos, lowers total cost of ownership and enables unified visibility and faster remediation. Weak collaboration, conversely, increases downtime, cost and risk.

GenAI-Enabled Phishing: Risks from AI Web Services

🚨 Unit 42 analyzes how rapid adoption of web-based generative AI is creating new phishing attack surfaces. Attackers are leveraging AI-powered website builders, writing assistants and chatbots to generate convincing phishing pages, clone brands and automate large-scale campaigns. Unit 42 observed real-world credential-stealing pages and misuse of trial accounts lacking guardrails. Customers are advised to use Advanced URL Filtering and Advanced DNS Security and report incidents to Unit 42 Incident Response.

PAN-OS 12.1 Orion: Quantum-Ready Multicloud Security

🔐 PAN-OS 12.1 Orion delivers a framework for quantum-ready and multicloud security, combining automated asset discovery, continuous risk assessment and centralized management via Strata Cloud Manager. It introduces an industry-first cipher translation to make legacy applications quantum-safe, plus quantum-optimized fifth-generation NGFW hardware for high-scale PQC inspection. The release also expands AI-driven detections and one-click deployment across AWS/Azure/GCP.

Palo Alto Networks' Quantum Security and PQC Tools

🔒 Palo Alto Networks announced a portfolio of quantum security innovations in PAN-OS 12.1 Orion and new fifth‑generation NGFWs to help organizations accelerate quantum readiness. The company introduces a Cryptographic Inventory in Strata Cloud Manager to identify and remediate weak or vulnerable cryptography. It delivers PQC support for NIST and prestandard algorithms and hybrid classical/post‑quantum options for VPNs and TLS. A new cipher translation proxy preserves legacy systems while migration proceeds, and Palo Alto Networks is advancing QRNG and QKD standards through industry initiatives.

Donut Shellcode: End-to-End Malware Analysis Tutorial

🧩 This Unit 42 tutorial walks analysts through a complete infection chain that uses Donut-generated shellcode, showing how a small position-independent routine computes its own base address via a call/pop/sub pattern and how that base drives payload offsets. The authors use step-by-step static and dynamic analysis with IDA Pro, x64dbg, dnSpy, and ProcessHacker to validate findings. Readers are shown common techniques such as dynamic API resolution, process injection, and AMSI bypass through memory patching, and are directed to a full PDF on the authors' GitHub for the complete walkthrough.

Palo Alto Networks Opens Local Cloud Region in South Africa

🌍 Palo Alto Networks has launched a new cloud location in South Africa to bring its AI-powered security platforms closer to local organizations. The region will host core services including Cortex XSIAM, Prisma SASE, Advanced WildFire, Advanced DNS Security, Strata Cloud Manager and Strata Logging Service. Local hosting is designed to reduce latency, meet data residency and sovereignty requirements, and deliver real-time detection, automated response and centralized logging. The investment aims to support South Africa’s digital transformation while addressing rising ransomware and phishing threats across the region.

CISA Alerts: Palo Alto PAN-OS Vulnerability Under Attack

🔔 CISA has warned that firewalls running Palo Alto Networks PAN-OS are under active attack and require immediate patching. The issue, tracked as CVE-2022-0028, can be abused without authentication to perform reflected and amplified TCP denial-of-service attacks using PA-Series, VM-Series and CN-Series devices. Palo Alto has released patches for multiple PAN-OS branches and CISA added the flaw to its Known Exploited Vulnerabilities Catalog, urging federal agencies to remediate by September 9. Administrators should review URL filtering profiles with blocked categories on externally facing interfaces and apply vendor fixes promptly.