Thursday, September 4, 2025

Palo Alto Content Updates - version 9016 of the Applications and Threats content update

Changes in version 9016 of the Applications and Threats content update, which includes new App-IDs, vulnerability signatures, and other threat-related information.

Key Points & Best Practices

  • New App-IDs and changes are often released as Threat Signature Indicators (TSIDs) first, allowing users to prepare before they are officially activated in a future content update.

  • You can now check the coverage status of upcoming CVEs (Common Vulnerabilities and Exposures) directly through Threat Vault.

  • The update disables Anti-Spyware signature #21051 to resolve performance issues.

Upcoming Changes (Intended for September 16, 2025)

  • App-ID Expansion: Coverage will be expanded for several App-IDs, including naver-ndrive to cover NAVER MyBOX traffic, and snmp-base to cover Dell PowerScale SNMP traffic. The liveperson and whatsapp-base App-IDs will also be expanded to cover their respective homepages.

  • New App-IDs: Several new ICS, IoT, and OT App-IDs will be introduced, such as ifm-vision-discovery and beijer-ix-hmi.

  • Reduced Coverage: The ms-office365-copilot App-ID will have its coverage reduced to prevent false positives by no longer identifying non-Copilot traffic like Outlook Spellcheck.

  • New URL Category: The Compromised-Website URL category will be activated, with the recommended default action being "Block."

New & Modified Signatures

  • New Anti-Spyware Signatures: Two new signatures have been added, one for a critical backdoor and another for a high-severity webshell.

  • New Vulnerability Signatures: 19 new vulnerability signatures have been added, with a majority being critical-severity issues related to buffer overflows and remote code execution in various products like Tenda, Microsoft SharePoint, and Cisco.

  • Modified Signatures: Four vulnerability signatures have been updated with improved detection logic to either cover new exploits or address potential false positives. 12 other signatures have been updated with changes to their metadata information.

  • Disabled Signature: Anti-Spyware signature #21051, which detects Emotet downloader traffic, has been disabled due to performance issues.

at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

precipitous loss of value by the Argentine Peso

The sustained, precipitous loss of value by the Argentine Peso is not a single event but the predictable outcome of chronic, deeply rooted m...

  • boardsi - summary - review
     Summarization of hundreds of comments on Reddit. Ineffective Service: The users explicitly states, "Confirmed that it doesn't w...
  • Privacy Policy, Flipp
    Based on a review of the provided Privacy Policy , here are some potential legal implications and issues that should be addressed: Scope a...