Next-Gen Drive: Robert Megennis Ends Season With Strong Finish

posted by: on September 27, 2016 5:00 AM

filed in: Cybersecurity, Events
tagged: , ,

Robert Megennis is a 16-year-old racing prodigy. Palo Alto Networks is proud to be a sponsor of Rob’s races for the 2016 Mazda Road to Indy racing season. Check out his adventures from this season and see why we consider him a true next-generation competitor!

It’s official. As the 2016 season came to a close, Palo Alto Networks driver Robert Megennis became the highest finishing rookie and walked, err…drove away with two awards:

  • Season-long Tilton Hard Charger Award
  • Highest finishing American driver in the Cooper Tires USF2000 Championship Presented by Mazda

Robert, who finished 48 points clear of the next rookie competitor and twice making the podium this season, had a busy season but managed to squeeze in a visit to Palo Alto Networks HQ in Santa Clara, California, giving fans a glimpse into the world of a professional racecar driver.

…Continue reading

Sofacy’s ‘Komplex’ OS X Trojan

posted by: , and on September 26, 2016 11:00 AM

filed in: Unit 42
tagged: , , , ,

Unit 42 researchers identified a new OS X Trojan associated with the Sofacy group that we are now tracking with the ‘Komplex’ tag using the Palo Alto Networks AutoFocus threat intelligence platform.

The Sofacy group, also known as APT28, Pawn Storm, Fancy Bear, and Sednit, continues to add to the variety of tools they use in attacks; in this case, targeting individuals in the aerospace industry running the OS X operating system. During our analysis, we determined that Komplex was used in a previous attack campaign targeting individuals running OS X that exploited a vulnerability in the MacKeeper antivirus application to deliver Komplex as a payload. Komplex shares a significant amount of functionality and traits with another tool used by Sofacy – the Carberp variant that Sofacy had used in previous attack campaigns on systems running Windows. In addition to shared code and functionality, we also discovered Komplex command and control (C2) domains that overlapped with previously identified phishing campaign infrastructures associated with the Sofacy group. …Continue reading

Ask the Right Questions: Advice to CEOs and CISOs Addressing the State of the Art Paradox

posted by: on September 26, 2016 1:00 AM

filed in: CSO Perspective
tagged: , , , , , , , ,

As we’ve previously discussed, the Network and Information Security (NIS) Directive and General Data Protection Regulation (GDPR), which will be introduced in 2018, include among their requirements the concept of “state of the art.” This means that organizations must take into account technologies and practices that are state of the art in security when deciding how to invest in mitigating risks associated with data protection (in the case of GDPR) and the protection of essential services that have a dependency on network and information systems (in the case of the NIS directive).

Overall, the new requirement for state of the art is a positive, giving opportunity to re-architect security capability with a focus on better mitigating cyber risks and thus preventing successful data breaches, but it’s apparent that many organizations are still working out what this means for them. We’ve recently commissioned IDC to conduct research into how businesses in Europe perceive the upcoming requirements. …Continue reading

Older posts →