Recherche : [unit42] - Cyberveille

Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats https://unit42.paloaltonetworks.com/realtek-sdk-vulnerability/

24/01/2023 23:27:48

We observed a recent spate of supply chain attacks attempting to exploit CVE-2021-35394, affecting IoT devices with chipsets made by Realtek.

Meddler-in-the-Middle Phishing Attacks Explained MitM https://unit42.paloaltonetworks.com/meddler-phishing-attacks/

22/12/2022 22:47:44

Meddler-in-the-Middle (MitM) phishing attacks show how threat actors find ways to get around traditional defenses and advice.

Vice Society: Profiling a Persistent Threat to the Education Sector https://unit42.paloaltonetworks.com/vice-society-targets-education-sector/

06/12/2022 19:52:15

Vice Society, a ransomware gang, has been involved in high-profile activity against schools this year.

Blowing Cobalt Strike Out of the Water With Memory Analysis https://unit42.paloaltonetworks.com/cobalt-strike-memory-analysis/

06/12/2022 06:51:47

Unit 42 researchers examine several malware samples that incorporate Cobalt Strike components, and discuss some of the ways that we catch these samples by analyzing artifacts from the deltas in process memory at key points of execution. We will also discuss the evasion tactics used by these threats, and other issues that make their analysis problematic.

Banking Trojan Techniques: Financially Motivated Malware https://unit42.paloaltonetworks.com/banking-trojan-techniques/

01/11/2022 20:47:57

Understanding banking Trojan techniques can help detect other activities of financially motivated threat groups.

Ransom Cartel Ransomware: A Possible Connection With REvil https://unit42.paloaltonetworks.com/ransom-cartel-ransomware/

18/10/2022 10:33:34

Ransom Cartel is ransomware as a service (RaaS) that exhibits several similarities to and technical overlaps with REvil ransomware. Read our overview.

Credential Gathering From Third-Party Software https://unit42.paloaltonetworks.com/credential-gathering-third-party-software/

19/09/2022 23:44:41

Users often store passwords in third-party software for convenience – but credential gathering techniques can target this behavior.

Mirai Variant MooBot Targeting D-Link Devices https://unit42.paloaltonetworks.com/moobot-d-link-devices/

07/09/2022 11:09:36

Attackers are leveraging known vulnerabilities in D-Link devices to deliver MooBot, a Mirai variant, potentially leading to further DDoS attacks.

Legitimate SaaS Platforms Being Used to Host Phishing Attacks https://unit42.paloaltonetworks.com/platform-abuse-phishing/

24/08/2022 15:56:47

Platform-abuse phishing is on the rise. We analyze how attackers use services such as website builders to host phishing pages.

ChromeLoader: New Stubborn Malware Campaign https://unit42.paloaltonetworks.com/chromeloader-malware/

17/07/2022 08:47:41

In January 2022, a new browser hijacker/adware campaign named ChromeLoader (also known as Choziosi Loader and ChromeBack) was discovered. Despite using simple malicious advertisements, the malware became widespread, potentially leaking data from thousands of users and organizations.

When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors https://unit42.paloaltonetworks.com/brute-ratel-c4-tool/

07/07/2022 07:30:53

Unit 42 continuously hunts for new and unique malware samples that match known advanced persistent threat (APT) patterns and tactics. On May 19, one such sample was uploaded to VirusTotal, where it received a benign verdict from all 56 vendors that evaluated it. Beyond the obvious detection concerns, we believe this sample is also significant in terms of its malicious payload, command and control (C2), and packaging.

There Is More Than One Way to Sleep: Dive Deep Into the Implementations of API Hammering by Various Malware Families https://unit42.paloaltonetworks.com/api-hammering-malware-families/

26/06/2022 13:26:06

Learn about the unique implementations of API Hammering malware samples and how to mitigate them.

Liens par page

Filtres