Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
19 résultats taggé paloaltonetworks  ✕
Recent Jailbreaks Demonstrate Emerging Threat to DeepSeek https://unit42.paloaltonetworks.com/jailbreaking-deepseek-three-techniques/
03/02/2025 11:49:07
QRCode
archive.org
thumbnail

Evaluation of three jailbreaking techniques on DeepSeek shows risks of generating prohibited content. Evaluation of three jailbreaking techniques on DeepSeek shows risks of generating prohibited content.

paloaltonetworks EN 2025 LLM Jailbreak DeepSeek
EDR Bypass Testing Reveals Extortion Actor's Toolkit https://unit42.paloaltonetworks.com/edr-bypass-extortion-attempt-thwarted/
05/11/2024 15:54:13
QRCode
archive.org
thumbnail

A threat actor attempted to use an AV/EDR bypass tool in an extortion attempt. Instead, the tool provided Unit 42 insight into the threat actor.

paloaltonetworks EN 2024 EDR Bypass Testing Toolkit CortexXDR EDR
Jumpy Pisces Engages in Play Ransomware https://unit42.paloaltonetworks.com/north-korean-threat-group-play-ransomware/
31/10/2024 23:22:14
QRCode
archive.org
thumbnail

A first-ever collaboration between DPRK-based Jumpy Pisces and Play ransomware signals a possible shift in tactics.

paloaltonetworks unit42 Play Ransomware DPRK North-Korea
Lynx Ransomware: A Rebranding of INC Ransomware https://unit42.paloaltonetworks.com/inc-ransomware-rebrand-to-lynx/
21/10/2024 21:24:56
QRCode
archive.org
thumbnail

Discover recent attacks using Lynx ransomware, a rebrand of INC, targeting multiple crucial sectors in the U.S. and UK with prevalent double-extortion tactics. Discover recent attacks using Lynx ransomware, a rebrand of INC, targeting multiple crucial sectors in the U.S. and UK with prevalent double-extortion tactics.

paloaltonetworks EN 2024 Lynx Ransomware INC US UK analysis
Muddled Libra’s Evolution to the Cloud https://unit42.paloaltonetworks.com/muddled-libra-evolution-to-cloud/
09/04/2024 22:35:41
QRCode
archive.org
thumbnail

Unit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider (CSP) environments. Organizations often store a variety of data in SaaS applications and use services from CSPs. The threat actors have begun attempting to leverage some of this data to assist with their attack progression, and to use for extortion when trying to monetize their work.

unit42 EN 2024 paloaltonetworks MuddledLibra research CSP software-as-a-service
Large-Scale StrelaStealer Campaign in Early 2024 https://unit42.paloaltonetworks.com/strelastealer-campaign/
22/03/2024 12:15:51
QRCode
archive.org
thumbnail

We unravel the details of two large-scale StrelaStealer campaigns from 2023 and 2024. This email credential stealer has a new variant delivered through zipped JScript.
#2024 #Campaign #EN #JScript #StrelaStealer #analysis #paloaltonetworks

analysis EN 2024 JScript paloaltonetworks StrelaStealer Campaign
Fighting Ursa Aka APT28: Illuminating a Covert Campaign https://unit42.paloaltonetworks.com/russian-apt-fighting-ursa-exploits-cve-2023-233397/
08/12/2023 09:51:33
QRCode
archive.org
thumbnail

In three campaigns over the past 20 months, Russian APT Fighting Ursa has targeted over 30 organizations of likely strategic intelligence value using CVE-2023-23397.

paloaltonetworks EN 2023 APT28 CVE-2023-23397 Outlook
CVE-2023-34362: MOVEit Transfer SQL Injection Vulnerability Threat Brief https://unit42.paloaltonetworks.com/threat-brief-moveit-cve-2023-34362/
07/06/2023 20:25:16
QRCode
archive.org
thumbnail

On May 31, Progress Software posted a notification alerting customers of a critical Structured Query Language injection (SQLi) vulnerability (CVE-2023-34362) in their MOVEit Transfer product. MOVEit Transfer is a managed file transfer (MFT) application intended to provide secure collaboration and automated file transfers of sensitive data.

paloaltonetworks EN 2023 MOVEit SQL Injection Vulnerability CVE-2023-34362
Old Wine in the New Bottle: Mirai Variant Targets Multiple IoT Devices https://unit42.paloaltonetworks.com/mirai-variant-iz1h9/
27/05/2023 21:48:42
QRCode
archive.org
thumbnail

We analyze Mirai variant IZ1H9, which targets IoT devices. Our overview includes campaigns observed, botnet configuration and vulnerabilities exploited.

paloaltonetworks EN 2023 Mirai IZ1H9 IoT campaigns
GoBruteforcer: Golang-Based Botnet Actively Harvests Web Servers https://unit42.paloaltonetworks.com/gobruteforcer-golang-botnet/
13/03/2023 20:01:14
QRCode
archive.org
thumbnail

New Golang-based malware we have dubbed GoBruteforcer targets web servers. Golang is becoming popular with malware programmers due to its versatility.

unit42 EN 2023 Golang paloaltonetworks Botnet GoBruteforcer web servers
Vice Society: Profiling a Persistent Threat to the Education Sector https://unit42.paloaltonetworks.com/vice-society-targets-education-sector/
06/12/2022 19:52:15
QRCode
archive.org
thumbnail

Vice Society, a ransomware gang, has been involved in high-profile activity against schools this year.

unit42 EN 2022 paloaltonetworks vice-society education ransomware schools
Blowing Cobalt Strike Out of the Water With Memory Analysis https://unit42.paloaltonetworks.com/cobalt-strike-memory-analysis/
06/12/2022 06:51:47
QRCode
archive.org
thumbnail

Unit 42 researchers examine several malware samples that incorporate Cobalt Strike components, and discuss some of the ways that we catch these samples by analyzing artifacts from the deltas in process memory at key points of execution. We will also discuss the evasion tactics used by these threats, and other issues that make their analysis problematic.

unit42 EN 2022 CobaltStrike analysis paloaltonetworks
Banking Trojan Techniques: Financially Motivated Malware https://unit42.paloaltonetworks.com/banking-trojan-techniques/
01/11/2022 20:47:57
QRCode
archive.org

Understanding banking Trojan techniques can help detect other activities of financially motivated threat groups.

unit42 EN 2022 paloaltonetworks research Banking Trojan Techniques
Ransom Cartel Ransomware: A Possible Connection With REvil https://unit42.paloaltonetworks.com/ransom-cartel-ransomware/
18/10/2022 10:33:34
QRCode
archive.org
thumbnail

Ransom Cartel is ransomware as a service (RaaS) that exhibits several similarities to and technical overlaps with REvil ransomware. Read our overview.

unit42 paloaltonetworks EN 2022 Ransom-Cartel REvil RaaS
Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime https://unit42.paloaltonetworks.com/domain-shadowing/
22/09/2022 15:39:32
QRCode
archive.org
thumbnail

Domain shadowing is a special case of DNS hijacking where attackers stealthily create malicious subdomains under compromised domain names.

paloaltonetworks EN 2022 DNS hijacking Domain shadowing analysis IoCs Domain-shadowing
Mirai Variant MooBot Targeting D-Link Devices https://unit42.paloaltonetworks.com/moobot-d-link-devices/
07/09/2022 11:09:36
QRCode
archive.org
thumbnail

Attackers are leveraging known vulnerabilities in D-Link devices to deliver MooBot, a Mirai variant, potentially leading to further DDoS attacks.

unit42 paloaltonetworks EN 2022 Mirai Variant MooBot Targeting D-Link CVE-2015-2051 CVE-2018-6530 CVE-2022-26258 CVE-2022-28958 analysis
Legitimate SaaS Platforms Being Used to Host Phishing Attacks https://unit42.paloaltonetworks.com/platform-abuse-phishing/
24/08/2022 15:56:47
QRCode
archive.org
thumbnail

Platform-abuse phishing is on the rise. We analyze how attackers use services such as website builders to host phishing pages.

unit42 paloaltonetworks EN 2022 phishing attack SaaS abuse website-builders
Palo Alto bug used for DDoS attacks and there's no fix yet https://www.theregister.com/2022/08/12/palo_alto_bug/
13/08/2022 10:46:28
QRCode
archive.org
thumbnail

A high-severity Palo Alto Networks denial-of-service (DoS) vulnerability has been exploited by miscreants looking to launch DDoS attacks, and several of the affected products won't have a patch until next week

theregister EN 2022 paloaltonetworks bug DDoS CVE-2022-0028
New Emotet Infection Method https://unit42.paloaltonetworks.com/new-emotet-infection-method/
16/02/2022 19:57:47
QRCode
archive.org
thumbnail

As early as Dec. 21, 2021, Unit 42 observed a new infection method for the highly prevalent malware family Emotet. Emotet is high-volume malware that often changes and modifies its attack patterns. This latest modification of the Emotet attack follows suit.

paloaltonetworks emotet 2022 EN IoC malware
4259 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio