Palo Alto Networks

Exposing HelloXD Ransomware and x4k

Unlike other ransomware groups, this ransomware family doesn’t have an active leak site; instead it prefers to direct the impacted victim to negotiations through TOX chat and onion-based messenger instances.

Dridex Infection Chain Case Studies

Recently, during December 2021, Unit 42 researchers received various Dridex samples, which were exploiting XLL and XLM 4.0 in combination with Discord and OneDrive to download the final payload.

Defeating BazarLoader Anti-Analysis Techniques

It employs two distinctive anti-analysis techniques. The first is API function hashing, a known trick to obfuscate which functions are called. The second is an opaque predicate, a technique used for control flow obfuscation.

AWS's Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation

Containers can escape regardless of whether they run Java applications, or whether their underlying host runs Bottlerocket, AWS's hardened Linux distribution for containers.

Defense Against Cloud Threats: The Role of IAM Policies

Most organizations are unprepared for an attack through the exploitation of weak IAM policies. Adversaries target cloud IAM credentials and are ultimately able to collect these credentials as part of their standard operating procedures.

New SolarMarker (Jupyter) Campaign Demonstrates the Malware’s Changing Attack Patterns

Researchers have identified a new version of SolarMarker, a malware family known for its infostealing and backdoor capabilities, mainly delivered through search engine optimization (SEO) manipulation to convince users to download malicious documents.

How a Vulnerability in Third-Party Technology Is Leaving Many IP Cameras and Surveillance Systems Vulnerable

A large number of IP cameras and surveillance systems used in enterprise networks were recently discovered to be vulnerable to remote code execution and information leakage due to CVE-2021-28372.

Container Escape to Shadow Admin Enabled by GKE Autopilot Vulnerabilities

An attacker could have exploited these issues to escalate privileges and become a "shadow administrator" with the ability to covertly exfiltrate secrets, deploy malware or cryptominers, and disrupt workloads.

Emotet Malware Spreads by Hijacking Email Threats and Luring Users with Malicious Attachments

As early as December 21, 2021, researchers from Palo Alto Networks' Unit 42 observed a new infection method for the highly prevalent malware family Emotet involving thread hijacking.

Observing Attacks Against Hundreds of Exposed Services in Public Clouds

Researchers found that 80% of the 320 honeypots were compromised within 24 hours and all of the honeypots were compromised within a week, with some of them facing hundreds of attacks.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags