Palo Alto Networks

Chinese PlugX Malware Hidden in Your USB Devices?

Unit 42 researchers discovered a PlugX malware variant that stood out as it infects any attached removable USB media devices such as floppy, thumb, or flash drives and any additional systems the USB is later plugged into.

Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats

As of December 2022, Unit 42 researchers observed 134 million exploit attempts in total leveraging this vulnerability, and about 97% of these attacks occurred after the start of August 2022. At the time of writing, the attack is still ongoing.

PurpleUrchin Campaign Bypasses CAPTCHA and Steals Cloud Platform Resources for Cryptomining

Automated Libra is a South African-based freejacking group that primarily targets cloud platforms offering limited-time trials of cloud resources in order to perform their cryptomining operations.

Meddler-in-the-Middle Phishing Attacks Explained

MitM phishing attacks are a state-of-the-art type of phishing attack capable of breaking two-factor authentication (2FA) while avoiding many content-based phishing detection engines.

New Generation of Kerberos Attacks

The broad usage of Active Directory has made Kerberos attacks the bread and butter of many threat actors. Because of their similarity to the well-known Golden Ticket attack, threat actors might also use these attacks in future campaigns.

Compromised Cloud Compute Credentials: Case Studies From the Wild

Cloud breaches often stem from misconfigured storage services or exposed credentials. A growing trend of attacks specifically targets cloud compute services to steal associated credentials and illicitly gain access to cloud infrastructure.

Blowing Cobalt Strike Out of the Water With Memory Analysis

Cobalt Strike was designed from the ground up to help red teams armor their payloads to stay ahead of security vendors, and it regularly introduces new evasion techniques to try to maintain this edge.

Analysis of Luna Moth Callback Phishing Campaign

In this campaign, attackers use legitimate and trusted systems management tools to interact directly with a victim’s computer, to manually exfiltrate data to be used for extortion.

Typhon Cryptominer-for-Hire Malware Resurfaces With New Capabilities

The original version of Typhon Stealer was updated and released with the new name of “Typhon Reborn.” This new version has increased anti-analysis techniques and it was modified to improve the stealer and file grabber features.

Researchers Find Three Vulnerabilities in OpenLiteSpeed Web Server

The Unit 42 research team discovered three different vulnerabilities in the open-source OpenLiteSpeed Web Server. These vulnerabilities also affect the enterprise version, LiteSpeed Web Server.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags