Coveo

A pictorial representation of malware like Agent Racoon, Ntospy and Mimilite. An open laptop against a blue background is flanked by exclamation points. On the laptop screen are overlapping windows with a bug icon representing the malware.

1,451

people reacted

New Tool Set Found Used Against Organizations in the Middle East, Africa and the US

By Chema Garcia
December 1, 2023 at 3:00 AM

14 min. read

A pictorial representation of a vulnerability such as that found in Google Workspace. A stylized cloud with a lock hanging from it surrounded by technical tools. The Palo Alto Networks and Unit 42 logos.

922

people reacted

Exploring a Critical Risk in Google Workspace's Domain-Wide Delegation Feature

By Zohar Zigdon
November 30, 2023 at 3:00 PM

10 min. read

12,001

people reacted

Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors

By Unit 42
November 21, 2023 at 6:00 AM

112

17 min. read

A pictorial representation of Stately Taurus. The head of a bull inset on a red circle. The constellation of taurus. These elements are surrounded by a starry night sky.

6,675

people reacted

Stately Taurus Targets the Philippines As Tensions Flare in the South Pacific

By Unit 42
November 17, 2023 at 3:00 AM

6 min. read

A pictorial representation of a vulnerability like CVE-2023-36884, CVE-2023-36584,. A laptop screen displays lines of text. A magnifying glass examining the screen has within it a warning icon.

7,590

people reacted

In-Depth Analysis of July 2023 Exploit Chain Featuring CVE-2023-36884 and CVE-2023-36584

By Eli Birkan, Dan Yashnik, Oriel Cochavi, Bar Lahav and Mike Harbison
November 13, 2023 at 3:00 AM

18 min. read

A collection of icons representing the dangers of clickbait sites. Warning icons, a figure wearing a mask, phishing and more. The Palo Alto Networks and Unit 42 logos.

3,037

people reacted

High Traffic + High Vulnerability = an Attractive Target for Criminals: The Dangers of Viewing Clickbait Sites

By Shresta Bellary Seetharam, Tao Yan, Nabeel Mohamed, Tim Hofmockel, Alex Starov and Brad Duncan
November 9, 2023 at 12:00 PM

8 min. read

A pictorial representation of a Chinese APT targeting Cambodian government entities. A world map with location markers. Around it are icon of types of attacks: bugs, hacking, and other indicators of tools such as graphs.

8,913

people reacted

Chinese APT Targeting Cambodian Government

By Unit 42
November 7, 2023 at 9:01 PM

5 min. read

Pictorial representation of the APT Agonizing Serpens. An illustrated orange and red snake is highlighted by a red circle against a night sky. The constellation serpens.

8,889

people reacted

Agonizing Serpens (Aka Agrius) Targeting the Israeli Higher Education and Tech Sectors

By Or Chechik, Tom Fakterman, Daniel Frank and Assaf Dahan
November 6, 2023 at 3:00 AM

19 min. read

Threat brief conceptual image for CVE-2023-4966 affecting Citrix/NetScaler. A long scroll with data and text floats before an orange background.

6,546

people reacted

Threat Brief: Citrix Bleed CVE-2023-4966

By Unit 42
November 1, 2023 at 3:00 PM

5 min. read

Conducting Robust Learning for Empire Command and Control Detection

1,993

people reacted

Conducting Robust Learning for Empire Command and Control Detection

By Qian Feng, Chris Navarrete, Yanhui Jia, Yu Fu, Iris Dai, Nina Smith and Brad Duncan
November 1, 2023 at 3:00 AM

10 min. read

A purple illustrated bear against a night sky with stars. Its head is inset in a red circle. The constellation ursa.

5,888

people reacted

Over the Kazuar’s Nest: Cracking Down on a Freshly Hatched Backdoor Used by Pensive Ursa (Aka Turla)

By Daniel Frank and Tom Fakterman
October 31, 2023 at 6:00 AM

20 min. read

A pictorial representation of exposed IAM keys. A server sits among clouds and is surrounded by icons of components often connected to the cloud: phone, password, laptop, documents among others.

6,186

people reacted

CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keys

By William Gamazo and Nathaniel Quist
October 30, 2023 at 4:40 AM

15 min. read

A pictorial representation of malware leveraging Pluggable Authentication Modules (PAM) APIs. An open laptop against a blue background is flanked by exclamation points. On the laptop screen are overlapping windows with a bug icon representing the malware.

4,725

people reacted

When PAM Goes Rogue: Malware Uses Authentication Modules for Mischief

By Siddharth Sharma
October 26, 2023 at 6:00 AM

4 min. read

Threat Brief: Cisco IOS XE Web UI Privilege Escalation Vulnerability (Updated)

6,969

people reacted

Threat Brief: Cisco IOS XE Web UI Privilege Escalation Vulnerability (Updated)

By Unit 42
October 18, 2023 at 5:30 PM

4 min. read

A pictorial representation of the BlackCat ransomware gang. A hand offers money to another hand holding keys. In the background is a computer screen with the biohazard symbol on it.

11,008

people reacted

BlackCat Climbs the Summit With a New Tactic

By Unit 42
October 18, 2023 at 6:00 AM

122

9 min. read

New Tool Set Found Used Against Organizations in the Middle East, Africa and the US

Cloud Threats: Original Research and In-Depth Analysis

Threat Vector: The Unit 42 Podcast

New Tool Set Found Used Against Organizations in the Middle East, Africa and the US

Exploring a Critical Risk in Google Workspace's Domain-Wide Delegation Feature

Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors

Stately Taurus Targets the Philippines As Tensions Flare in the South Pacific

In-Depth Analysis of July 2023 Exploit Chain Featuring CVE-2023-36884 and CVE-2023-36584

High Traffic + High Vulnerability = an Attractive Target for Criminals: The Dangers of Viewing Clickbait Sites

Chinese APT Targeting Cambodian Government

Agonizing Serpens (Aka Agrius) Targeting the Israeli Higher Education and Tech Sectors

Threat Brief: Citrix Bleed CVE-2023-4966

Conducting Robust Learning for Empire Command and Control Detection

Over the Kazuar’s Nest: Cracking Down on a Freshly Hatched Backdoor Used by Pensive Ursa (Aka Turla)

CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keys

When PAM Goes Rogue: Malware Uses Authentication Modules for Mischief

Threat Brief: Cisco IOS XE Web UI Privilege Escalation Vulnerability (Updated)

BlackCat Climbs the Summit With a New Tactic

Popular Resources

Legal Notices

Account

Get updates from Unit 42

Trending

Popular Resources

Legal Notices

Account