Unit 42 - Latest Cyber Security Research

Data leakage from mobile applications, as illustrated here, can make users trackable and open them to malicious attacks. The image shows a mobile device screen and icons representing attackers hovering around the device monitoring for leakage.

10,867

people reacted

Android Apps Leaking Sensitive Data Found on Google Play With 6 Million U.S. Downloads

By Stefan Achleitner and Chengcheng Xu
November 24, 2020 at 3:00 AM

8 min. read

A conceptual image illustrating finding vulnerabilities on the web. IAMFinder is a custom open source tool that can help organizations identify information leakage in AWS accounts.

11,064

people reacted

IAMFinder: Open Source Tool to Identify Information Leaked from AWS IAM Reconnaissance

By Jay Chen
November 19, 2020 at 12:00 PM

6 min. read

This conceptual image illustrates some of the security and configuration issues involved with the cloud, such as the issue with AWS resource-based policy APIs discussed here.

18,160

people reacted

Information Leakage in AWS Resource-Based Policy APIs

By Jay Chen
November 17, 2020 at 3:00 AM

6 min. read

A conceptual illustration representing malware

12,969

people reacted

A Closer Look at the Web Skimmer

By Jin Chen, Tao Yan, Taojie Wang and Yu Fu
November 9, 2020 at 6:00 AM

7 min. read

A conceptual image illustrating the concept of espionage, including the type of stealthy activity using backdoors that threat researchers observed the xHunt campaign using.

17,115

people reacted

xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control

By Robert Falcone
November 9, 2020 at 12:00 AM

12 min. read

The image illustrates the concept of ransomware, such as used by the threat group behind the Vatet loader, the PyXie remote access tool and the Defray777 ransomware

15,854

people reacted

When Threat Actors Fly Under the Radar: Vatet, PyXie and Defray777

By Ryan Tracey and Drew Schmitt
November 6, 2020 at 6:15 PM

26 min. read

The image represents the concept of a vulnerability, such as the vulnerabilities exposed by the source code leak discussed in this blog.

10,976

people reacted

Windows XP, Server 2003 Source Code Leak Leaves IoT, OT Devices Vulnerable

By Jun Du, Derick Liang and Aveek Das
November 6, 2020 at 9:00 AM

10 min. read

This conceptual image illustrates the concept of ransomware, such as the Ryuk ransomware discussed in this article

20,989

people reacted

Threat Assessment: Ryuk Ransomware and Trickbot Targeting U.S. Healthcare and Public Health Sector

By Brittany Barbehenn, Doel Santos and Brad Duncan
October 29, 2020 at 5:45 PM

9 min. read

A conceptual image that illustrates the concepts of cybersquatting and domain parking, both of which can be abused by malicious actors to distribute malware, etc.

16,500

people reacted

Domain Parking: A Gateway to Attackers Spreading Emotet and Impersonating McAfee

By Ruian Duan, Zhanhao Chen, Seokkyung Chung, Janos Szurdi and Jingwei Fan
October 29, 2020 at 3:00 AM

11 min. read

The image illustrates the concepts of adversaries, such as those that might attempt to attack the IoT supply chain

15,613

people reacted

Risks in IoT Supply Chain

By Anna Chung and Asher Davila
October 26, 2020 at 3:00 PM

8 min. read

The word "Tutorial," superimposed over an image used in the Wireshark Tutorial series.

19,847

people reacted

Wireshark Tutorial: Examining Dridex Infection Traffic

By Brad Duncan
October 23, 2020 at 9:00 AM

12 min. read

26,050

people reacted

Threat Brief: Microsoft Vulnerability CVE-2020-16898

By Mike Harbison and Brandon Young
October 14, 2020 at 12:45 PM

2 min. read

This conceptual image illustrates the idea of cybercrime.

21,633

people reacted

Two New IoT Vulnerabilities Identified with Mirai Payloads

By Ken Hsu, Yue Guan, Vaibhav Singhal and Qi Deng
October 14, 2020 at 12:00 PM

5 min. read

The image represents the concept of a vulnerability, such as CVE-2020-14386

32,443

people reacted

CVE-2020-14386: Privilege Escalation Vulnerability in the Linux kernel

By Or Cohen
October 9, 2020 at 5:00 PM

8 min. read

The conceptual image illustrates the idea of the risks that misconfigured IAM roles can pose for cloud workloads.

21,742

people reacted

Unit 42 Cloud Threat Report: Misconfigured IAM Roles Lead to Thousands of Compromised Cloud Workloads

By Jay Chen
October 8, 2020 at 6:00 AM

15 min. read

Highlights from the Unit 42 Cloud Threat Report, 2H 2020

Android Apps Leaking Sensitive Data Found on Google Play With 6 Million U.S. Downloads

Cloud Threats: Original Research and In-Depth Analysis

Don't Panic!: The Unit 42 Podcast

Android Apps Leaking Sensitive Data Found on Google Play With 6 Million U.S. Downloads

IAMFinder: Open Source Tool to Identify Information Leaked from AWS IAM Reconnaissance

Information Leakage in AWS Resource-Based Policy APIs

A Closer Look at the Web Skimmer

xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control

When Threat Actors Fly Under the Radar: Vatet, PyXie and Defray777

Windows XP, Server 2003 Source Code Leak Leaves IoT, OT Devices Vulnerable

Threat Assessment: Ryuk Ransomware and Trickbot Targeting U.S. Healthcare and Public Health Sector

Domain Parking: A Gateway to Attackers Spreading Emotet and Impersonating McAfee

Risks in IoT Supply Chain

Wireshark Tutorial: Examining Dridex Infection Traffic

Threat Brief: Microsoft Vulnerability CVE-2020-16898

Two New IoT Vulnerabilities Identified with Mirai Payloads

CVE-2020-14386: Privilege Escalation Vulnerability in the Linux kernel

Unit 42 Cloud Threat Report: Misconfigured IAM Roles Lead to Thousands of Compromised Cloud Workloads

Popular Resources

Legal Notices

Account

Get updates on Unit 42

Trending

Popular Resources

Legal Notices

Account