Unit 42 - Latest Cyber Security Research

The conceptual image represents internet attack trends such as those discussed here, including scanner activities and HTTP directory traversal exploitation attempts.

1,905

people reacted

Network Attack Trends: Internet of Threats

By Yue Guan, Lei Xu, Ken Hsu and Zhibin Zhang
January 22, 2021 at 6:00 AM

8 min. read

The word "Tutorial," superimposed over an image used in the Wireshark Tutorial series.

13,006

people reacted

Wireshark Tutorial: Examining Emotet Infection Traffic

By Brad Duncan
January 19, 2021 at 6:00 AM

15 min. read

This conceptual image illustrates the concept of cloud providers.

9,830

people reacted

Open Source Tool Release: Gaining Novel AWS Access With EBS Direct APIs

By Michael Bailey
January 12, 2021 at 6:00 AM

6 min. read

The BumbleBee webshell, conceptually illustrated here, was discovered as part of an investigation of the continued xHunt campaign.

13,043

people reacted

xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement

By Robert Falcone
January 11, 2021 at 12:01 AM

25 min. read

The image represents malicious email campaigns, such as TA551, often push a variety of malware, such as Valak and IcedID.

15,299

people reacted

TA551: Email Attack Campaign Switches from Valak to IcedID

By Brad Duncan
January 7, 2021 at 12:01 AM

9 min. read

A conceptual image illustrating the concept of DNS vulnerabilities through a set of folders with one opened by an attacker.

19,928

people reacted

The History of DNS Vulnerabilities and the Cloud

By Daniel Prizmant
December 28, 2020 at 6:00 AM

14 min. read

A conceptual image illustrating the concept of a cyberattack with widespread global effects, such as the suspected nation-state attack detailed in this SolarStorm timeline summary.

42,515

people reacted

SolarStorm Supply Chain Attack Timeline

By Unit 42
December 23, 2020 at 9:15 AM

11 min. read

Kubernetes, vulnerability CVE-2020-8554, conceptual image

23,289

people reacted

Protecting Against an Unfixed Kubernetes Man-in-the-Middle Vulnerability (CVE-2020-8554)

By Yuval Avrahami
December 21, 2020 at 3:30 PM

7 min. read

A conceptual image illustrating the concept of an adversary, such as the SolarStorm attackers discussed here, who created a novel .NET webshell known as SUPERNOVA.

48,636

people reacted

SUPERNOVA: A Novel .NET Webshell

By Matt Tennis
December 17, 2020 at 3:37 PM

6 min. read

Conceptual image illustrating the concept of malware, such as PyMICROPSIA, the malware family discussed here

23,267

people reacted

PyMICROPSIA: New Information-Stealing Trojan from AridViper

By Unit 42
December 14, 2020 at 6:00 AM

15 min. read

Conceptual image illustrating threat briefs, such as the threat brief here covering the FireEye Red Team Tool Breach.

24,639

people reacted

Threat Brief: FireEye Red Team Tool Breach

By Unit 42
December 10, 2020 at 9:10 PM

3 min. read

Cryptojacking is conceptually illustrated here. The category includes PGMiner, a new cryptocurrency mining botnet delivered via PostgreSQL.

22,571

people reacted

PGMiner: New Cryptocurrency Mining Botnet Delivered via PostgreSQL

By Xiao Zhang, Yang Ji, Jim Fitzgerald, Yue Chen and Claud Xiao
December 10, 2020 at 6:00 AM

9 min. read

Threat brief illustration. Standard image covering quick analyses of how to mitigate vulnerabilities such as CVE-2020-4006.

18,817

people reacted

Threat Brief: VMware Command Injection Vulnerability (CVE-2020-4006)

By Shawn Westfall
December 9, 2020 at 4:00 PM

2 min. read

This conceptual image illustrates the idea of malware, such as the njRAT spreading through active Pastebin command and control tunnel that is discussed in this blog.

17,025

people reacted

njRAT Spreading Through Active Pastebin Command and Control Tunnel

By Yanhui Jia, Chris Navarrete and Haozhe Zhang
December 9, 2020 at 6:00 AM

6 min. read

This image represents the concept of ransomware, such as the Egregor ransomware discussed here.

18,231

people reacted

Threat Assessment: Egregor Ransomware

By Doel Santos, Brittany Barbehenn and Robert Falcone
December 8, 2020 at 6:00 PM

5 min. read

Threat Brief: SolarStorm and SUNBURST Customer Coverage

Network Attack Trends: Internet of Threats

Cloud Threats: Original Research and In-Depth Analysis

Don't Panic!: The Unit 42 Podcast

Network Attack Trends: Internet of Threats

Wireshark Tutorial: Examining Emotet Infection Traffic

Open Source Tool Release: Gaining Novel AWS Access With EBS Direct APIs

xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement

TA551: Email Attack Campaign Switches from Valak to IcedID

The History of DNS Vulnerabilities and the Cloud

SolarStorm Supply Chain Attack Timeline

Protecting Against an Unfixed Kubernetes Man-in-the-Middle Vulnerability (CVE-2020-8554)

SUPERNOVA: A Novel .NET Webshell

PyMICROPSIA: New Information-Stealing Trojan from AridViper

Threat Brief: FireEye Red Team Tool Breach

PGMiner: New Cryptocurrency Mining Botnet Delivered via PostgreSQL

Threat Brief: VMware Command Injection Vulnerability (CVE-2020-4006)

njRAT Spreading Through Active Pastebin Command and Control Tunnel

Threat Assessment: Egregor Ransomware

Popular Resources

Legal Notices

Account

Get updates on Unit 42

Trending

Popular Resources

Legal Notices

Account