Unit 42 - Latest Cyber Security Research

A conceptual image representing a cyber adversary, such as the BEC SilverTerrier threat actor recently arrested as part of Operation Delilah.

3,856

people reacted

Operation Delilah: Unit 42 Helps INTERPOL Identify Nigerian Business Email Compromise Actor

By Unit 42
May 25, 2022 at 6:25 AM

5 min. read

Threat brief standard image, in this case used for a threat brief on CVE-2022-22954 and other VMware vulnerabilities.

8,550

people reacted

Threat Brief: VMware Vulnerabilities Exploited in the Wild (CVE-2022-22954 and Others)

By Ruchna Nigam
May 20, 2022 at 6:00 AM

5 min. read

A conceptual image representing targeted attacks, including the XLL Files and Dridex infection chain discussed here.

8,987

people reacted

Weaponization of Excel Add-Ins Part 2: Dridex Infection Chain Case Studies

By Saqib Khanzada
May 19, 2022 at 12:00 PM

8 min. read

A conceptual image representing phishing - one of the primary delivery methods for Emotet malware, covered here.

12,074

people reacted

Emotet Summary: November 2021 Through January 2022

By Brad Duncan
May 17, 2022 at 6:00 AM

13 min. read

A conceptual image representing cloud service providers. So far, ransomware in public clouds is rare, partly due to the attention cloud service providers pay to securing their infrastructure.

10,290

people reacted

A Look Into Public Clouds From the Ransomware Actor's Perspective

By Jay Chen
May 16, 2022 at 6:00 AM

14 min. read

A conceptual image representing malicious email, which can often come with suspicious attachments such as the Compiled HTML Help file delivering Agent Tesla discussed here.

12,361

people reacted

Harmful Help: Analyzing a Malicious Compiled HTML Help File Delivering Agent Tesla

By Tyler Halfpop
May 12, 2022 at 3:00 PM

4 min. read

A conceptual image representing a vulnerability, such as CVE-2022-1388, discussed in this threat brief

20,027

people reacted

Threat Brief: CVE-2022-1388

By Unit 42
May 10, 2022 at 1:45 PM

2 min. read

A conceptual image that represents malware, including the malicious uses of Cobalt Strike and its metadata encoding algorithm covered here.

15,268

people reacted

Cobalt Strike Analysis and Tutorial: CS Metadata Encoding and Decoding

By Chris Navarrete, Durgesh Sangvikar, Yu Fu, Yanhui Jia and Siddhart Shibiraj
May 6, 2022 at 12:00 PM

9 min. read

A conceptual image representing malware, such as BazarLoader, often known for anti-analysis techniques

24,487

people reacted

Defeating BazarLoader Anti-Analysis Techniques

By Mark Lim
April 25, 2022 at 6:00 AM

7 min. read

A conceptual image representing ransomware, including the BlackByte ransomware discussed here.

23,842

people reacted

Threat Assessment: BlackByte Ransomware

By Amer Elsad
April 21, 2022 at 12:00 PM

10 min. read

A conceptual image representing a vulnerability in the AWS Log4Shell hot patch. It shows a java symbol inside a container with one door open.

49,154

people reacted

AWS's Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation

By Yuval Avrahami
April 19, 2022 at 3:00 PM

7 min. read

A conceptual image representing containers, including the K8s clusters discussed here.

20,067

people reacted

Gaining Visibility Within Container Clusters

By Nathaniel Quist
April 15, 2022 at 6:00 AM

10 min. read

A conceptual image representing trends, including the trends in web threats discussed here, including trends in web threats landing URLs and web threats malicious host URLs

20,773

people reacted

Trends in Web Threats: Attackers Were More Active During Holiday Season

By Cecilia Hu, Tao Yan, Jin Chen and Taojie Wang
April 11, 2022 at 6:00 AM

10 min. read

A conceptual image representing malware, such as the SolarMarker campaign discussed here.

30,272

people reacted

New SolarMarker (Jupyter) Campaign Demonstrates the Malware’s Changing Attack Patterns

By Shimi Cohen, Inbal Shalev and Irena Damsky
April 8, 2022 at 6:00 PM

262

8 min. read

A conceptual image representing a vulnerability, such as CVE-2022-22965, aka SpringShell, discussed here.

81,876

people reacted

CVE-2022-22965: Spring Core Remote Code Execution Vulnerability Exploited In the Wild (SpringShell) (Updated)

By Haozhe Zhang, Ken Hsu, Tao Yan, Qi Deng and Robert Falcone
March 31, 2022 at 4:30 PM

12 min. read

IAM Your Defense Against Cloud Threats: The Latest Unit 42 Cloud Threat Research

Operation Delilah: Unit 42 Helps INTERPOL Identify Nigerian Business Email Compromise Actor

Cloud Threats: Original Research and In-Depth Analysis

Don't Panic!: The Unit 42 Podcast

Operation Delilah: Unit 42 Helps INTERPOL Identify Nigerian Business Email Compromise Actor

Threat Brief: VMware Vulnerabilities Exploited in the Wild (CVE-2022-22954 and Others)

Weaponization of Excel Add-Ins Part 2: Dridex Infection Chain Case Studies

Emotet Summary: November 2021 Through January 2022

A Look Into Public Clouds From the Ransomware Actor's Perspective

Harmful Help: Analyzing a Malicious Compiled HTML Help File Delivering Agent Tesla

Threat Brief: CVE-2022-1388

Cobalt Strike Analysis and Tutorial: CS Metadata Encoding and Decoding

Defeating BazarLoader Anti-Analysis Techniques

Threat Assessment: BlackByte Ransomware

AWS's Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation

Gaining Visibility Within Container Clusters

Trends in Web Threats: Attackers Were More Active During Holiday Season

New SolarMarker (Jupyter) Campaign Demonstrates the Malware’s Changing Attack Patterns

CVE-2022-22965: Spring Core Remote Code Execution Vulnerability Exploited In the Wild (SpringShell) (Updated)

Popular Resources

Legal Notices

Account

Get updates from Unit 42

Trending

Popular Resources

Legal Notices

Account