Coveo

Threat Brief Image for CVE-2022-41040, CVE-2022-41082, ProxyNotShell

4,055

people reacted

Threat Brief: CVE-2022-41040 and CVE-2022-41082: Microsoft Exchange Server (ProxyNotShell)

By Shawn Westfall
October 4, 2022 at 4:30 PM

8 min. read

Conceptual image representing malware, such as the information stealer IcedID, being delivered by a polyglot file.

14,358

people reacted

More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID

By Mark Lim
September 27, 2022 at 6:00 AM

4 min. read

Conceptual image representing adversaries and advanced persistent threats. Here, we discuss a method for finding these groups by hunting for unsigned DLLs.

18,034

people reacted

Hunting for Unsigned DLLs to Find APTs

By Daniela Shalev and Itay Gamliel
September 26, 2022 at 6:00 AM

7 min. read

DNS security and issues such as domain shadowing are represented by the caution sign within a folder structure. Image includes Palo Alto Networks and Unit 42 logos.

24,954

people reacted

Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime

By Janos Szurdi, Rebekah Houser and Daiping Liu
September 21, 2022 at 6:00 AM

7 min. read

Conceptual image representing zero-day exploit detection using machine learning.

20,625

people reacted

Zero-Day Exploit Detection Using Machine Learning

By Jin Chen, Lei Xu, Andrew Guan, Zhibin Zhang and Yu Fu
September 16, 2022 at 6:00 AM

10 min. read

A conceptual image representing malware such as OriginLogger

26,475

people reacted

OriginLogger: A Look at Agent Tesla’s Successor

By Jeff White
September 13, 2022 at 6:00 AM

14 min. read

Credential gathering techniques discussed here can open the door to cybercriminals as depicted in this conceptual image.

27,702

people reacted

Credential Gathering From Third-Party Software

By Dor Attar
September 8, 2022 at 12:00 PM

14 min. read

Conceptual image representing IoT security, including the MooBot attacks targeting D-Link devices that are discussed here.

34,821

people reacted

Mirai Variant MooBot Targeting D-Link Devices

By Chao Lei, Zhibin Zhang, Cecilia Hu and Aveek Das
September 6, 2022 at 6:00 AM

6 min. read

Conceptual image representing global traffic and information flow. Tor sometimes plays a role in efforts to conceal network traffic, both benign and malicious.

35,961

people reacted

Tor 101: How Tor Works and its Risks to the Enterprise

By Janos Szurdi
August 29, 2022 at 6:00 AM

14 min. read

42,812

people reacted

Threat Assessment: Black Basta Ransomware

By Amer Elsad
August 25, 2022 at 12:00 PM

12 min. read

Conceptual image representing threat actor activity, including the platform-abuse phishing attacks discussed here

43,541

people reacted

Legitimate SaaS Platforms Being Used to Host Phishing Attacks

By Lucas Hu
August 23, 2022 at 6:00 AM

7 min. read

Conceptual image representing trends, including recent exploits in the wild and other network security trends

46,213

people reacted

Network Security Trends: Recent Exploits Observed in the Wild Include Remote Code Execution, Cross-Site Scripting and More

By Yue Guan
August 19, 2022 at 4:00 PM

11 min. read

Ransomware conceptual image, covering groups including BlueSky Ransomware

62,516

people reacted

BlueSky Ransomware: Fast Encryption via Multithreading

By Muhammad Umer Khan, Lee Wei, Yang Ji and Wenjun Hu
August 10, 2022 at 12:00 PM

1051

7 min. read

Ransomware conceptual image, covering groups such as Cuba Ransomware aka Tropical Scorpius

62,099

people reacted

Novel News on Cuba Ransomware: Greetings From Tropical Scorpius

By Anthony Galiette, Daniel Bunce, Doel Santos and Shawn Westfall
August 9, 2022 at 9:00 AM

20 min. read

Conceptual image representing phishing, including the way Bumblebee malware is distributed, as discussed here

63,943

people reacted

Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware

By Brad Duncan
August 3, 2022 at 12:00 PM

8 min. read

Attackers Move Quickly to Exploit High-Profile Zero Days: Insights From the 2022 Unit 42 Incident Response Report

Threat Brief: CVE-2022-41040 and CVE-2022-41082: Microsoft Exchange Server (ProxyNotShell)

Cloud Threats: Original Research and In-Depth Analysis

Don't Panic!: The Unit 42 Podcast

Threat Brief: CVE-2022-41040 and CVE-2022-41082: Microsoft Exchange Server (ProxyNotShell)

More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID

Hunting for Unsigned DLLs to Find APTs

Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime

Zero-Day Exploit Detection Using Machine Learning

OriginLogger: A Look at Agent Tesla’s Successor

Credential Gathering From Third-Party Software

Mirai Variant MooBot Targeting D-Link Devices

Tor 101: How Tor Works and its Risks to the Enterprise

Threat Assessment: Black Basta Ransomware

Legitimate SaaS Platforms Being Used to Host Phishing Attacks

Network Security Trends: Recent Exploits Observed in the Wild Include Remote Code Execution, Cross-Site Scripting and More

BlueSky Ransomware: Fast Encryption via Multithreading

Novel News on Cuba Ransomware: Greetings From Tropical Scorpius

Flight of the Bumblebee: Email Lures and File Sharing Services Lead to Malware

Popular Resources

Legal Notices

Account

Get updates from Unit 42

Trending

Popular Resources

Legal Notices

Account