Unit 42 - Latest Cyber Security Research

A conceptual image representing attacks on DNS, including the Wildcard DNS abuse discussed here.

561

people reacted

Play Your Cards Right: Detecting Wildcard DNS Abuse

By Rebekah Houser and Daiping Liu
December 1, 2021 at 6:00 AM

10 min. read

A conceptual image representing misconfigurations in the cloud, including insecurely exposed services.

14,479

people reacted

Observing Attacks Against Hundreds of Exposed Services in Public Clouds

By Jay Chen
November 22, 2021 at 12:00 PM

7 min. read

A conceptual image related to the domain name system, in this case applied to an analysis of top-level domains and malicious content.

17,329

people reacted

A Peek into Top-Level Domains and Cybercrime

By Janos Szurdi
November 11, 2021 at 6:00 AM

11 min. read

A conceptual image representing cybercrime, such as the use of the NGLite backdoor described here and the KdcSponge credential-stealing tool.

39,818

people reacted

Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer

By Robert Falcone, Jeff White and Peter Renals
November 7, 2021 at 6:00 PM

18 min. read

A conceptual image representing threats in the cloud, such as TeamTNT, which is expanding its cryptojacking footprint with new TTPs.

43,074

people reacted

Updated: New Evidence Emerges to Suggest WatchDog Was Behind Crypto Campaign

By Nathaniel Quist
October 29, 2021 at 4:10 PM

9 min. read

A conceptual image representing network scanning, such as the network scanning traffic researchers observed in public clouds.

16,647

people reacted

Network Scanning Traffic Observed in Public Clouds

By Jay Chen
October 28, 2021 at 6:00 AM

6 min. read

A conceptual image representing malware, such as the BazarLoader windows-based malware discussed here.

21,786

people reacted

Case Study: From BazarLoader to Network Reconnaissance

By Brad Duncan
October 18, 2021 at 6:00 AM

7 min. read

A conceptual image representing alerts on vulnerabilities and exploits, such as the monitoring that revealed exploit attempts that traced to malicious use of the Interactsh tool.

21,370

people reacted

Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes

By Yue Guan, Jin Chen, Leo Olson, Wayne Xin and Daiping Liu
October 14, 2021 at 6:00 AM

7 min. read

An image representing an adversary, such as the threat actors discussed in this overview of SilverTerrier, the name we use to track Nigerian business email compromise.

23,443

people reacted

SilverTerrier – Nigerian Business Email Compromise

By Peter Renals
October 7, 2021 at 6:00 AM

19 min. read

A conceptual image representing Wireshark Tutorials.

36,264

people reacted

Wireshark Tutorial: Wireshark Workshop Videos Now Available

By Brad Duncan
October 1, 2021 at 6:00 AM

2 min. read

A conceptual image representing malicious email, such as that used for credential harvesting as part of scams such as business email compromise.

25,854

people reacted

Credential Harvesting at Scale Without Malware

By Brady Stout
September 30, 2021 at 3:00 PM

8 min. read

A conceptual image representing trends, such as those covered in our post on network security trends from May-July 2021.

29,097

people reacted

Network Security Trends: May-July 2021

By Yue Guan and Lei Xu
September 17, 2021 at 3:00 PM

9 min. read

A conceptual image associated with the threat brief series, such as this post covering recent OMI vulnerabilities and how to remediate.

27,917

people reacted

Threat Brief: OMI Vulnerabilities (CVE-2021-38645, CVE-2021-38647, CVE-2021-38648 and CVE-2021-38649)

By Nathaniel Quist
September 16, 2021 at 12:00 PM

2 min. read

A conceptual image representing exploitation of DNS, such as an often overlooked issue discussed in this blog, dangling domains, which can be exploited for DNS hijacking.

27,552

people reacted

Dangling Domains: Security Threats, Detection and Prevalence

By Daiping Liu and Ruian Duan
September 16, 2021 at 6:00 AM

12 min. read

A conceptual image representing the COVID-19 pandemic and cybercrime – this blog discusses how threat actors are poised to take advantage of one of the aspects of the slowing spread of the virus: attacking a renewed travel industry with travel-themed phishing campaigns.

28,608

people reacted

Phishing Eager Travelers

By Anna Chung and Swetha Balla
September 15, 2021 at 6:00 AM

9 min. read

Highlights From the Unit 42 Cloud Threat Report, 2H 2021

Play Your Cards Right: Detecting Wildcard DNS Abuse

Cloud Threats: Original Research and In-Depth Analysis

Don't Panic!: The Unit 42 Podcast

Play Your Cards Right: Detecting Wildcard DNS Abuse

Observing Attacks Against Hundreds of Exposed Services in Public Clouds

A Peek into Top-Level Domains and Cybercrime

Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer

Updated: New Evidence Emerges to Suggest WatchDog Was Behind Crypto Campaign

Network Scanning Traffic Observed in Public Clouds

Case Study: From BazarLoader to Network Reconnaissance

Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes

SilverTerrier – Nigerian Business Email Compromise

Wireshark Tutorial: Wireshark Workshop Videos Now Available

Credential Harvesting at Scale Without Malware

Network Security Trends: May-July 2021

Threat Brief: OMI Vulnerabilities (CVE-2021-38645, CVE-2021-38647, CVE-2021-38648 and CVE-2021-38649)

Dangling Domains: Security Threats, Detection and Prevalence

Phishing Eager Travelers

Popular Resources

Legal Notices

Account

Get updates on Unit 42

Trending

Popular Resources

Legal Notices

Account