Unit 42 - Latest Cyber Security Research | Palo Alto Networks

Log4j Resource Center

Tools
ATOMs
Security Consulting
About Us
Under Attack?

A conceptual image representing a vulnerability, such as the Apache log4j remote code execution vulnerability discussed here, CVE-2021-44228.

219,915

people reacted

Another Apache Log4j Vulnerability Is Actively Exploited in the Wild (CVE-2021-44228) (Updated Dec. 28)

We provide background and a root cause analysis of CVE-2021-44228, a remote code execution vulnerability in Apache log4j, and we recommend mitigations.

Read Blog

402

15 min. read

A conceptual image representing cybercrime, such as the web skimmers discussed in this piece on top web threats.

4,456

people reacted

The Year in Web Threats: Web Skimmers Take Advantage of Cloud Hosting and More

We identify recent trends in web threats, including top malware families. Web skimmers, difficult to detect and easy to deploy, are highlighted.

Read Blog

4

8 min. read

Cloud Threats: Original Research and In-Depth Analysis

Learn more

Don't Panic!: The Unit 42 Podcast

Listen

Get updates on Unit 42

Please enter your email address!

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.

Please mark, I'm not a robot!

All
Threat Briefs
Threat Assessments
Reports

All
Threat Briefs
Threat Assessments
Reports

A conceptual image representing cybercrime, such as the web skimmers discussed in this piece on top web threats.

4,456

people reacted

The Year in Web Threats: Web Skimmers Take Advantage of Cloud Hosting and More

By Cecilia Hu, Tao Yan, Taojie Wang and Jin Chen
January 13, 2022 at 6:00 PM

4

8 min. read

A conceptual image representing malicious code, such as the web skimmer malicious JavaScript code injected into video as described here.

17,745

people reacted

A New Web Skimmer Campaign Targets Real Estate Websites Through Attacking Cloud Video Distribution Supply Chain

By Taojie Wang, Jin Chen and Tao Yan
January 3, 2022 at 12:00 PM

12

10 min. read

Trending

Another Apache Log4j Vulnerability Is Actively Exploited in the Wild (CVE-2021-44228) (Updated Dec. 28)
Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer
A Peek into Top-Level Domains and Cybercrime
Network Security Trends: August-October 2021
Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends

A conceptual image representing DNS security, such as the strategically aged domain detection system discussed here.

19,294

people reacted

Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends

By Zhanhao Chen, Daiping Liu, Wanjin Li and Jielong Xu
December 29, 2021 at 6:00 AM

15

9 min. read

A conceptual image representing network security trends, such as the analysis of network attacks for August-October 2021 provided here.

16,221

people reacted

Network Security Trends: August-October 2021

By Yue Guan
December 21, 2021 at 12:00 PM

5

10 min. read

A conceptual image representing problems on the web, such as the patient zero web threats discussed here.

20,284

people reacted

Detecting Patient Zero Web Threats in Real Time With Advanced URL Filtering

By Peng Peng, Fang Liu, Ben Zhang, Stefan Springer and Oleksii Starov
December 9, 2021 at 6:00 AM

21

13 min. read

A conceptual image symbolizing cybercrime and the use of backdoors, such as the activity we observed in an APT's TiltedTemple Campaign against ManageEngine ServiceDesk Plus, as discussed here.

34,013

people reacted

APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus

By Robert Falcone and Peter Renals
December 2, 2021 at 6:00 AM

16

10 min. read

A conceptual image representing attacks on DNS, including the Wildcard DNS abuse discussed here.

19,400

people reacted

Play Your Cards Right: Detecting Wildcard DNS Abuse

By Rebekah Houser and Daiping Liu
December 1, 2021 at 6:00 AM

12

10 min. read

A conceptual image representing misconfigurations in the cloud, including insecurely exposed services.

34,811

people reacted

Observing Attacks Against Hundreds of Exposed Services in Public Clouds

By Jay Chen
November 22, 2021 at 12:00 PM

28

7 min. read

A conceptual image related to the domain name system, in this case applied to an analysis of top-level domains and malicious content.

33,025

people reacted

A Peek into Top-Level Domains and Cybercrime

By Janos Szurdi
November 11, 2021 at 6:00 AM

25

11 min. read

A conceptual image representing cybercrime, such as the use of the NGLite backdoor described here and the KdcSponge credential-stealing tool.

61,090

people reacted

Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer

By Robert Falcone, Jeff White and Peter Renals
November 7, 2021 at 6:00 PM

44

18 min. read

A conceptual image representing threats in the cloud, such as TeamTNT, which is expanding its cryptojacking footprint with new TTPs.

58,901

people reacted

Updated: New Evidence Emerges to Suggest WatchDog Was Behind Crypto Campaign

By Nathaniel Quist
October 29, 2021 at 4:10 PM

10

9 min. read

A conceptual image representing network scanning, such as the network scanning traffic researchers observed in public clouds.

31,471

people reacted

Network Scanning Traffic Observed in Public Clouds

By Jay Chen
October 28, 2021 at 6:00 AM

11

6 min. read

A conceptual image representing malware, such as the BazarLoader windows-based malware discussed here.

36,786

people reacted

Case Study: From BazarLoader to Network Reconnaissance

By Brad Duncan
October 18, 2021 at 6:00 AM

15

7 min. read

A conceptual image representing alerts on vulnerabilities and exploits, such as the monitoring that revealed exploit attempts that traced to malicious use of the Interactsh tool.

41,653

people reacted

Attackers Are Taking Advantage of the Open-Source Service Interactsh for Malicious Purposes

By Yue Guan, Jin Chen, Leo Olson, Wayne Xin and Daiping Liu
October 14, 2021 at 6:00 AM

16

7 min. read

An image representing an adversary, such as the threat actors discussed in this overview of SilverTerrier, the name we use to track Nigerian business email compromise.

37,199

people reacted

SilverTerrier – Nigerian Business Email Compromise

By Peter Renals
October 7, 2021 at 6:00 AM

10

19 min. read

Sorry, no results were found.

Sorry, no results were found.

Clear

Popular Resources

Resource Center
Blog
Communities
Tech Docs
Unit 42
Sitemap

Legal Notices

Privacy
Terms of Use
Documents

Account

Manage Subscriptions
Report a Vulnerability

© 2022 Palo Alto Networks, Inc. All rights reserved.