incident response Archives

Threat brief conceptual image for CVE-2023-4966 affecting Citrix/NetScaler. A long scroll with data and text floats before an orange background.

6,451

people reacted

Threat Brief: Citrix Bleed CVE-2023-4966

By Unit 42
November 1, 2023 at 3:00 PM

5 min. read

A purple illustrated bear against a night sky with stars. Its head is inset in a red circle. The constellation ursa.

5,868

people reacted

Over the Kazuar’s Nest: Cracking Down on a Freshly Hatched Backdoor Used by Pensive Ursa (Aka Turla)

By Daniel Frank and Tom Fakterman
October 31, 2023 at 6:00 AM

20 min. read

A pictorial representation of a vulnerability like CVE-2023-34362

49,574

people reacted

Threat Brief - MOVEit Transfer SQL Injection Vulnerabilities: CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708 (Updated Oct 4)

By Unit 42
October 4, 2023 at 6:00 AM

10 min. read

Pictorial representation of a threat actor like Muddled Libra

30,117

people reacted

Threat Group Assessment: Muddled Libra (Updated)

By Kristopher Russo, Austin Dever and Amer Elsad
September 15, 2023 at 6:00 AM

11 min. read

A pictorial representation of a vulnerability such as SugarCRM CVE-2023-22952. A stylized cloud with a lock hanging from it surrounded by technical tools. The Palo Alto Networks and Unit 42 logos.

5,755

people reacted

When a Zero Day and Access Keys Collide in the Cloud: Responding to the SugarCRM Zero-Day Vulnerability

By Margaret Zimmermann
August 10, 2023 at 3:15 PM

13 min. read

A pictorial representation of an infostealer like NodeStealer. An open laptop against an orange background is flanked by exclamation points. On the laptop screen are overlapping windows with a bug icon representing the malware.

6,745

people reacted

NodeStealer 2.0 – The Python Version: Stealing Facebook Business Accounts

By Lior Rochberger
August 1, 2023 at 6:00 AM

14 min. read

Standard image for Unit 42 Threat Brief format, in this case covering CVE-2023-36884, Microsoft Office and Windows HTML Remote Code Execution

22,872

people reacted

CVE-2023-36884 - Microsoft Office and Windows HTML Remote Code Execution: Threat Brief (Updated)

By Unit 42
July 12, 2023 at 11:45 AM

4 min. read

A pictorial representation of threat group Cloaked Ursa as a bear head within a circle, overlaid by the Ursa constellation

11,926

people reacted

Diplomats Beware: Cloaked Ursa Phishing With a Twist

By Unit 42
July 12, 2023 at 3:00 AM

15 min. read

A conceptual image representing malware, including PlugX

80,644

people reacted

Chinese PlugX Malware Hidden in Your USB Devices?

By Mike Harbison and Jen Miller-Osborn
January 26, 2023 at 6:00 AM

12 min. read

A pictorial representation of the ProxyNotShell bypass threat brief

64,642

people reacted

Threat Brief: OWASSRF Vulnerability Exploitation

By Robert Falcone and Lior Rochberger
December 22, 2022 at 5:30 PM

9 min. read

A pictorial representation of a cloud breach

54,537

people reacted

Compromised Cloud Compute Credentials: Case Studies From the Wild

By Dror Alon
December 8, 2022 at 3:00 PM

9 min. read

Image showing illustrative example of ransomware like Vice Society with a hand offering money to a second hand holding a key with a computer screen showing a virus image on it

71,226

people reacted

Vice Society: Profiling a Persistent Threat to the Education Sector

By JR Gumarin
December 6, 2022 at 3:00 AM

13 min. read

Cybercrime conceptual image, covering activity such as the Luna Moth callback phishing campaign

73,648

people reacted

Threat Assessment: Luna Moth Callback Phishing Campaign

By Kristopher Russo
November 21, 2022 at 3:00 AM

8 min. read

Malware conceptual image, covering topics such as Cobalt Strike Team Server, which can be abused by malware authors for malicious purposes

72,701

people reacted

Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild

By Durgesh Sangvikar, Chris Navarrete, Matthew Tennis, Yanhui Jia, Yu Fu and Siddhart Shibiraj
November 3, 2022 at 6:00 AM

9 min. read

Ransomware conceptual image, covering threat actors such as Ransom Cartel

72,625

people reacted

Ransom Cartel Ransomware: A Possible Connection With REvil

By Amer Elsad and Daniel Bunce
October 14, 2022 at 6:00 AM

17 min. read

Posts tagged with: incident response

Threat Brief: Citrix Bleed CVE-2023-4966

Over the Kazuar’s Nest: Cracking Down on a Freshly Hatched Backdoor Used by Pensive Ursa (Aka Turla)

Threat Brief - MOVEit Transfer SQL Injection Vulnerabilities: CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708 (Updated Oct 4)

Threat Group Assessment: Muddled Libra (Updated)

When a Zero Day and Access Keys Collide in the Cloud: Responding to the SugarCRM Zero-Day Vulnerability

NodeStealer 2.0 – The Python Version: Stealing Facebook Business Accounts

CVE-2023-36884 - Microsoft Office and Windows HTML Remote Code Execution: Threat Brief (Updated)

Diplomats Beware: Cloaked Ursa Phishing With a Twist

Chinese PlugX Malware Hidden in Your USB Devices?

Threat Brief: OWASSRF Vulnerability Exploitation

Compromised Cloud Compute Credentials: Case Studies From the Wild

Vice Society: Profiling a Persistent Threat to the Education Sector

Threat Assessment: Luna Moth Callback Phishing Campaign

Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild

Ransom Cartel Ransomware: A Possible Connection With REvil

Popular Resources

Legal Notices

Account

Trending

Popular Resources

Legal Notices

Account