Logo
Unit42 Logo
  • Tools
  • ATOMs
  • Security Consulting
  • About Us
  • Under Attack?

Posts tagged with: incident response

Threat Brief: Citrix Bleed CVE-2023-4966Threat brief conceptual image for CVE-2023-4966 affecting Citrix/NetScaler. A long scroll with data and text floats before an orange background.
6,451
people reacted

Threat Brief: Citrix Bleed CVE-2023-4966

  • By Unit 42
  • November 1, 2023 at 3:00 PM

16

5 min. read

Over the Kazuar’s Nest: Cracking Down on a Freshly Hatched Backdoor Used by Pensive Ursa (Aka Turla)A purple illustrated bear against a night sky with stars. Its head is inset in a red circle. The constellation ursa.
5,868
people reacted

Over the Kazuar’s Nest: Cracking Down on a Freshly Hatched Backdoor Used by Pensive Ursa (Aka Turla)

  • By Daniel Frank and Tom Fakterman
  • October 31, 2023 at 6:00 AM

14

20 min. read

Trending

  • Agonizing Serpens (Aka Agrius) Targeting the Israeli Higher Education and Tech Sectors by Samantha Stallings
  • Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors by Unit 42
  • Chinese APT Targeting Cambodian Government by Unit 42
  • Threat Brief: Citrix Bleed CVE-2023-4966 by Unit 42
  • Stately Taurus Targets the Philippines As Tensions Flare in the South Pacific by Unit 42
Threat Brief - MOVEit Transfer SQL Injection Vulnerabilities: CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708 (Updated Oct 4)A pictorial representation of a vulnerability like CVE-2023-34362
49,574
people reacted

Threat Brief - MOVEit Transfer SQL Injection Vulnerabilities: CVE-2023-34362, CVE-2023-35036 and CVE-2023-35708 (Updated Oct 4)

  • By Unit 42
  • October 4, 2023 at 6:00 AM

66

10 min. read

Threat Group Assessment: Muddled Libra (Updated)Pictorial representation of a threat actor like Muddled Libra
30,117
people reacted

Threat Group Assessment: Muddled Libra (Updated)

  • By Kristopher Russo, Austin Dever and Amer Elsad
  • September 15, 2023 at 6:00 AM

20

11 min. read

When a Zero Day and Access Keys Collide in the Cloud: Responding to the SugarCRM Zero-Day VulnerabilityA pictorial representation of a vulnerability such as SugarCRM CVE-2023-22952. A stylized cloud with a lock hanging from it surrounded by technical tools. The Palo Alto Networks and Unit 42 logos.
5,755
people reacted

When a Zero Day and Access Keys Collide in the Cloud: Responding to the SugarCRM Zero-Day Vulnerability

  • By Margaret Zimmermann
  • August 10, 2023 at 3:15 PM

16

13 min. read

NodeStealer 2.0 – The Python Version: Stealing Facebook Business AccountsA pictorial representation of an infostealer like NodeStealer. An open laptop against an orange background is flanked by exclamation points. On the laptop screen are overlapping windows with a bug icon representing the malware.
6,745
people reacted

NodeStealer 2.0 – The Python Version: Stealing Facebook Business Accounts

  • By Lior Rochberger
  • August 1, 2023 at 6:00 AM

13

14 min. read

CVE-2023-36884 - Microsoft Office and Windows HTML Remote Code Execution: Threat Brief (Updated)Standard image for Unit 42 Threat Brief format, in this case covering CVE-2023-36884, Microsoft Office and Windows HTML Remote Code Execution
22,872
people reacted

CVE-2023-36884 - Microsoft Office and Windows HTML Remote Code Execution: Threat Brief (Updated)

  • By Unit 42
  • July 12, 2023 at 11:45 AM

30

4 min. read

Diplomats Beware: Cloaked Ursa Phishing With a TwistA pictorial representation of threat group Cloaked Ursa as a bear head within a circle, overlaid by the Ursa constellation
11,926
people reacted

Diplomats Beware: Cloaked Ursa Phishing With a Twist

  • By Unit 42
  • July 12, 2023 at 3:00 AM

19

15 min. read

Chinese PlugX Malware Hidden in Your USB Devices?A conceptual image representing malware, including PlugX
80,644
people reacted

Chinese PlugX Malware Hidden in Your USB Devices?

  • By Mike Harbison and Jen Miller-Osborn
  • January 26, 2023 at 6:00 AM

18

12 min. read

Threat Brief: OWASSRF Vulnerability ExploitationA pictorial representation of the ProxyNotShell bypass threat brief
64,642
people reacted

Threat Brief: OWASSRF Vulnerability Exploitation

  • By Robert Falcone and Lior Rochberger
  • December 22, 2022 at 5:30 PM

15

9 min. read

Compromised Cloud Compute Credentials: Case Studies From the WildA pictorial representation of a cloud breach
54,537
people reacted

Compromised Cloud Compute Credentials: Case Studies From the Wild

  • By Dror Alon
  • December 8, 2022 at 3:00 PM

46

9 min. read

Vice Society: Profiling a Persistent Threat to the Education SectorImage showing illustrative example of ransomware like Vice Society with a hand offering money to a second hand holding a key with a computer screen showing a virus image on it
71,226
people reacted

Vice Society: Profiling a Persistent Threat to the Education Sector

  • By JR Gumarin
  • December 6, 2022 at 3:00 AM

38

13 min. read

Threat Assessment: Luna Moth Callback Phishing CampaignCybercrime conceptual image, covering activity such as the Luna Moth callback phishing campaign
73,648
people reacted

Threat Assessment: Luna Moth Callback Phishing Campaign

  • By Kristopher Russo
  • November 21, 2022 at 3:00 AM

20

8 min. read

Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the WildMalware conceptual image, covering topics such as Cobalt Strike Team Server, which can be abused by malware authors for malicious purposes
72,701
people reacted

Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild

  • By Durgesh Sangvikar, Chris Navarrete, Matthew Tennis, Yanhui Jia, Yu Fu and Siddhart Shibiraj
  • November 3, 2022 at 6:00 AM

26

9 min. read

Ransom Cartel Ransomware: A Possible Connection With REvilRansomware conceptual image, covering threat actors such as Ransom Cartel
72,625
people reacted

Ransom Cartel Ransomware: A Possible Connection With REvil

  • By Amer Elsad and Daniel Bunce
  • October 14, 2022 at 6:00 AM

22

17 min. read

Popular Resources

  • Resource Center
  • Blog
  • Communities
  • Tech Docs
  • Unit 42
  • Sitemap

Legal Notices

  • Privacy
  • Terms of Use
  • Documents

Account

  • Manage Subscriptions
  •  
  • Report a Vulnerability

© 2023 Palo Alto Networks, Inc. All rights reserved.