Researchers at Unit 42 dissect four DNS tunneling campaigns. The finance and healthcare-focused FinHealthXDS campaign employed unique DNS beaconing, while the operation NSfinder used a clever three-word naming pattern ending in 'finder' to deploy various Trojans. Further details include how machine learning has created unique tools to discover DNS campaigns more easily. Read now: https://bit.ly/4eLhgn3
Palo Alto Networks Unit 42
计算机和网络安全
SANTA CLARA,CA 77,306 位关注者
Unit 42 Threat Intelligence & Incident Response. Intelligence Driven. Response Ready.
关于我们
Palo Alto Networks Unit 42 brings together world-renowned threat researchers with an elite team of incident responders and security consultants to create an intelligence-driven, response-ready organization passionate about helping customers more proactively manage cyber risk. With a deeply rooted reputation for delivering world-class threat intelligence, Unit 42 provides industry-leading incident response and cyber risk management services to security leaders around the globe.
- 网站
-
https://paloaltonetworks.com/unit42
Palo Alto Networks Unit 42的外部链接
- 所属行业
- 计算机和网络安全
- 规模
- 5,001-10,000 人
- 总部
- SANTA CLARA,CA
- 类型
- 上市公司
- 创立
- 2005
- 领域
- Incident Response、Risk Management、Operational Threat Intelligence和Network Security
地点
-
主要
3000 Tannery Way
US,CA,SANTA CLARA,95054
Palo Alto Networks Unit 42员工
动态
-
2024-10-01 (Tuesday): #Ukrainian language #malspam impersonating a bank pushes #RMS-based #malware. PDF attachment has link to download archive containing the malware. Indicators at https://bit.ly/3TS4g6G #TimelyThreatIntel #Unit42ThreatIntel #IndicatorsOfCompromise
-
2024-10-03 (Thursday): Ongoing campaign uses #SmartLoader to push #LummaStealer as early as 2024-07-31. Kicks off infection with EXE/DLL combo with a text-based configuration file. Details at https://bit.ly/4eRYo5n #TimelyThreatIntel #Unit42ThreatIntel #IndicatorsOfCompromise
-
An insightful analysis on the underground Swiss Army Suite (S.A.S) tool uncovers its unique features, absent in commercial tools. These capabilities allow for more precise and effective vulnerability exploitation. Detected via machine learning, our researchers discuss how identifying unconventional threats is pivotal for enhancing cybersecurity measures: https://bit.ly/4eulr6A
-
When faster + cheaper isn't a good thing ?? While attackers scale their operations at a fraction of the cost, organizations are struggling to keep up. That’s why early detection and public awareness are more critical than ever. Wendi Whitmore, SVP of Palo Alto Networks Unit 42, joins CNBC to unpack the latest trends in cyberthreats and what it takes to stay ahead. Get even more actionable insights and real-world solutions from our Unit 42 team. https://bit.ly/4ekE8JI
-
Don’t just defend—dominate. As attackers become more capable, organizations need to stay ahead. How? Palo Alto Networks Unit 42 can you provide the support your team needs to outpace threats and future-proof your business. https://bit.ly/3XKdUJo
-
According to research published by Simone Margaritelli, a series of vulnerabilities in the Common Unix Printing System (CUPS) printers discovery mechanism (`cups-browsed`) and in other components of the CUPS system, can be chained together to allow a remote attacker to execute arbitrary code by installing a malicious printer (or hijack an existing one via mDNS) on the target host as the `lp` user when a print job is sent to it. These vulnerabilities have been assigned to CVE-2024-47076, CVE-2024-47177, CVE-2024-47175, and CVE-2024-47176. CUPS is an open source printing system developed by OpenPrinting for Linux and other Unix-like operating systems. An attacker can exploit this vulnerability if it can connect to the host via UDP port 631, which is by default bound to INADDR_ANY, in which case the attack can be entirely remote, or if it's on the same network of the target, by using mDNS advertisements. PANW Unit 42 is not aware of any active exploitation at this time. Current mitigation recommendations include: 1?? Disable and remove the cups-browsed service if not needed 2?? Update the CUPS package to non vulnerable versions (<=2.0.1) 3?? If your system can’t be updated and you rely on this service, block all traffic to UDP port 631 Palo Alto Networks has published an informational advisory stating that, based on current information, Palo Alto Networks products and cloud services do not contain affected CUPS-related software packages and are not impacted by these issues. https://bit.ly/4eg8QDN Additional details can be found on Simone Margaritelli’s site: https://bit.ly/4eC1jPf
-
As early as June 2024, we discovered domains for a #DNStunneling campaign we call "Capybara" that employs various data encodings like customized Base32. These domains resolve to 104.236.196[.]131 and have a name server at 167.71.250[.]194. More info at https://bit.ly/4edLaQm
-
Our latest findings reveal the technical mechanisms and infrastructure used by North Korean threat group Sparkling Pisces (aka Kimsuky, Thallium) for widespread data theft. Uncovering new malware — a keylogger and backdoor — we look at the data exfiltration capabilities as well as the implications for regional security dynamics. https://bit.ly/3TE78DZ
-
Palo Alto Networks ?? Red Canary Joining forces to redefine the world of cybersecurity by offering new managed security services for Cortex by Palo Alto Networks XSIAM. Announcing our latest strategic partnership that will combine our AI-powered platform with Red Canary’s actionable threat intelligence, so customers can: ???Unleash the power of AI ??Streamline their security operations ??Accelerate threat detection and response Ready to revolutionize your SOC? Get the details in our latest press release. https://bit.ly/3ZDlfNG