Palo Alto Networks Unit 42

OpenSSH is a connectivity tool with a suite of services. CVE-2024-6387 (aka RegreSSHion), a critical signal handler race condition vulnerability, exploits OpenSSH servers to allow attackers root privileges on exploitation. Our threat brief on this vulnerability includes: 1️⃣ Details of the vulnerability 2️⃣ Current scope of the attack, including seen exposed instances 3️⃣ Unit 42 MTH queries 4️⃣ Mitigation guidance We’ll continue to update as more information comes to light. Read the brief now: https://bit.ly/3xK4xk1

As the world’s best athletes prepare for #Paris2024, CISOs and their teams are training hard too. Their coach of choice? Palo Alto Networks Unit 42. 🏅 From threat intelligence reports to crisis simulations and continuous monitoring, Unit 42's Cyber Vigilance Program ensures organizations are ready to face emerging cyberthreats. Get a behind-the-scenes look at this year’s experience. https://bit.ly/3Wq5Uhp

This article provides a wealth of information to those interested in learning more about the types of malware used by banking Trojans such as #BianLian and #Cerberus. We begin by explaining the Android Manifest and dissecting the ZIP file structure. Through multiple examples, we analyze the #BadPack technique and explore its use of anti-analysis measures across various Android malware analysis tools. https://bit.ly/3W5h4H5

Large-scale #phishing campaigns use HTTP refresh headers in web traffic that leads to fake login pages. Our telemetry reveals constantly morphing chains of events for potentially successful phishes. Indicators from some recent examples are available at https://bit.ly/3xX7kXc #TimelyThreatIntel #Unit42ThreatIntel #IndicatorsOfCompromise

Our #DNSHijacking detection system recently observed #GARUDA hackers compromise and deface sites of large orgs, including an ISP and a utility management company via #DNSattacks. We regularly publish on identifying and protecting against DNS threats here: https://bit.ly/4cCUiNB #TimelyThreatIntel #Unit42ThreatIntel

Say goodbye to email alert fatigue. Unit 42 MDR sent just 37 email alerts during the MITRE Engenuity ATT&CK Evaluation: Managed Services, while other vendors sent hundreds. With Unit 42 MDR, built on Cortex by Palo Alto Networks, we deliver only the most actionable information right when you need it. Stay secure without the noise. https://bit.ly/46iAzRf

Malware #DarkGate has been distributed in numerous creative ways: via DLL side-loading, tricking users into copying and pasting malicious scripts, by email attachments that run content from a .cab archive, or even via an installer link sent over Teams. Our researchers dissect a campaign from early 2024, where Microsoft Excel files led to malicious software downloads. Decrypting the configuring data and detailing the anti-analysis techniques, this article looks at how this adaptive malware persists in the threat landscape and what can be learned from how it has evolved. Dive into the research now: https://bit.ly/3S1gQj4

By sandboxing a sample of the malicious backdoor malware #GootLoader, Unit 42 researchers analyzed and then bypassed its anti-analysis techniques. They've broken these steps down in this article. Security researchers will learn how Visual Code Studio and Node.js debugging played a hand in the process. https://bit.ly/4cMLXGG

🙋♀️ Raise your hand if you're ready to fight AI with AI. 🤖 #BHUSA 🗓️ August 7-8 📍Booth #1632 at Mandalay Bay The future is cybersecurity powered by Precision AI™. We'll see you in August and show you how. https://bit.ly/4cMIsAd

🎯 Actionable insights without the noise. Palo Alto Networks Unit 42 MDR, backed by Cortex by Palo Alto Networks XDR, outpaces the competition, delivering MTTD almost twice the speed of the average participant in the MITRE Engenuity ATT&CK Evaluation: Managed Services. With just 37 targeted email alerts, not hundreds. 👀 Learn more about our results. https://bit.ly/3RTCF3J