Russian APT Fighting Ursa (APT28) used compelling luxury car ads as a phishing lure, distributing HeadLace backdoor malware to diplomatic targets. The post Fighting Ursa Luring Targets With Car for Sale appeared first on Unit 42. This article has been…
Category: Unit 42
Identifying a BOLA Vulnerability in Harbor, a Cloud-Native Container Registry
Unit 42 researchers discovered BOLA vulnerability CVE-2024-22278 in the cloud-native container registry Harbor. They break down its discovery and the outcomes. The post Identifying a BOLA Vulnerability in Harbor, a Cloud-Native Container Registry appeared first on Unit 42. This article…
Scam Attacks Taking Advantage of the Popularity of the Generative AI Wave
A direct correlation between GenAI’s explosive popularity and scam attacks is addressed in this article, using plentiful data and a case study of network abuse. The post Scam Attacks Taking Advantage of the Popularity of the Generative AI Wave appeared…
AI Tool Identifies BOLA Vulnerabilities in Easy!Appointments
We explain how an automated BOLA detection tool harnessing GenAI discovered multiple BOLA vulnerabilities in open-source scheduling tool Easy!Appointments. The post AI Tool Identifies BOLA Vulnerabilities in Easy!Appointments appeared first on Unit 42. This article has been indexed from Unit…
Accelerating Analysis When It Matters
Malware analysts demonstrate how to triage and analyze large amounts of samples with greater efficiency. Samples include Remcos RAT, Lumma Stealer and more. The post Accelerating Analysis When It Matters appeared first on Unit 42. This article has been indexed…
Vulnerabilities in LangChain Gen AI
This article is a detailed study of CVE-2023-46229 and CVE-2023-44467, two vulnerabilities discovered by our researchers affecting generative AI framework LangChain. The post Vulnerabilities in LangChain Gen AI appeared first on Unit 42. This article has been indexed from Unit…
From RA Group to RA World: Evolution of a Ransomware Group
Ransomware gang RA World rebranded from RA Group. We discuss their updated tactics from leak site changes to an analysis of their operational tools. The post From RA Group to RA World: Evolution of a Ransomware Group appeared first on…
Container Breakouts: Escape Techniques in Cloud Environments
Unit 42 researchers test container escape methods and possible impacts within a Kubernetes cluster using a containerd container runtime. The post Container Breakouts: Escape Techniques in Cloud Environments appeared first on Unit 42. This article has been indexed from Unit…
Container Breakouts: Escape Techniques in Cloud Environments
Unit 42 researchers test container escape methods and possible impacts within a Kubernetes cluster using a containerd container runtime. The post Container Breakouts: Escape Techniques in Cloud Environments appeared first on Unit 42. This article has been indexed from Unit…
Beware of BadPack: One Weird Trick Being Used Against Android Devices
Our data shows a pattern of APK malware bundled as BadPack files. We discuss how this technique is used to garble malicious Android files, creating challenges for analysts. The post Beware of BadPack: One Weird Trick Being Used Against Android…