New zero-day vulnerability CVE-2023-50358 affects QNAP Network Attached Storage (NAS) devices. Our analysis includes its impact determined by our product data. The post New Vulnerability in QNAP QTS Firmware: CVE-2023-50358 appeared first on Unit 42. This article has been indexed…
Category: Unit 42
Diving Into Glupteba’s UEFI Bootkit
A 2023 Glupteba campaign includes an unreported feature — a UEFI bootkit. We analyze its complex architecture and how this botnet has evolved. The post Diving Into Glupteba's UEFI Bootkit appeared first on Unit 42. This article has been indexed…
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
Analysis of ransomware gang leak site data reveals significant activity over 2023. As groups formed — or dissolved — and tactics changed, we synthesize our findings. The post Ransomware Retrospective 2024: Unit 42 Leak Site Analysis appeared first on Unit…
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
Analysis of ransomware gang leak site data reveals significant activity over 2023. As groups formed — or dissolved — and tactics changed, we synthesize our findings. The post Ransomware Retrospective 2024: Unit 42 Leak Site Analysis appeared first on Unit…
Exploring the Latest Mispadu Stealer Variant
Evaluation of a new variant of Mispadu, a banking Trojan, highlights how infostealers evolve over time and can be hard to pin to past campaigns. The post Exploring the Latest Mispadu Stealer Variant appeared first on Unit 42. This article…
ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery Campaign
A network of over 130k domains was part of a campaign to deliver shareware, PUPs and other scams. We unravel the threads of this campaign from entry point to payload. The post ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery…
Threat Assessment: BianLian
We analyze the extremely active ransomware group BianLian. Mostly targeting healthcare, they have moved from double-extortion to extortion without encryption. The post Threat Assessment: BianLian appeared first on Unit 42. This article has been indexed from Unit 42 Read the…
Parrot TDS: A Persistent and Evolving Malware Campaign
Traffic detection system Parrot has infected tens of thousands of websites worldwide. We outline the scripting evolution of this injection campaign and its scope. The post Parrot TDS: A Persistent and Evolving Malware Campaign appeared first on Unit 42. This…
Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 (Updated)
Ivanti VPNs can be exploited by CVE-2023-46805 (High severity) and CVE-2024-21887 (Critical severity), chained together to run commands without authentication. The post Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 (Updated) appeared first on Unit 42. This article has been indexed…
Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887
Ivanti VPNs can be exploited by CVE-2023-46805 (High severity) and CVE-2024-21887 (Critical severity), chained together to run commands without authentication. The post Threat Brief: Ivanti Vulnerabilities CVE-2023-46805 and CVE-2024-21887 appeared first on Unit 42. This article has been indexed from…