Cloud logging is essential for security and compliance. Learn best practices when navigating AWS, Azure or GCP for comprehensive visibility into your environment. The post Cloud Logging for Security and Beyond appeared first on Unit 42. This article has been…
Tag: Unit 42
Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief (Updated July 22)
Unit 42 has observed active exploitation of recent Microsoft SharePoint vulnerabilities. Here’s how you can protect your organization. The post Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief (Updated July 22) appeared first on Unit 42. This article has been…
Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief
Unit 42 has observed an active exploitation of recent Microsoft SharePoint Vulnerabilities. Here’s how you can protect your organization. The post Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief appeared first on Unit 42. This article has been indexed from…
Behind the Clouds: Attackers Targeting Governments in Southeast Asia Implement Novel Covert C2 Communication
CL-STA-1020 targets Southeast Asian governments using a novel Microsoft backdoor we call HazyBeacon. It misuses AWS Lambda URLs for C2. The post Behind the Clouds: Attackers Targeting Governments in Southeast Asia Implement Novel Covert C2 Communication appeared first on Unit…
Evolving Tactics of SLOW#TEMPEST: A Deep Dive Into Advanced Malware Techniques
SLOW#TEMPEST malware uses dynamic jumps and obfuscated calls to evade detection. Unit 42 details these techniques and how to defeat them with emulation. The post Evolving Tactics of SLOW#TEMPEST: A Deep Dive Into Advanced Malware Techniques appeared first on Unit…
Fix the Click: Preventing the ClickFix Attack Vector
ClickFix campaigns are on the rise. We highlight three that distributed NetSupport RAT, Latrodectus, and Lumma Stealer malware. The post Fix the Click: Preventing the ClickFix Attack Vector appeared first on Unit 42. This article has been indexed from Unit…
GoldMelody’s Hidden Chords: Initial Access Broker In-Memory IIS Modules Revealed
An IAB campaign exploited leaked ASP.NET Machine Keys. We dissect the attacker’s infrastructure, campaign and offer takeaways for blue teams. The post GoldMelody’s Hidden Chords: Initial Access Broker In-Memory IIS Modules Revealed appeared first on Unit 42. This article has…
Windows Shortcut (LNK) Malware Strategies
Our telemetry shows a surge in Windows shortcut (LNK) malware use. We explain how attackers exploit LNK files for malware delivery. The post Windows Shortcut (LNK) Malware Strategies appeared first on Unit 42. This article has been indexed from Unit…
Threat Brief: Escalation of Cyber Risk Related to Iran (Updated June 26)
Unit 42 details recent Iranian cyberattack activity, sharing direct observations. Tactical and strategic recommendations are provided for defenders. The post Threat Brief: Escalation of Cyber Risk Related to Iran (Updated June 26) appeared first on Unit 42. This article has…
Threat Brief: Escalation of Cyber Risk Related to Iran
Unit 42 details recent Iranian cyberattack activity, sharing direct observations. Tactical and strategic recommendations are provided for defenders. The post Threat Brief: Escalation of Cyber Risk Related to Iran appeared first on Unit 42. This article has been indexed from…