Frequent verification codes may appear for non-Mainland China IP visits. If visitors are severely affected, please send [IP|ASN](3.215.79.68|AS14618) to the bottom mailbox to add to the whitelist

文章列表

dby 07:30   FabricScape: Escaping Service Fabric and Taking Over the Cluster    #unit42 #威胁情报 FabricScape (CVE-2022-30137) is a privilege escalation vulnerability of important severity in Microsoft's Service Fabric, commonly used with Azure.The post FabricScape: Escaping Service Fabric and Taking Over the Cluster appeared first on Unit 42.

2022-06-24 21:00   There Is More Than One Way to Sleep: Dive Deep Into the Implementations of API Hammering by Various Malware Families    #unit42 #威胁情报 Learn about the unique implementations of API Hammering malware samples and how to mitigate them.The post There Is More Than One Way to Sleep: Dive Deep Into the Implementations of API Hammering by Various Malware Families appeared first on Unit 42.

2022-06-15 06:00   Why Are My Junctions Not Followed? Exploring Windows Redirection Trust Mitigation    #unit42 #威胁情报 Junctions are a feature of the NT file system – and a common way that attackers exploit file system redirection attacks. Learn about mitigation.The post Why Are My Junctions Not Followed? Exploring Windows Redirection Trust Mitigation appeared first on Unit42.

2022-06-13 18:00   GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool    #unit42 #威胁情报 A new, difficult-to-detect remote access trojan named PingPull is being used by GALLIUM, an advanced persistent threat (APT) group.The post GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool appeared first on Unit42.

2022-06-11 09:00   Exposing HelloXD Ransomware and x4k    #unit42 #威胁情报 HelloXD is a ransomware family in its initial stages – but already seeking to impact organizations. We analyze samples and hunt for attribution.The post Exposing HelloXD Ransomware and x4k appeared first on Unit42.

2022-06-09 21:00   LockBit 2.0: How This RaaS Operates and How to Protect Against It    #unit42 #威胁情报 LockBit 2.0 has so far been this year's most active ransomware gang on double-extortion leak sites. Learn about their tactics. The post LockBit 2.0: How This RaaS Operates and How to Protect Against It appeared first on Unit42.

2022-06-04 08:00   Threat Brief: Atlassian Confluence Remote Code Execution Vulnerability (CVE-2022-26134) (Updated)    #unit42 #威胁情报 CVE-2022-26134 is a critical severity unauthenticated remote code execution vulnerability in Atlassian Confluence Server and Data Center. We share statistics on potentially vulnerable servers and provide suggestions for mitigation. The post Threat Brief: Atlassian Confluence Remote Code Execution Vu

2022-06-04 04:00   Understanding REvil: REvil Threat Actors May Have Returned (Updated)    #unit42 #威胁情报 Ransomware cases worked by Unit 42 consultants in the first six months of 2021 reveal insights into the preferred tactics of REvil threat actors.The post Understanding REvil: REvil Threat Actors May Have Returned (Updated) appeared first on Unit42.

2022-06-03 06:00   Popping Eagle: How We Leveraged Global Analytics to Discover a Sophisticated Threat Actor    #unit42 #威胁情报 We observed a specially crafted DLL hijacking attack used by a previously unknown piece of malware that we dubbed Popping Eagle. The post Popping Eagle: How We Leveraged Global Analytics to Discover a Sophisticated Threat Actor appeared first on Unit42.

2022-06-01 05:45   Threat Brief: CVE-2022-30190 – MSDT Code Execution Vulnerability    #unit42 #威胁情报 CVE-2022-30190 enables remote code execution with the same privileges in the calling application and there are proof-of-concept examples of zero-click variants. We recommend protections and mitigations.The post Threat Brief: CVE-2022-30190 – MSDT Code Execution Vulnerability appeared first on Unit42

2022-06-01 03:00   Network Security Trends: November 2021 to January 2022    #unit42 #威胁情报 Network security trends observed November 2021 to January 2022 included high levels of cross-site scripting.The post Network Security Trends: November 2021 to January 2022 appeared first on Unit42.

2022-05-25 21:25   Operation Delilah: Unit 42 Helps INTERPOL Identify Nigerian Business Email Compromise Actor    #unit42 #威胁情报 INTERPOL and The Nigeria Police Force arrested a prominent business email compromise actor as part of Operation Delilah.The post Operation Delilah: Unit 42 Helps INTERPOL Identify Nigerian Business Email Compromise Actor appeared first on Unit42.

2022-05-25 19:41   Harmful Help:- Analyzing a Malicious Compiled HTML Help File Delivering Agent Tesla    #unit42 #威胁情报 The post Harmful Help:- Analyzing a Malicious Compiled HTML Help File Delivering Agent Tesla appeared first on Unit42.

2022-05-20 21:00   Threat Brief: VMware Vulnerabilities Exploited in the Wild (CVE-2022-22954 and Others)    #unit42 #威胁情报 CVE-2022-22954, one of several recently published VMware vulnerabilities, is being exploited in the wild. Read our observations and recommendations.The post Threat Brief: VMware Vulnerabilities Exploited in the Wild (CVE-2022-22954 and Others) appeared first on Unit42.

2022-05-20 03:00   Weaponization of Excel Add-Ins Part 2: Dridex Infection Chain Case Studies    #unit42 #威胁情报 We discuss XLL and XLM droppers that deliver Dridex samples. We cover examples of the Dridex infection chain.The post Weaponization of Excel Add-Ins Part 2: Dridex Infection Chain Case Studies appeared first on Unit42.

By QianX.in