Palo Alto Networks

Windows

PrintNightmare Prevention Update with Cortex XDR

Microsoft recently warned Windows users about two vulnerabilities, CVE-2021-1675 & CVE 2021-34527, affecting the Windows Print Spooler Service. Proof-of-concept exploit code was posted on Github before the vulnerabilities were fully patched.

The incident, dubbed by the security community as "PrintNightmare," allows threat actors to exploit remote code execution (RCE) vulnerabilities and ru...

Must-Read Articles

News and Events

Uncategorized

Jul 15, 2021

By Kasey Cross

Palo Alto Networks

Products and Services

Partners

Must-Read Articles, News and Events, Uncategorized

Hunting PrintNightmare (CVE-2021-1675) Using Cortex XDR

On June 29, 2021, proof of concept code for CVE-2021-1675 (dubbed PrintNightmare) was posted on Github.

Jul 01, 2021

By Unit 42

Events

LabyREnth Capture the Flag (CTF): Windows Track 7-9 Solutions

Welcome back to our blog series where we reveal the solutions to LabyREnth, the Unit 42 Capture the Flag (CTF) challenge. We’ll be revealing the solutions to one challenge track pe...

Sep 22, 2016

By Richard Wartell, Josh Grunzweig and Esmid Idrizovic

Events

LabyREnth Capture the Flag (CTF): Windows Track 1-6 Solutions

Welcome back to our blog series where we reveal the solutions to LabyREnth, the Unit 42 Capture the Flag (CTF) challenge. We’ll be revealing the solutions to one challenge track pe...

Sep 15, 2016

By Richard Wartell, Tyler Halfpop, Josh Grunzweig, Jeff White and Jacob Soo

Malware, Threat Prevention, Unit 42

Orcus – Birth of an unusual plugin builder RAT

Unit 42 has been tracking a new Remote Access Trojan (RAT) being sold for $40 USD since April 2016, known as “Orcus”. Though Orcus has all the typical features of RAT malware, it allows users to build custom pl...

Aug 02, 2016

By Vicky Ray

Threat Prevention, Unit 42

CryptoBit: Another Ransomware Family Gets an Update

In April 2016, Panda Security reported yet another new family of ransomware named CryptoBit that spread through exploit kit (EK) traffic. In June 2016, we discovered an updated version of CryptoBit ransomware s...

Jul 07, 2016

By Brad Duncan

Financial Services, Malware, Threat Prevention, Unit 42

The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helmint...

In May 2016, Unit 42 observed targeted attacks primarily focused on financial institutions and technology organizations within Saudi Arabia. Artifacts...

May 26, 2016

By Robert Falcone and Bryan Lee

Unit 42

Don’t Be an April Fool: Inside a Common Phone Scam

One of our team members on Unit 42 recently received a phone call from a scammer, and today being April Fool's Day we decided to write about how we played along with the scammer to learn about his operation.

Apr 01, 2016

By Robert Falcone and Simon Conant

Endpoint

Securing the Unpatchable: How to Prevent Security Breaches When You Cannot ...

There are no flawless software systems or applications. Flaws often create security vulnerabilities that attackers can exploit to compromise systems and software. That is the prima...

Feb 09, 2016

By Michael Moshiri

Malware, Mobility, Reports, Threat Prevention, Unit 42

BackStab: Mobile Backup Data Under Attack from Malware

Today we are releasing a whitepaper describing how malicious actors are stealing private mobile device data by accessing local backup files stored on PC and Mac computers. We have identified 704 samples of six...

Dec 07, 2015

By Claud Xiao

Malware, Threat Prevention, Unit 42

Upatre: Old Dog, New [Anti-Analysis] Tricks

Malware authors must constantly iterate on their techniques in order to stay relevant in today’s fast moving Information Security environment. The Upatre downloader has been around for nearly three years and ha...

Nov 20, 2015

By Brandon Levene, Tyler Halfpop and Juan Cortes

Malware, Retail, Threat Prevention, Unit 42

FindPOS: New POS Malware Family Discovered

Unit 42 has discovered a new Point of Sale (POS) malware family, which includes multiple variants created as early as November 2014. Over the past few weeks we have been analyzing this malware family, which we...

Mar 19, 2015

By Josh Grunzweig

Malware, Threat Prevention, Unit 42

The Question of WireLurker Attribution: Who Is Responsible?

After news of WireLurker began circulating in handful Chinese-language tech forums over the summer, a Chinese-language technology blogger conducted on...

Nov 10, 2014

By Jen Miller-Osborn

Malware, Threat Prevention, Unit 42

WireLurker for Windows

Yesterday we published a whitepaper introducing WireLurker, the first malware attacking both non-jailbroken and jailbroken iOS devices from a Mac OS X system. Shortly after we released the paper, Jaime Blasco from AlienVault Labs notified u...

Nov 06, 2014

By Claud Xiao and Royce Lu

Load more blogs