Date

By Topic

  • Cloud Security (1)

By Industry

By Type

By Product Category

Education and Professional Services

  • financial services
  • Blog
Displaying 1 - 11 of 11

Unit 42

Misconfigured and Exposed: Container Services

The blog highlights the results from Unit 42’s research into misconfigured containers, methods for identifying services exposed to the public, and mitigation steps to secure container services. In this blog, we identify common misconfigurations in container services. This allows our readers to deploy their container platform structures in a more secure and private fashion, avoiding the methods of data gathering that we outline in this blog.
Nathaniel Quist,

Unit 42

Russian Language Malspam Pushing Redaman Banking Malware

Redaman is banking malware first noted in 2015 that targets recipients who conduct transactions using Russian financial institutions. We have found versions of Redaman in Russian language mass-distribution campaigns during the last four months of 2018.
Brad DuncanMike Harbison,

Unit 42

BabyShark Malware Part Two – Attacks Continue Using KimJongRAT and PCRat

In February 2019, Unit 42 published a blog about the BabyShark malware family and the associated spear phishing campaigns targeting U.S. national think tanks. Since that publication, malicious attacks leveraging BabyShark have continued through March and April 2019. The attackers expanded targeting to the cryptocurrency industry, showing that those behind these attacks also have interests in financial gain.
Mark Lim,

Unit 42

Cardinal RAT Sins Again, Targets Israeli Fin-Tech Firms

Unit 42 has discovered a new version of CardinalRat which we first discovered in 2016. This new version targets financial technology companies, primarily in Israel. It includes new anti-analysis capabilities, including the use of steganography. In addition to our research, we include a new Python script to decrypt the steganographic payload.
Tom LancasterJosh Grunzweig,

Unit 42

TCP SACK Panics Linux Servers

The newly discovered Linux vulnerabilities, CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479, affect all Linux operating systems newer than kernel 2.6.29 (released on March 2009) or above can cause a kernel panic to systems with services listening on TCP connection. This remote attack can put a server into Denial of Service (DoS) state, but remote code execution is not of concern.
Unit 42,

Unit 42

Hunting the Public Cloud for Exposed Hosts and Misconfigurations

This research explores the security landscape of the Internet-facing services hosted in Amazon AWS, Microsoft Azure and Google Cloud Platform. Public cloud is becoming increasingly popular and the reported total spending on cloud infrastructure grew 45.6% in 2018. Amazon AWS maintained its lead with a 31.3% share of the Cloud Service Provider (CSP) market, followed by Microsoft Azure with 16.5%, and Google Cloud Platform, with 9.5%. CSPs offer various “as-a-service” models that give businesses agility and flexibility to scale operations without worrying about the IT infrastructure. However, a single insecure configuration can put the entire infrastructure at risk.
Jay Chen,

Unit 42

COVID-19: Cloud Threat Landscape

Unit 42 researchers found 2,829 newly registered COVID-19-themed domains that are categorized as "risky" or "malicious" being hosted in one of the top four cloud service providers (AWS, GCP, Azure, Alibaba)
Jay Chen,

Unit 42

Exploitation of Windows CVE-2019-0708 (BlueKeep): Three Ways to Write Data into the Kernel with RDP PDU

Executive Summary In May 2019, Microsoft released an out-of-band patch update for remote code execution vulnerability CVE-2019-0708, which is also known as “BlueKeep” and resides in code to Remote Desktop Services (RDS). This vulnerability is pre-authentication and requires no user interaction, making it particularly dangerous as it has the unsettling potential to be weaponized into...
Tao YanJin Chen,

Unit 42

Mac Malware Steals Cryptocurrency Exchanges’ Cookies

Palo Alto Networks’ Unit 42 recently discovered malware that we believe has been developed from OSX.DarthMiner, a malware known to target the Mac platform. This malware is capable of stealing browser cookies associated with mainstream cryptocurrency exchanges and wallet service websites visited by the victims, stealing saved passwords in Chrome and seeks to steal iPhone text messages from iTunes backups on the tethered Mac.
Yue ChenCong ZhengWenjun HuZhi Xu,

Unit 42

Confucius Says…Malware Families Get Further By Abusing Legitimate Websites

Introduction When malware wants to communicate home, most use domain names, allowing them to resolve host names to IP addresses of their servers. In order to increase the likelihood of their malware successfully communicating home, cyber espionage threat actors are increasingly abusing legitimate web services, in lieu of DNS lookups to retrieve a command and...
Tom LancasterMicah Yates,

Unit 42

Server-Side Request Forgery Exposes Data of Technology, Industrial and Media Organizations

Unit 42 researchers took a closer look at the Jira SSRF vulnerability (CVE-2019-8451), which allows for internal network reconnaissance, lateral movement, and even remote code execution, and studied its impact on six public cloud service providers (CSPs).
Jay Chen,
Displaying 1 - 11 of 11