Search cyberveille.decio.ch

Found 15 bookmarks

Custom sorting

Effective Phishing Campaign Targeting European Companies and Organizations

A phishing campaign targeting European companies used fake forms made with HubSpot's Free Form Builder, leading to credential harvesting and Azure account takeover. A phishing campaign targeting European companies used fake forms made with HubSpot's Free Form Builder, leading to credential harvesting and Azure account takeover.

#unit42 #EN #2024 #Phishing #Campaign #EU #Azure #takeover #HubSpot #analysis

·unit42.paloaltonetworks.com·Dec 22, 2024

Effective Phishing Campaign Targeting European Companies and Organizations

Leveraging DNS Tunneling for Tracking and Scanning

This article presents a case study on new applications of domain name system (DNS) tunneling we have found in the wild. These techniques expand beyond DNS tunneling only for command and control (C2) and virtual private network (VPN) purposes. Malicious actors occasionally employ DNS tunneling as a covert communications channel, because it can bypass conventional network firewalls. This allows C2 traffic and data exfiltration that can remain hidden from some traditional detection methods.

#unit42 #EN #2024 #DNS #Tunneling #Tracking #Scanning #research #analysis

·unit42.paloaltonetworks.com·May 14, 2024

Leveraging DNS Tunneling for Tracking and Scanning

Ransomware Retrospective 2024: Unit 42 Leak Site Analysis

Analysis of ransomware gang leak site data reveals significant activity over 2023. As groups formed — or dissolved — and tactics changed, we synthesize our findings.

#unit42 #2024 #EN #Retrospective #Analysis #ransomware #Data-Leak-Site

·unit42.paloaltonetworks.com·Feb 6, 2024

Ransomware Retrospective 2024: Unit 42 Leak Site Analysis

IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits

Since March 2023, Unit 42 researchers have observed threat actors leveraging several IoT vulnerabilities to spread a variant of the Mirai botnet.

#unit42 #EN #2023 #Mirai #analysis #IoT

·unit42.paloaltonetworks.com·Jun 22, 2023

IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits

Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Land

The Vice Society ransomware gang exfiltrated victim network data using a custom Microsoft PowerShell script. We dissect how each function of it works.

#unit42 #EN #2023 #report #analysis #ViceSociety #PowerShell

·unit42.paloaltonetworks.com·Apr 14, 2023

Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Land

Chinese PlugX Malware Hidden in Your USB Devices?

PlugX remains an active threat. A newly discovered variant infects USB devices and a similar variant makes copies of PDF and Microsoft Word files.

#unit42 #EN #2023 #PlugX #analysis

·unit42.paloaltonetworks.com·Jan 29, 2023

Chinese PlugX Malware Hidden in Your USB Devices?

Meddler-in-the-Middle Phishing Attacks Explained MitM

Meddler-in-the-Middle (MitM) phishing attacks show how threat actors find ways to get around traditional defenses and advice.

#unit42 #EN #2022 #MitM #phishing #Meddler-in-the-Middle #explanation #analysis

·unit42.paloaltonetworks.com·Dec 22, 2022

Meddler-in-the-Middle Phishing Attacks Explained MitM

Blowing Cobalt Strike Out of the Water With Memory Analysis

Unit 42 researchers examine several malware samples that incorporate Cobalt Strike components, and discuss some of the ways that we catch these samples by analyzing artifacts from the deltas in process memory at key points of execution. We will also discuss the evasion tactics used by these threats, and other issues that make their analysis problematic.

#unit42 #EN #2022 #CobaltStrike #analysis #paloaltonetworks

·unit42.paloaltonetworks.com·Dec 6, 2022

Blowing Cobalt Strike Out of the Water With Memory Analysis