Search cyberveille.decio.ch

Found 50 bookmarks

Custom sorting

Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability

The jailbreak technique "Bad Likert Judge" manipulates LLMs to generate harmful content using Likert scales, exposing safety gaps in LLM guardrails. The jailbreak technique "Bad Likert Judge" manipulates LLMs to generate harmful content using Likert scales, exposing safety gaps in LLM guardrails.

#unit42 #EN #2024 #LLM #Jailbreak #Likert

·unit42.paloaltonetworks.com·Jan 8, 2025

Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability

Effective Phishing Campaign Targeting European Companies and Organizations

A phishing campaign targeting European companies used fake forms made with HubSpot's Free Form Builder, leading to credential harvesting and Azure account takeover. A phishing campaign targeting European companies used fake forms made with HubSpot's Free Form Builder, leading to credential harvesting and Azure account takeover.

#unit42 #EN #2024 #Phishing #Campaign #EU #Azure #takeover #HubSpot #analysis

·unit42.paloaltonetworks.com·Dec 22, 2024

Effective Phishing Campaign Targeting European Companies and Organizations

Lateral Movement on macOS: Unique and Popular Techniques and In-the-Wild Examples

We uncover macOS lateral movement tactics, such as SSH key misuse and AppleScript exploitation. Strategies to counter this attack trend are also discussed. We uncover macOS lateral movement tactics, such as SSH key misuse and AppleScript exploitation. Strategies to counter this attack trend are also discussed.

#unit42 #EN #2024 #macOS #ARD #AppleScript #attacks #lateral-movement #tactics

·unit42.paloaltonetworks.com·Dec 5, 2024

Lateral Movement on macOS: Unique and Popular Techniques and In-the-Wild Examples

Jumpy Pisces Engages in Play Ransomware

A first-ever collaboration between DPRK-based Jumpy Pisces and Play ransomware signals a possible shift in tactics.

#paloaltonetworks #unit42 #Play #Ransomware #DPRK #North-Korea

·unit42.paloaltonetworks.com·Oct 31, 2024

Jumpy Pisces Engages in Play Ransomware

Chinese APT Abuses VSCode to Target Government in Asia

A first in our telemetry: Chinese APT Stately Taurus uses Visual Studio Code to maintain a reverse shell in victims' environments for Southeast Asian espionage. A first in our telemetry: Chinese APT Stately Taurus uses Visual Studio Code to maintain a reverse shell in victims' environments for Southeast Asian espionage.

#unit42 #EN #2024 #China #APT #StatelyTaurus #VisualStudio

·unit42.paloaltonetworks.com·Sep 14, 2024

Chinese APT Abuses VSCode to Target Government in Asia

Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant

Unit 42 discusses WikiLoader malware spoofing GlobalProtect VPN, detailing evasion techniques, malicious URLs, and mitigation strategies. Unit 42 discusses WikiLoader malware spoofing GlobalProtect VPN, detailing evasion techniques, malicious URLs, and mitigation strategies.

#unit42 #EN #2024 #WikiLoader #malware #spoofing #GlobalProtect #VPN

·unit42.paloaltonetworks.com·Sep 2, 2024

Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant

Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments

We recount an extensive cloud extortion campaign leveraging exposed .env files of at least 110k domains to compromise organizations' AWS environments.

#unit42 #EN #2024 #Leaked #Environment #Variables #cloud #aws #extortion

·unit42.paloaltonetworks.com·Aug 15, 2024

Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments

Leveraging DNS Tunneling for Tracking and Scanning

This article presents a case study on new applications of domain name system (DNS) tunneling we have found in the wild. These techniques expand beyond DNS tunneling only for command and control (C2) and virtual private network (VPN) purposes. Malicious actors occasionally employ DNS tunneling as a covert communications channel, because it can bypass conventional network firewalls. This allows C2 traffic and data exfiltration that can remain hidden from some traditional detection methods.

#unit42 #EN #2024 #DNS #Tunneling #Tracking #Scanning #research #analysis

·unit42.paloaltonetworks.com·May 14, 2024

Leveraging DNS Tunneling for Tracking and Scanning

Muddled Libra’s Evolution to the Cloud

Unit 42 researchers have discovered that the Muddled Libra group now actively targets software-as-a-service (SaaS) applications and cloud service provider (CSP) environments. Organizations often store a variety of data in SaaS applications and use services from CSPs. The threat actors have begun attempting to leverage some of this data to assist with their attack progression, and to use for extortion when trying to monetize their work.

#unit42 #EN #2024 #paloaltonetworks #MuddledLibra #research #CSP #software-as-a-service

·unit42.paloaltonetworks.com·Apr 9, 2024

Muddled Libra’s Evolution to the Cloud

Ransomware Retrospective 2024: Unit 42 Leak Site Analysis

Analysis of ransomware gang leak site data reveals significant activity over 2023. As groups formed — or dissolved — and tactics changed, we synthesize our findings.

#unit42 #2024 #EN #Retrospective #Analysis #ransomware #Data-Leak-Site

·unit42.paloaltonetworks.com·Feb 6, 2024

Ransomware Retrospective 2024: Unit 42 Leak Site Analysis

Toward Ending the Domain Wars: Early Detection of Malicious Stockpiled Domains

Using machine learning to target stockpiled malicious domains, the results of our detection pipeline tool highlight campaigns from phishing to scams.

#unit42 #EN #2023 #TTP #technique #stockpiled #DNS #Malicious #Early-Detection

·unit42.paloaltonetworks.com·Dec 19, 2023

Toward Ending the Domain Wars: Early Detection of Malicious Stockpiled Domains

Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors

Two ongoing campaigns bear hallmarks of North Korean state-sponsored threat actors, posing in job-seeking roles to distribute malware or conduct espionage.

#unit42 #EN #2023 #North-Korea #Job-Related #Campaigns #threat-actor #job-seeking #malware #espionage

·unit42.paloaltonetworks.com·Nov 22, 2023

Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors

Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT

A phony proof-of-concept (PoC) code for CVE-2023-40477 delivered a payload of VenomRAT. We detail our findings, including an analysis of the malicious code.

#unit42 #EN #2023 #PoC #fake #CVE-2023-40477 #VenomRAT #malicious

·unit42.paloaltonetworks.com·Sep 19, 2023

Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT

Six Malicious Python Packages in the PyPI Targeting Windows Users

Malicious packages on PyPI copy W4SP attacks to steal users’ credentials and crypto wallet data. This incident illustrates issues in open-source ecosystems.

#unit42 #EN #2023 #PyPI #W4SP #attacks #packages #Supply-Chain-Attack

·unit42.paloaltonetworks.com·Jul 11, 2023

Six Malicious Python Packages in the PyPI Targeting Windows Users

Detecting Popular Cobalt Strike Malleable C2 Profile Techniques

We examine malicious Cobalt Strike case studies with distinct techniques using Malleable C2 profiles.

#unit42 #EN #2023 #CobaltStrike #Malleable #C2 #Profile #Techniques

·unit42.paloaltonetworks.com·Jul 3, 2023

IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits

Since March 2023, Unit 42 researchers have observed threat actors leveraging several IoT vulnerabilities to spread a variant of the Mirai botnet.

#unit42 #EN #2023 #Mirai #analysis #IoT

·unit42.paloaltonetworks.com·Jun 22, 2023

IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits

Threat Actors Rapidly Adopt Web3 IPFS Technology

Web3 technologies are seeing widespread adoption — including by TAs. We discuss Web3 technology InterPlanetary File System (IPFS), and malicious use of it.

#unit42 #EN #2023 #paloalto #IPFS #malicious #use #Web3

·unit42.paloaltonetworks.com·Apr 19, 2023

Threat Actors Rapidly Adopt Web3 IPFS Technology

Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Land

The Vice Society ransomware gang exfiltrated victim network data using a custom Microsoft PowerShell script. We dissect how each function of it works.

#unit42 #EN #2023 #report #analysis #ViceSociety #PowerShell

·unit42.paloaltonetworks.com·Apr 14, 2023

Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Land

GoBruteforcer: Golang-Based Botnet Actively Harvests Web Servers

New Golang-based malware we have dubbed GoBruteforcer targets web servers. Golang is becoming popular with malware programmers due to its versatility.

#unit42 #EN #2023 #Golang #paloaltonetworks #Botnet #GoBruteforcer #web #servers

·unit42.paloaltonetworks.com·Mar 13, 2023

GoBruteforcer: Golang-Based Botnet Actively Harvests Web Servers

Chinese PlugX Malware Hidden in Your USB Devices?

PlugX remains an active threat. A newly discovered variant infects USB devices and a similar variant makes copies of PDF and Microsoft Word files.

#unit42 #EN #2023 #PlugX #analysis

·unit42.paloaltonetworks.com·Jan 29, 2023

Chinese PlugX Malware Hidden in Your USB Devices?

Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats

We observed a recent spate of supply chain attacks attempting to exploit CVE-2021-35394, affecting IoT devices with chipsets made by Realtek.

#unit42 #EN #2023 #CVE-2021-35394 #IoT #devices #supplychain #attacks #Realtek

·unit42.paloaltonetworks.com·Jan 24, 2023

Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats

Meddler-in-the-Middle Phishing Attacks Explained MitM

Meddler-in-the-Middle (MitM) phishing attacks show how threat actors find ways to get around traditional defenses and advice.

#unit42 #EN #2022 #MitM #phishing #Meddler-in-the-Middle #explanation #analysis

·unit42.paloaltonetworks.com·Dec 22, 2022

Meddler-in-the-Middle Phishing Attacks Explained MitM

Vice Society: Profiling a Persistent Threat to the Education Sector

Vice Society, a ransomware gang, has been involved in high-profile activity against schools this year.

#unit42 #EN #2022 #paloaltonetworks #vice-society #education #ransomware #schools

·unit42.paloaltonetworks.com·Dec 6, 2022

Vice Society: Profiling a Persistent Threat to the Education Sector

Blowing Cobalt Strike Out of the Water With Memory Analysis

Unit 42 researchers examine several malware samples that incorporate Cobalt Strike components, and discuss some of the ways that we catch these samples by analyzing artifacts from the deltas in process memory at key points of execution. We will also discuss the evasion tactics used by these threats, and other issues that make their analysis problematic.

#unit42 #EN #2022 #CobaltStrike #analysis #paloaltonetworks

·unit42.paloaltonetworks.com·Dec 6, 2022

Blowing Cobalt Strike Out of the Water With Memory Analysis

Banking Trojan Techniques: Financially Motivated Malware

Understanding banking Trojan techniques can help detect other activities of financially motivated threat groups.

#unit42 #EN #2022 #paloaltonetworks #research #Banking #Trojan #Techniques

·unit42.paloaltonetworks.com·Nov 1, 2022

Banking Trojan Techniques: Financially Motivated Malware

Ransom Cartel Ransomware: A Possible Connection With REvil

Ransom Cartel is ransomware as a service (RaaS) that exhibits several similarities to and technical overlaps with REvil ransomware. Read our overview.

#unit42 #paloaltonetworks #EN #2022 #Ransom-Cartel #REvil #RaaS

·unit42.paloaltonetworks.com·Oct 18, 2022

Ransom Cartel Ransomware: A Possible Connection With REvil

Credential Gathering From Third-Party Software

Users often store passwords in third-party software for convenience – but credential gathering techniques can target this behavior.

#unit42 #EN #2022 #passwords #Analysis #credential #gathering #techniques

·unit42.paloaltonetworks.com·Sep 19, 2022

Credential Gathering From Third-Party Software

Mirai Variant MooBot Targeting D-Link Devices

Attackers are leveraging known vulnerabilities in D-Link devices to deliver MooBot, a Mirai variant, potentially leading to further DDoS attacks.

#unit42 #paloaltonetworks #EN #2022 #Mirai #Variant #MooBot #Targeting #D-Link #CVE-2015-2051 #CVE-2018-6530 #CVE-2022-26258 #CVE-2022-28958 #analysis

·unit42.paloaltonetworks.com·Sep 7, 2022

Mirai Variant MooBot Targeting D-Link Devices

Legitimate SaaS Platforms Being Used to Host Phishing Attacks

Platform-abuse phishing is on the rise. We analyze how attackers use services such as website builders to host phishing pages.

#unit42 #paloaltonetworks #EN #2022 #phishing #attack #SaaS #abuse #website-builders

·unit42.paloaltonetworks.com·Aug 24, 2022

Legitimate SaaS Platforms Being Used to Host Phishing Attacks

ChromeLoader: New Stubborn Malware Campaign

In January 2022, a new browser hijacker/adware campaign named ChromeLoader (also known as Choziosi Loader and ChromeBack) was discovered. Despite using simple malicious advertisements, the malware became widespread, potentially leaking data from thousands of users and organizations.

#unit42 #EN #2022 #ChromeLoader #malware #browser #hijacker #adware #extension

·unit42.paloaltonetworks.com·Jul 17, 2022

ChromeLoader: New Stubborn Malware Campaign