Tag: Unit 42

Learn about BOLABuster, an LLM-driven tool automating BOLA vulnerability detection in web applications. Issues have already been identified in multiple projects. The post Harnessing LLMs for Automating BOLA Detection appeared first on Unit 42. This article has been indexed from…

Read more →

Discover the 2024 ransomware landscape: a 4.3% increase in leak site posts compared to the first half of 2023, top targeted sectors and impacted countries. The post Ransomware Review: First Half of 2024 appeared first on Unit 42. This article…

Read more →

Russian APT Fighting Ursa (APT28) used compelling luxury car ads as a phishing lure, distributing HeadLace backdoor malware to diplomatic targets. The post Fighting Ursa Luring Targets With Car for Sale appeared first on Unit 42. This article has been…

Read more →

Unit 42 researchers discovered BOLA vulnerability CVE-2024-22278 in the cloud-native container registry Harbor. They break down its discovery and the outcomes. The post Identifying a BOLA Vulnerability in Harbor, a Cloud-Native Container Registry appeared first on Unit 42. This article…

Read more →

A direct correlation between GenAI’s explosive popularity and scam attacks is addressed in this article, using plentiful data and a case study of network abuse. The post Scam Attacks Taking Advantage of the Popularity of the Generative AI Wave appeared…

Read more →

We explain how an automated BOLA detection tool harnessing GenAI discovered multiple BOLA vulnerabilities in open-source scheduling tool Easy!Appointments. The post AI Tool Identifies BOLA Vulnerabilities in Easy!Appointments appeared first on Unit 42. This article has been indexed from Unit…

Read more →

Malware analysts demonstrate how to triage and analyze large amounts of samples with greater efficiency. Samples include Remcos RAT, Lumma Stealer and more. The post Accelerating Analysis When It Matters appeared first on Unit 42. This article has been indexed…

Read more →

This article is a detailed study of CVE-2023-46229 and CVE-2023-44467, two vulnerabilities discovered by our researchers affecting generative AI framework LangChain. The post Vulnerabilities in LangChain Gen AI appeared first on Unit 42. This article has been indexed from Unit…

Read more →

Ransomware gang RA World rebranded from RA Group. We discuss their updated tactics from leak site changes to an analysis of their operational tools. The post From RA Group to RA World: Evolution of a Ransomware Group appeared first on…

Read more →

Unit 42 researchers test container escape methods and possible impacts within a Kubernetes cluster using a containerd container runtime. The post Container Breakouts: Escape Techniques in Cloud Environments appeared first on Unit 42. This article has been indexed from Unit…

Read more →

Unit 42 researchers test container escape methods and possible impacts within a Kubernetes cluster using a containerd container runtime. The post Container Breakouts: Escape Techniques in Cloud Environments appeared first on Unit 42. This article has been indexed from Unit…

Read more →

Our data shows a pattern of APK malware bundled as BadPack files. We discuss how this technique is used to garble malicious Android files, creating challenges for analysts. The post Beware of BadPack: One Weird Trick Being Used Against Android…

Read more →

Our data shows a pattern of APK malware bundled as BadPack files. We discuss how this technique is used to garble malicious Android files, creating challenges for analysts. The post Beware of BadPack: One Weird Trick Being Used Against Android…

Read more →

We perform an in-depth study of a DarkGate malware campaign exploiting Excel files from early this year, assessing its functionality and its C2 traffic. The post DarkGate: Dancing the Samba With Alluring Excel Files appeared first on Unit 42. This…

Read more →

We demonstrate effective methods to circumvent anti-analysis evasion techniques from GootLoader, a backdoor and loader malware distributed through fake forum posts. The post Dissecting GootLoader With Node.js appeared first on Unit 42. This article has been indexed from Unit 42…

Read more →

This threat brief details CVE-2024-6387, called RegreSSHion, an RCE vulnerability affecting connectivity tool OpenSSH servers on glibc-based Linux systems. The post Threat Brief: CVE-2024-6387 OpenSSH RegreSSHion Vulnerability appeared first on Unit 42. This article has been indexed from Unit 42…

Read more →

Our novel contrastive credibility propagation algorithm improves on data loss prevention and has unique applications to sensitive material. The post The Contrastive Credibility Propagation Algorithm in Action: Improving ML-powered Data Loss Prevention appeared first on Unit 42. This article has…

Read more →

Unit 42 researchers examine how attackers use publicly available Malleable C2 profiles, examining their structure to reveal evasive techniques. The post Attackers Exploiting Public Cobalt Strike Profiles appeared first on Unit 42. This article has been indexed from Unit 42…

Read more →

Virtual machines (VMs) are a significant attack target. Focusing on three major CSPs, this research summarizes the conditions for possible VM attack paths. The post Attack Paths Into VMs in the Cloud appeared first on Unit 42. This article has…

Read more →

A Chinese APT group is targeting political entities across multiple continents. Named Operation Diplomatic Specter, this campaign uses rare techniques and a unique toolset. The post Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target…

Read more →