Network Scanning Traffic Observed in Public Clouds
Cybercriminals can use scanning results to identify potential victims. We share our observations of network scanning traffic in public clouds. The post Network Scanning Traffic Observed in Public...
View ArticleUpdated: New Evidence Emerges to Suggest WatchDog Was Behind Crypto Campaign
We have identified indicators traditionally pointing to TeamTNT operations being used by the WatchDog cryptojacking group. The post Updated: New Evidence Emerges to Suggest WatchDog Was Behind Crypto...
View ArticleTargeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers...
A malicious campaign against ManageEngine ADSelfService Plus used Godzilla webshells, the NGLite backdoor and KdcSponge, a credential stealer. The post Targeted Attack Campaign Against ManageEngine...
View ArticleA Peek into Top-Level Domains and Cybercrime
We analyze which top-level domains (TLDs) have the highest rate of malicious domains and why, and suggest strategies for blocking malicious domains. The post A Peek into Top-Level Domains and...
View ArticleObserving Attacks Against Hundreds of Exposed Services in Public Clouds
Insecurely exposed services are common misconfigurations in cloud environments. We used a honeypot infrastructure to learn about attacks against them. The post Observing Attacks Against Hundreds of...
View ArticlePlay Your Cards Right: Detecting Wildcard DNS Abuse
Wildcard DNS records can be used constructively, but their flexibility also provides attackers with a variety of options for executing attacks. The post Play Your Cards Right: Detecting Wildcard DNS...
View ArticleAPT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus
A persistent and determined APT actor has expanded beyond Zoho ManageEngine ADSelfService Plus and begun an active campaign against ServiceDesk Plus. The post APT Expands Attack on ManageEngine With...
View ArticleDetecting Patient Zero Web Threats in Real Time With Advanced URL Filtering
Patient zero web threats are malicious URLs that are being seen for the first time. We discuss how to stop them despite attacker cloaking techniques. The post Detecting Patient Zero Web Threats in Real...
View ArticleAnother Apache Log4j Vulnerability Is Actively Exploited in the Wild...
We provide background and a root cause analysis of CVE-2021-44228, a remote code execution vulnerability in Apache log4j, and we recommend mitigations. The post Another Apache Log4j Vulnerability Is...
View ArticleNetwork Security Trends: August-October 2021
Network attacks observed August-October 2021 included high levels of cross-site scripting, code execution and directory traversal. The post Network Security Trends: August-October 2021 appeared first...
View ArticleStrategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends
Strategically aged domain detection can capture domains registered by advanced persistent threats or likely to be used for network abuses. The post Strategically Aged Domain Detection: Capture APT...
View ArticleA New Web Skimmer Campaign Targets Real Estate Websites Through Attacking...
A supply chain attack leveraging a cloud video platform to distribute web skimmer campaigns compromised more than 100 real estate sites. The post A New Web Skimmer Campaign Targets Real Estate Websites...
View ArticleThe Year in Web Threats: Web Skimmers Take Advantage of Cloud Hosting and More
We identify recent trends in web threats, including top malware families. Web skimmers, difficult to detect and easy to deploy, are highlighted. The post The Year in Web Threats: Web Skimmers Take...
View ArticleThreat Assessment: Black Basta Ransomware
Black Basta is ransomware as a service (RaaS) that first emerged in April 2022. However, evidence suggests that it has been in development since February. The Black Basta operator(s) use the double...
View ArticleCNAME Cloaking: Disguising Third Parties Through the DNS
CNAME cloaking uses DNS records to hide when browsers are sending data to a third party such as an advertiser. The post CNAME Cloaking: Disguising Third Parties Through the DNS appeared first on Unit 42.
View Article