OpenSSH is a connectivity tool with a suite of services. CVE-2024-6387 (aka RegreSSHion), a critical signal handler race condition vulnerability, exploits OpenSSH servers to allow attackers root privileges on exploitation. Our threat brief on this vulnerability includes: 1️⃣ Details of the vulnerability 2️⃣ Current scope of the attack, including seen exposed instances 3️⃣ Unit 42 MTH queries 4️⃣ Mitigation guidance We’ll continue to update as more information comes to light. Read the brief now: https://bit.ly/3xK4xk1
Palo Alto Networks Unit 42
Computer and Network Security
SANTA CLARA, CA 68,766 followers
Unit 42 Threat Intelligence & Incident Response. Intelligence Driven. Response Ready.
About us
Palo Alto Networks Unit 42 brings together world-renowned threat researchers with an elite team of incident responders and security consultants to create an intelligence-driven, response-ready organization passionate about helping customers more proactively manage cyber risk. With a deeply rooted reputation for delivering world-class threat intelligence, Unit 42 provides industry-leading incident response and cyber risk management services to security leaders around the globe.
- Website
-
http://paloaltonetworks.com/unit42
External link for Palo Alto Networks Unit 42
- Industry
- Computer and Network Security
- Company size
- 5,001-10,000 employees
- Headquarters
- SANTA CLARA, CA
- Type
- Public Company
- Founded
- 2005
- Specialties
- Incident Response, Risk Management, Operational Threat Intelligence, and Network Security
Locations
-
Primary
3000 Tannery Way
SANTA CLARA, CA 95054, US
Employees at Palo Alto Networks Unit 42
Updates
-
Our #DNSHijacking detection system recently observed #GARUDA hackers compromise and deface sites of large orgs, including an ISP and a utility management company via #DNSattacks. We regularly publish on identifying and protecting against DNS threats here: https://bit.ly/4cCUiNB #TimelyThreatIntel #Unit42ThreatIntel
-
-
Say goodbye to email alert fatigue. Unit 42 MDR sent just 37 email alerts during the MITRE Engenuity ATT&CK Evaluation: Managed Services, while other vendors sent hundreds. With Unit 42 MDR, built on Cortex by Palo Alto Networks, we deliver only the most actionable information right when you need it. Stay secure without the noise. https://bit.ly/46iAzRf
-
-
Malware #DarkGate has been distributed in numerous creative ways: via DLL side-loading, tricking users into copying and pasting malicious scripts, by email attachments that run content from a .cab archive, or even via an installer link sent over Teams. Our researchers dissect a campaign from early 2024, where Microsoft Excel files led to malicious software downloads. Decrypting the configuring data and detailing the anti-analysis techniques, this article looks at how this adaptive malware persists in the threat landscape and what can be learned from how it has evolved. Dive into the research now: https://bit.ly/3S1gQj4
-
-
By sandboxing a sample of the malicious backdoor malware #GootLoader, Unit 42 researchers analyzed and then bypassed its anti-analysis techniques. They've broken these steps down in this article. Security researchers will learn how Visual Code Studio and Node.js debugging played a hand in the process. https://bit.ly/4cMLXGG
-
-
Palo Alto Networks Unit 42 reposted this
🙋♀️ Raise your hand if you're ready to fight AI with AI. 🤖 #BHUSA 🗓️ August 7-8 📍Booth #1632 at Mandalay Bay The future is cybersecurity powered by Precision AI™. We'll see you in August and show you how. https://bit.ly/4cMIsAd
-
Palo Alto Networks Unit 42 reposted this
🎯 Actionable insights without the noise. Palo Alto Networks Unit 42 MDR, backed by Cortex by Palo Alto Networks XDR, outpaces the competition, delivering MTTD almost twice the speed of the average participant in the MITRE Engenuity ATT&CK Evaluation: Managed Services. With just 37 targeted email alerts, not hundreds. 👀 Learn more about our results. https://bit.ly/3RTCF3J
-
Unit 42 is tracking the #regreSSHion CVE-2024-6387 unauthenticated remote code execution (RCE) vulnerability affecting #OpenSSH server versions (before v4.4 and between v8.5-9.8). Current guidance is to isolate and patch vulnerable systems. 1️⃣ Patch now. Software updates to address the critical security problem are available – https://bit.ly/3KspXDA. 2️⃣ We are investigating the broader scope of potentially vulnerable systems as well as monitoring for functioning exploit code. Lab experimentation by Qualys (who discovered the vulnerability) highlighted that successful exploitation may take approximately 6-8 hours of continuous connections to the vulnerable server – https://bit.ly/3xIuHDQ. 3️⃣ Unit 42 will share more critical guidance as it is available.
-
-
Palo Alto Networks Unit 42 reposted this
Palo Alto Networks Unit 42 | DHS Cyber Safety Review Board Inaugural Member | Duke University Cybersecurity Advisory Board | World Economic Forum Global Future Council on Cybersecurity
The ransomware group BlackSuit, currently in the news for various global attacks, is a suspected rebranding of the Royal group. Palo Alto Networks Unit 42 has recently responded to multiple cases involving BlackSuit, and feel it’s important to share details on the group so businesses can be vigilant and defend against possible attacks. The group displays signs of operational experience and a higher level of sophistication, potentially inherited from predecessor groups. They are opportunistic & seem to be indiscriminately targeting organizations, demonstrating a global reach. Unlike many other ransomware groups Unit 42 tracks, BlackSuit operates as a private group without affiliates, outside of the popular RaaS model. BlackSuit notable TTPs: -Initial attack vector through various means, such as malicious phishing attachments, social engineering through vishing calls, as well as abuse of legitimate credentials -Deploys both Windows and Linux-based ransomware payloads, and also interacts with VMware ESXi to impact virtual infrastructure -Attempts to disable host security products such as AV and EDR -Leverage data leak sites as part of a double-extortion strategy Unit 42 recommendations for organizations include: -Ensure least privilege for user accounts as well as access control lists to critical systems -Ensure strong, not reused passwords with MFA enabled for remote access to systems -Segment networks and critical systems where appropriate -Review and harden ESXi and other infrastructure configuration and security policies -Have a robust incident response plan Background on BlackSuit: BlackSuit first came to light in May 2023 when Unit 42 published a social media post discussing its ability to target both Windows and Linux hosts. Their first leak site post was on June 18, 2023. Various sources, including Unit 42, have reported similarities in code between Royal and the newly established BlackSuit ransomware, indicating a possible rebranding from Royal to BlackSuit and possible relation to the Conti Group. Unit 42 will continue to share information about this threat actor as their tactics evolve.
-
Starting with the research question “Can we build an SSL algorithm whose primary objective is to match or outperform a fully supervised baseline for any dataset?” Unit 42 researchers set out to test their contrastive credibility propagation algorithm (presented at AAAI '24) and share their results. This article is a high-level overview of the algorithm’s components, the results of experiments and its real world application to state-of-the-art data loss prevention. It also includes how the authors worked with sensitive data while preserving privacy. Read it now: https://bit.ly/3W2g4Ew #MachineLearning #DeepLearning #DataLossPrevention
-