Unit 42

Frank Crast

Palo Alto Networks: Network Security Trends report highlights common RCE vulnerability exploits against web apps

Cybersecurity Articles, Cybersecurity Attacks, Vulnerabilities & Exploits / Frank Crast / August 20, 2022 / CVE-2021-20166, CVE-2021-20167, CVE-2021-21881, CVE-2021-24762, CVE-2021-28169, CVE-2021-31589, CVE-2021-39226, CVE-2021-4045, CVE-2021-43711, CVE-2022-21371, CVE-2022-21662, CVE-2022-22536, CVE-2022-22947, CVE-2022-22954, CVE-2022-22963, CVE-2022-22965, CVE-2022-24112, CVE-2022-24260, CVE-2022-25060, CVE-2022-25075, CVE-2022-25134, CVE-2022-27226, CVE-2022-29464, Palo Alto Networks, SAP, Spring, Unit 42, VMware, WordPress

Palo Alto Networks Unit 42 researchers released a new report “Network Security Trends” that highlights how attackers are exploiting remote code execution (RCE), cross-site scripting (XSS), traversal and information disclosure vulnerabilities in multiple vendor products.

Palo Alto Networks: Network Security Trends report highlights common RCE vulnerability exploits against web apps Read More »

Frank Crast

eCh0raix ransomware variant targets QNAP and Synology NAS devices

Network Security, Security Updates & Patches, Storage Security, Vulnerabilities & Exploits / Frank Crast / August 12, 2021 / CVE-2021-28799, eCh0raix, Palo Alto Networks, Qlocker, QNAP, Synology, Unit 42

Researchers have discovered a new eCh0raix ransomware variant that targets QNAP and Synology network-attached storage (NAS) devices.

eCh0raix ransomware variant targets QNAP and Synology NAS devices Read More »

Frank Crast

Pro-Ocean cryptojacking malware targets cloud applications

Cloud Security, Cybersecurity Attacks, Vulnerabilities & Exploits / Frank Crast / February 1, 2021 / ApacheMQ, CVE-2016-3088, CVE-2017-10271, Mining, Oracle Weblogic, Pro-Ocean, rootkit, Unit 42, Watchdog, WebLogic

A new Pro-Ocean cryptojacking malware targets popular cloud applications including ApacheMQ, Oracle Weblogic and Redis. The malware contains four modules that execute to hide, mine cryptocurrency, watchdog and infect systems.

Pro-Ocean cryptojacking malware targets cloud applications Read More »

Frank Crast

SolarWinds releases updated advisory on SUPERNOVA malware (updated with CVE-2020-10148)

Malware / Frank Crast / December 29, 2020 / .NET, API, Cyberattack, malware, SolarWinds, Sunburst, Supernova, Unit 42, webshell

SolarWinds has released an updated security advisory on SUPERNOVA malware, a separate threat vector from the previously reported supply chain cyberattack that was based on SUNBURST backdoor malware. The update now includes new information on 0-day CVE-2020-10148 and PoC demo.

SolarWinds releases updated advisory on SUPERNOVA malware (updated with CVE-2020-10148) Read More »

Frank Crast

Hacker publishes vBulletin zero-day exploit

Cybersecurity Attacks, Vulnerabilities & Exploits, Zero-days / Frank Crast / September 25, 2019 / CVE-2019-16759, Exploit, Palo Alto Networks, POC, Social Media, Unit 42, vBulletin, Vulnerabilities

An anonymous hacker posted exploit code for a remote code execution vulnerability in version 5 of the popular vBulletin forum software, used on over 100,000 social websites.

Hacker publishes vBulletin zero-day exploit Read More »

Frank Crast

BabyShark malware expands targets to cryptocurrency industry

Cybersecurity Attacks, Phishing / Frank Crast / April 29, 2019 / BabyShark, Cryptocurrency, phishing, Unit 42

Attackers behind BabyShark malware and cyber campaigns is now targeting the cryptocurrency industry.

BabyShark malware expands targets to cryptocurrency industry Read More »