Our latest research leverages #autoencoders for creating condensed #DNS profiles, enabling precise anomaly detection and bolstering cybersecurity defenses. Read more: bit.ly/3MehhmA

2024-08-21 (Wednesday): First reported in July 2024, a #PowerShell #Stealer named #Kematian Stealer (#KematianStealer) still appears to be active. Details on a recent sample are available at bit.ly/3YNTIIW #Unit42ThreatIntel #TimelyThreatIntel

A ransomware attack severely disrupted government operations, putting critical citizen services on the line. With no time to waste, Unit 42 #IR experts quickly assessed the damage, identified the threat actor, and launched a recovery plan. bit.ly/46vh6g7

With over 2 decades hunting cybercriminals, Wendi Whitmore, SVP and Head of Unit 42, has some stories... ...And she's joining us #ThreatVector. What do you want to know? Common attack vectors? The #AI threat landscape? Drop a comment and we'll cover it on the podcast.

Fans of the new action RPG "Black Myth: Wukong" are being targeted through malicious domains. #Phishing, crypto #scams and illegal gambling linked to Wukong-themed domains are on the rise. More info at bit.ly/4dRll8c #Wukong #BlackMythWukong #TimelyThreatIntel

Cloud cybersecurity can be a moving target. Recent activities by Bling Libra — the group behind #ShinyHunters #ransomware — underscore this. Using the MITRE ATT&CK framework, we walk through their novel cloud tactics in an extortion case. bit.ly/3SUe8MD

2024-08-26 (Monday): #malspam pushing #GuLoader for #Remcos #RAT (#RemcosRAT). Steals login credentials and runs #keylogger. Indicators available at bit.ly/3YXYGTl #TimelyThreatIntel #Unit42ThreatIntel #Wireshark #InfectionTraffic

The power of #MachineLearning enhances cyber threat detection: Unit 42 researchers delve into sophisticated techniques for clustering and classifying DNS traffic through several case studies. bit.ly/3MehhmA

2024-08-28 (Wednesday): More #Lumma #Stealer (#LummaStealer) from pages instructing potential victims to copy/paste #PowerShell script in a Run window. Recent examples of these human captcha style pages available at bit.ly/4cJk0zq #Unit42ThreatIntel #TimelyThreatIntel

Using the MITRE framework to outline the attackers’ steps, we reveal a sophisticated cloud extortion campaign where exposed environment variable files were leveraged to compromise victim organizations. bit.ly/4fKJhM3

Unit 42’s latest research provides a comprehensive review of detection mechanisms for #deepfake #scams. We discuss the efficacy of current models and explore potential advancements in anomaly detection algorithms. bit.ly/3z4MmGk

From .bot to .zip, discover how new top-level domains are being misused in the digital realm. Our new graph-based pipeline reveals insights into phishing, unwanted programs, and more. bit.ly/4g6QXZf

This research uncovers a tactical shift by the actors behind #ShinyHunters ransomware. They are now engaging in extortion through AWS environments. Discover how they exploit public repo credentials and what steps you can take to protect your cloud assets. bit.ly/3SUe8MD

CVE-2024-7971, a vuln allowing RCE in a sandboxed Chromium renderer process, is being exploited in the wild. Microsoft has just released a report identifying a North Korean actor exploiting this CVE. Patches available since 21 Aug — take action now! bit.ly/3z0G0b1

🎓 Schools are increasingly targets of cybersecurity attacks. Learn how to protect digital educational environments on Threat Vector. 🎧 bit.ly/3X1d4HQ

From a fake error message to a folder name as a decryption key, this technical analysis of a variant of the malware WikiLoader (aka WailingCrab) shows deceptive campaigns involving a spoof of Palo Alto Networks GlobalProtect VPN. bit.ly/3X6uK51

This article explores the intersection of #AI ethics and cybersecurity in the context of #deepfake scams. Our findings emphasize the need for robust, ethical AI frameworks to prevent the misuse of generative technologies. bit.ly/3z4MmGk

2024-09-04 (Wednesday): We're still seeing the #EtherHiding technique used to generate popup windows for fake browser updates. Indicators and more info available at bit.ly/3Tg7nox #TimelyThreatIntel #Unit42ThreatIntel #IndicatorsOfCompromise

How to build a security culture 🛡️ security vs. usability⚖️ & more on the latest #ThreatVector podcast bit.ly/3Thdg4I #cybersecurity

APT Stately Taurus (aka #MustangPanda) abused Visual Studio Code in operations targeting government entities in Southeast Asia, marking the first known instance in our telemetry of threat actors using this software to infiltrate infected targets. bit.ly/4ghRDuS