October 11, 2024 at 07:05PM Researchers at Palo Alto’s Unit 42 suggest that the INC ransomware group has rebranded as Lynx following a notable period of attacks. Comparisons reveal a 70.8% code overlap, indicating a shared foundation. Despite INC’s recent activity, both groups exhibit similarities in their operations and web presence, raising questions about their … Read more
September 25, 2024 at 10:21AM Cybersecurity researchers discovered a new post-exploitation tool, Splinter, with features commonly found in penetration testing tools, developed in Rust. While not as advanced as others, it poses a threat if misused. No threat actor activity has been detected, but its large size suggests potential for cloud and data compromise. This … Read more
April 13, 2024 at 05:27AM Threat actors have been actively exploiting a critical zero-day flaw (CVE-2024-3400) in Palo Alto Networks PAN-OS software, allowing unauthorized code execution. Dubbed Operation MidnightEclipse, the attack involves creating cron jobs to run commands from an external server, triggering a Python-based backdoor. The actor UTA0218 displays advanced capabilities and likely state-backing. … Read more
February 5, 2024 at 05:43PM The Palo Alto Networks Unit 42 team uncovered a new variation of the sneaky banking Trojan, Mispadu Stealer, targeting Mexico. This infostealer exploits the Windows SmartScreen bypass vulnerability CVE-2023-36025. With Mispadu continuously evolving, the researchers advise a comprehensive cybersecurity approach, emphasizing staying informed on threat intelligence, robust endpoint protection, and … Read more
December 1, 2023 at 02:15PM Agent Raccoon, a novel .NET malware used for espionage, targets organizations globally and is linked to nation-state actors by Unit 42. It masquerades as an updater, using DNS for covert communication and includes tools for credential theft and data exfiltration, with active development indicating evolving capabilities. Meeting Takeaways: 1. A … Read more