Unit 42 – Page 2 – Experimental News Clipping Site

Unit 42: When Good Accounts Go Bad: Exploiting Delegated Managed Service Accounts in Active Directory

Aug 6, 2025

—

by

Source URL: https://unit42.paloaltonetworks.com/badsuccessor-attack-vector/ Source: Unit 42 Title: When Good Accounts Go Bad: Exploiting Delegated Managed Service Accounts in Active Directory Feedly Summary: BadSuccessor is an attack vector in Windows Server 2025. Under certain conditions it allows privilege elevation via dMSAs. We analyze its mechanics. The post When Good Accounts Go Bad: Exploiting Delegated Managed Service…

Unit 42: 2025 Unit 42 Global Incident Response Report: Social Engineering Edition

Jul 30, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/2025-unit-42-global-incident-response-report-social-engineering-edition/ Source: Unit 42 Title: 2025 Unit 42 Global Incident Response Report: Social Engineering Edition Feedly Summary: Social engineering thrives on trust and is now boosted by AI. Unit 42 incident response data explains why it’s surging. We detail eight critical countermeasures. The post 2025 Unit 42 Global Incident Response Report: Social Engineering…

Unit 42: The Covert Operator’s Playbook: Infiltration of Global Telecom Networks

Jul 29, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/infiltration-of-global-telecom-networks/ Source: Unit 42 Title: The Covert Operator’s Playbook: Infiltration of Global Telecom Networks Feedly Summary: Recent activity targeting telecom infrastructure is assessed with high confidence to overlap with Liminal Panda activity. The actors used custom tools, tunneling and OPSEC tactics for stealth. The post The Covert Operator’s Playbook: Infiltration of Global Telecom…

Unit 42: The Ηоmоgraph Illusion: Not Everything Is As It Seems

Jul 25, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/homograph-attacks/ Source: Unit 42 Title: The Ηоmоgraph Illusion: Not Everything Is As It Seems Feedly Summary: A subtle yet dangerous email attack vector: homograph attacks. Threat actors are using visually similar, non-Latin characters to bypass security filters. The post The Ηоmоgraph Illusion: Not Everything Is As It Seems appeared first on Unit 42.…

Unit 42: Cloud Logging for Security and Beyond

Jul 22, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/cloud-logging-for-security/ Source: Unit 42 Title: Cloud Logging for Security and Beyond Feedly Summary: Cloud logging is essential for security and compliance. Learn best practices when navigating AWS, Azure or GCP for comprehensive visibility into your environment. The post Cloud Logging for Security and Beyond appeared first on Unit 42. AI Summary and Description:…

Unit 42: Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief

Jul 21, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/microsoft-sharepoint-cve-2025-49704-cve-2025-49706-cve-2025-53770/ Source: Unit 42 Title: Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief Feedly Summary: Unit 42 has observed an active exploitation of recent Microsoft SharePoint Vulnerabilities. Here’s how you can protect your organization. The post Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief appeared first on Unit 42. AI Summary and Description:…

Unit 42: Behind the Clouds: Attackers Targeting Governments in Southeast Asia Implement Novel Covert C2 Communication

Jul 14, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/windows-backdoor-for-novel-c2-communication/ Source: Unit 42 Title: Behind the Clouds: Attackers Targeting Governments in Southeast Asia Implement Novel Covert C2 Communication Feedly Summary: CL-STA-1020 targets Southeast Asian governments using a novel Microsoft backdoor we call HazyBeacon. It misuses AWS Lambda URLs for C2. The post Behind the Clouds: Attackers Targeting Governments in Southeast Asia Implement…

Unit 42: Fix the Click: Preventing the ClickFix Attack Vector

Jul 10, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/preventing-clickfix-attack-vector/ Source: Unit 42 Title: Fix the Click: Preventing the ClickFix Attack Vector Feedly Summary: ClickFix campaigns are on the rise. We highlight three that distributed NetSupport RAT, Latrodectus, and Lumma Stealer malware. The post Fix the Click: Preventing the ClickFix Attack Vector appeared first on Unit 42. AI Summary and Description: Yes…

Unit 42: GoldMelody’s Hidden Chords: Initial Access Broker In-Memory IIS Modules Revealed

Jul 8, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/initial-access-broker-exploits-leaked-machine-keys/ Source: Unit 42 Title: GoldMelody’s Hidden Chords: Initial Access Broker In-Memory IIS Modules Revealed Feedly Summary: An IAB campaign exploited leaked ASP.NET Machine Keys. We dissect the attacker’s infrastructure, campaign and offer takeaways for blue teams. The post GoldMelody’s Hidden Chords: Initial Access Broker In-Memory IIS Modules Revealed appeared first on Unit…

Unit 42: Threat Brief: Escalation of Cyber Risk Related to Iran

Jun 25, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/iranian-cyberattacks-2025/ Source: Unit 42 Title: Threat Brief: Escalation of Cyber Risk Related to Iran Feedly Summary: Unit 42 details recent Iranian cyberattack activity, sharing direct observations. Tactical and strategic recommendations are provided for defenders. The post Threat Brief: Escalation of Cyber Risk Related to Iran appeared first on Unit 42. AI Summary and…

Tag: Unit 42