Web-based Threats-2018 Q2: U.S. Remains #1 in Malicious Web Addresses, China Falls from #2 to #7

Web-based Threats-2018 Q2: U.S. Remains #1 in Malicious Web Addresses, China Falls from #2 to #7

Executive Summary In Q2, the United States was number one for hosting malicious domains and exploit kits. Unit 42 regularly analyzes statistical data from our Email Link Analysis (ELINK) to understand the patterns and trends in current web threats.  This blog outlines our analysis for April – June (Q2) 2018  and follows up our previous blog analyzing [...]

Define a Protect Surface to Massively Reduce Your Attack Surface

Define a Protect Surface to Massively Reduce Your Attack Surface

In cybersecurity, one of the things people tend to focus on the least is defining what they’re trying to protect. The general consensus is that they want to protect against attacks, but the attacks are attacking something. What is that thing? Over the years, we have been working diligently to reduce the attack surface, but [...]

Threat Brief: Information on Critical Apache Struts Vulnerability CVE-2018-11776


Situation Overview On August 22, 2018, the Apache Foundation released a critical security update for CVE-2018-1176, a remote code execution vulnerability affecting Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16. The Apache Foundation has urged everyone to apply the security updates as soon as possible. This blog is to provide information to help organizations assess their [...]

Four Unit 42 Vulnerability Researchers Make MSRC Top 100 for 2018

Four Unit 42 Vulnerability Researchers Make MSRC Top 100 for 2018

Palo Alto Networks Unit 42 is proud to announce that four of our researchers were named to the Microsoft Security Response Center (MSRC) “Top 100 Security Researchers List” for 2018. This is the third year Unit 42 researchers have been included in this prestigious list, which is announced every year at Black Hat. This year’s [...]

In OT Environments, Security Must Not Be an Afterthought

In OT Environments, Security Must Not Be an Afterthought

The dream of a cloud-enabled operational technology, or OT, environment is becoming a reality thanks to daily innovations in technology, which have the potential of turning legacy control systems into integrated IIoT instances. These changes are happening at a fast pace, and are often extraordinary in scale. Large scale ICS SCADA systems, such as those [...]