Palo Alto Networks

This category contains 615 posts

Threat Brief: Drive-by Mining – Adapting an Old Attack to Mine Cryptocurrencies

On January 2, 2017, one Bitcoin was worth US $985.56. By October 16, 2017, that same Bitcoin was worth US $ 5,707.40: a 579% increase in value in ten and a half months. By comparison, Ethereum has gone from US $8.15 per ether on January 2, 2017 to US $342.83 per ether on October 16, 2017: a jump of … Continue reading

Welcoming the APAC WildFire Cloud

In service of delivering superior security outcomes, we must aggregate massive quantities of unknown threat data from a global community of users. Once this data is brought together, it should be rapidly processed, correlated and acted upon as new prevention controls. In order to support thousands of customers and petabytes of data in one central … Continue reading

Palo Alto Networks Day Japan 2017: Evolving Cybersecurity Efforts to Increase Trust in the Digital Age and Prevent Cyberattacks

Palo Alto Networks Day 2017, our third annual global cybersecurity conference in Japan, was a great success, attracting over 2,600 registrations. The number of attendees has more than doubled each year of the conference; and the spike in attendance reflects growing interest in cybersecurity updates on next-generation technology, the current cyberthreat landscape, Japan’s cybersecurity policy, … Continue reading

Threat Brief: Patch Today and Don’t Get Burned by an Android Toast Overlay

Today, Palo Alto Networks Unit 42 researchers are announcing details on a new high- severity vulnerability affecting the Google Android platform. Patches for this vulnerability are available as part of the September 2017 Android Security Bulletin. This new vulnerability does NOT affect Android 8.0 Oreo, the latest version; but it does affect all prior versions of Android. … Continue reading

What Do Best-of-Breed Security Products and Top NFL Draft Picks Have in Common?

Analyzed individually, they can’t predict success. “Poor build, skinny. Lacks great physical stature and strength, lacks mobility and ability to avoid the rush, lacks a really strong arm, can’t drive the ball downfield … gets knocked down easily.” Whether you’re a football fan or not, if asked from whose NFL scouting report this quote was … Continue reading

The Cybersecurity Canon: Cybersecurity: Geopolitics, Law, and Policy

We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite.  The Cybersecurity Canon … Continue reading

Updated KHRAT Malware Used in Cambodia Attacks

Introduction Unit 42 recently observed activity involving the Remote Access Trojan KHRAT used by threat actors to target the citizens of Cambodia. So called because the Command and Control (C2) infrastructure from previous variants of the malware was located in Cambodia, as discussed by Roland Dela Paz at Forecpoint here, KHRAT is a Trojan that registers … Continue reading

Top 10 Considerations for Securing Public Cloud Workloads

The shift to the public cloud has offered organizations increased agility, flexibility and scalability. However, as more and more organizations move critical workloads to the public cloud, the potential for attackers to steal data, intellectual property or computing resources also rises. Below is a brief breakdown of three considerations for securing public cloud workloads. Download the … Continue reading

The Curious Case of Notepad and Chthonic: Exposing a Malicious Infrastructure

Recently, I’ve been investigating malware utilizing PowerShell and have spent a considerable amount of time refining ways to identify new variants of attacks as they appear. This posting is a follow-up of my previous work on this subject in  “Pulling Back the Curtains on EncodedCommand PowerShell Attacks”. In a sample I recently analyzed, something stood … Continue reading

OilRig Uses ISMDoor Variant; Possibly Linked to Greenbug Threat Group

Unit 42 has discovered activity involving threat actors responsible for the OilRig campaign with a potential link to a threat group known as GreenBug. Symantec first reported on this group back in January 2017, detailing their operations and using a custom information stealing Trojan called ISMDoor. In July 2017, we observed an attack on a Middle Eastern technology … Continue reading

Web Stats

  • 121,322 hits


@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,358 other followers

Twitter Updates

Error: Twitter did not respond. Please wait a few minutes and refresh this page.


October 2017
« Sep