Threat Vector by Unit 42

In this episode of Threat Vector, host David Moulton and Andy Piazza, Sr. Director of Threat Intelligence at Unit 42, dive into the critical vulnerability CVE-2024-3400 found in PAN-OS software of Palo Alto Networks, emphasizing the importance of immediate patching and mitigation strategies for such vulnerabilities, especially when they affect edge devices like firewalls or VPNs. The discussion covers the discovery, technical details, and exploitation of the vulnerability, highlighting its potential for unauthenticated attackers to execute arbitrary code with root privileges. They discuss the Midnight Eclipse activity related to pre-disclosure exploitation of the vulnerability, the collaborative response with cybersecurity firm Volexity, and the living off the land techniques employed by threat actors. The episode underlines the critical nature of patching vulnerabilities promptly, monitoring network traffic for suspicious activity, and ensuring that mitigation strategies are in place to protect against such threats. Visit the Unit 42 Threat Research Center for the latest on Midnight Eclipse. https://unit42.paloaltonetworks.com/cve-2024-3400/ Join the conversation on our social media channels: Website: ⁠⁠⁠⁠https://www.paloaltonetworks.com/unit42⁠⁠⁠⁠ Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠ Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠ YouTube: ⁠⁠⁠⁠@PaloAltoNetworksUnit42⁠⁠⁠⁠ Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠ About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com⁠

In this episode of Threat Vector, David Moulton, Director of Thought Leadership at Unit 42, explores Adversarial AI and Deepfakes as part of the ongoing series “AI’s Impact in Cybersecurity” with two expert guests, Billy Hewlett, Senior Director of AI Research at Palo Alto Networks, and Tony Huynh, a Security Engineer specializing in AI and deepfakes. They unpack the escalating risks posed by adversarial AI in cybersecurity. You’ll learn how organizations can fortify their defenses against AI-driven attacks and the critical role of human vigilance in safeguarding against sophisticated cyber threats.  Join the conversation on our social media channels: Website: ⁠⁠⁠⁠https://www.paloaltonetworks.com/unit42⁠⁠⁠⁠ Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠ Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠ YouTube: ⁠⁠⁠⁠@PaloAltoNetworksUnit42⁠⁠⁠⁠ Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠ About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com⁠

In this episode of Threat Vector, host David Moulton, Director of Thought Leadership at Unit 42, welcomes Donnie Hasseltine, VP of Security at Second Front Systems and a former Recon Marine, as they delve into the indispensable role of a military mindset in cybersecurity. Drawing from over two decades in the Marine Corps and a seamless transition into the tech industry, Donnie shares insights into leveraging military discipline and strategic thinking in the rapidly evolving cybersecurity landscape. This conversation not only explores the challenges and opportunities within the startup ecosystem but also highlights the criticality of foundational cybersecurity practices and the value of a security-first approach. Listeners will gain an understanding of how military experience equips veterans for impactful roles in cybersecurity, offering unique perspectives on problem-solving, leadership, and the importance of nurturing a security mindset to navigate and mitigate cyber risks effectively. Hacking for Defense Join the conversation on our social media channels: Website: ⁠⁠⁠⁠https://www.paloaltonetworks.com/unit42⁠⁠⁠⁠ Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠ Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠ YouTube: ⁠⁠⁠⁠@PaloAltoNetworksUnit42⁠⁠⁠⁠ Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠ About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com⁠

Join David Moulton, Director of Thought Leadership at Unit 42, as he hosts Sam Rubin, VP and Global Head of Operations at Unit 42, to discuss Sam's testimony to the US Congress on the multifaceted landscape of ransomware attacks, AI, and automation, the need for more cybersecurity education and more. This episode digs into the sophistication and rapid evolution of cyber threats with insights drawn from real-world case studies, including stark revelations from sectors like healthcare and education. The conversation underscores the need for robust public-private partnerships in fortifying cybersecurity frameworks. Listeners will gain a deeper understanding of the strategic shifts necessary to counteract the advanced tactics of today's cyber adversaries. Read Sam Rubin's testimony. Don’t miss out on the SecOps event of the year — Symphony 2024 on April 17-18. Join industry leaders, tech visionaries, and cybersecurity professionals. See firsthand how AI, automation, and machine learning can empower your team to predict, detect, and respond to threats faster than ever. Join the conversation on our social media channels: Website: ⁠⁠⁠⁠https://www.paloaltonetworks.com/unit42⁠⁠⁠⁠ Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠ Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠ YouTube: ⁠⁠⁠⁠@PaloAltoNetworksUnit42⁠⁠⁠⁠ Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠ About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com⁠

In this episode of Threat Vector, we dive deep into the new SEC cybersecurity regulations that reshape how public companies handle cyber risks. Legal expert and Unit 42 Consultant Jacqueline Wudyka brings a unique perspective on the challenges of defining 'materiality,' the enforcement hurdles, and the impact on the cybersecurity landscape.  Whether you're a cybersecurity professional, legal expert, or just keen on understanding the latest in cyber law, this episode is packed with insights and strategies for navigating this new terrain. Tune in to stay ahead in the world of cybersecurity compliance! If you're interested to learn more about Unit 42's world-class, visit https://www.paloaltonetworks.com/unit42. Special Webinar Event The Ransomware Landscape: Threats Driving the SEC Rule and Other Regulations As the cybersecurity landscape continues to evolve, so do regulations governing how to protect your organization and how to report cybersecurity incidents. The latest example comes from the U.S. Securities and Exchange Commission (SEC), which recently finalized rules for publicly traded companies on cyber incident disclosure and cyber risk management plans. The SEC Rules are just the latest of several regulatory efforts that address escalating cyber threats that CISO’s and their organizations face due to criminals’ ability to monetize on cybersecurity incidents like ransomware techniques. Hear from Unit 42 Experts: Steve Dyson, Principal Consultant Palo Alto Networks Sam Kaplan, Assistant General Counsel, Public Policy & Government Affairs Palo Alto Networks Unit 42 David Faraone, Senior Consulting Director Palo Alto Networks Unit 42 Jacqueline Wudyka, Associate Consultant Palo Alto Networks Unit 42 Don’t miss out on the SecOps event of the year — Symphony 2024 on April 17-18. Join industry leaders, tech visionaries, and cybersecurity professionals. See firsthand how AI, automation, and machine learning can empower your team to predict, detect, and respond to threats faster than ever. Join the conversation on our social media channels: Website: ⁠⁠⁠⁠https://www.paloaltonetworks.com/unit42⁠⁠⁠⁠ Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠ Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠ YouTube: ⁠⁠⁠⁠@PaloAltoNetworksUnit42⁠⁠⁠⁠ Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠

Don’t miss out on the SecOps event of the year — Symphony 2024 on April 17-18. Join industry leaders, tech visionaries, and cybersecurity professionals. See firsthand how AI, automation, and machine learning can empower your team to predict, detect, and respond to threats faster than ever. *** This episode of Threat Vector outlines a conversation between host David Moulton, Director of Thought Leadership at Palo Alto Networks Unit 42, and Michael "Siko" Sikorski, Unit 42's CTO and VP of Engineering, discussing the Unit 42's 2024 Incident Response Report. They provide insights into key cyber threats and trends, including preferred attack vectors, the escalating use of AI by threat actors, software vulnerabilities, the concept of 'living off the land' attacks, and the importance of robust incident response strategies. They also address the rising trend of business disruption supply chain attacks and share recommendations for mitigating these cyber threats. Resources: Read the 2024 Unit 42 Incident Response report. Listen to Beyond the Breach: Strategies Against Ivanti Vulnerabilities. Join the conversation on our social media channels: Website: ⁠⁠⁠⁠https://www.paloaltonetworks.com/unit42⁠⁠⁠⁠ Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠ Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠ YouTube: ⁠⁠⁠⁠@PaloAltoNetworksUnit42⁠⁠⁠⁠ Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠ About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com⁠

Don’t miss out on the SecOps event of the year — Symphony 2024 on April 17-18. Join industry leaders, tech visionaries, and cybersecurity professionals. See firsthand how AI, automation, and machine learning can empower your team to predict, detect, and respond to threats faster than ever. *** In this episode of Threat Vector, host David Moulton, Director of Thought Leadership at Unit 42, along with guests Sam Rubin, VP, Global Head of Operations, and Ingrid Parker, Senior Manager of the Intel Response Unit, dive deep into the critical vulnerabilities found in Ivanti's Connect Secure and Policy Secure products.  They explore the vulnerabilities' potential impact, the urgency of mitigation, and strategies for defense. This discussion sheds light on the tactical and strategic responses necessitated by the current threat landscape, highlighting the collaboration between public directives and private sector response.  They also discuss what Palo Alto Networks is doing to help the cybersecurity community at this time with a no-cost, no-obligation emergency bundle. Learn about the no-cost, no-obligation emergency bundle at https://www.paloaltonetworks.com/Ivanti-VPN-exploit-response For the latest insights and research on the Ivanti vulnerabilities, visit the Unit 42 Threat Research Center at https://unit42.paloaltonetworks.com/threat-brief-ivanti-cve-2023-46805-cve-2024-21887/  If you believe you are at risk because of an Ivanti Vulnerability, Palo Alto Networks is offering a no-cost, no-obligation emergency bundle for your organization. Join the conversation on our social media channels: Website: ⁠⁠⁠⁠https://www.paloaltonetworks.com/unit42⁠⁠⁠⁠ Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠ Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠ YouTube: ⁠⁠⁠⁠@PaloAltoNetworksUnit42⁠⁠⁠⁠ Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠ About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com⁠

Don’t miss out on the SecOps event of the year — Symphony 2024 on April 17-18. Join industry leaders, tech visionaries, and cybersecurity professionals. See firsthand how AI, automation, and machine learning can empower your team to predict, detect, and respond to threats faster than ever. ****** In this episode of Threat Vector, host David Moulton, Director of Thought Leadership at Unit 42, speaks with Oded Awaskar, an MDR Senior Manager - Threat-Hunting.  Oded talks about how he got into threat-hunting, the evolving threat landscape, and the benefits and challenges of implementing a managed threat-hunting program. He also discusses how AI and ML might change the world of security operations and threat-hunting.  The conversation ends with a lightning round of questions, where Oded addresses misconceptions related to threat-hunting and managed detection and response (MDR). If you are interested to learn more about Unit 42 World-Renowned threat hunters, visit https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting and https://www.paloaltonetworks.com/unit42/respond/managed-detection-response Download the datasheets:  https://www.paloaltonetworks.com/resources/datasheets/unit42-ds-managed-threat-hunting  https://www.paloaltonetworks.com/resources/datasheets/unit42-managed-detection-and-response  Join the conversation on our social media channels: Website: ⁠⁠⁠⁠https://www.paloaltonetworks.com/unit42⁠⁠⁠⁠ Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠ Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠ YouTube: ⁠⁠⁠⁠@PaloAltoNetworksUnit42⁠⁠⁠⁠ Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠ About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com⁠

Don’t miss out on the SecOps event of the year — Symphony 2024 on April 17-18. Join industry leaders, tech visionaries, and cybersecurity professionals. See firsthand how AI, automation, and machine learning can empower your team to predict, detect, and respond to threats faster than ever. Join us on the latest episode of Threat Vector to dive into the evolving world of AI in cybersecurity with Kyle Wilhoit, director of threat research at Unit 42. The podcast also touches on the threat research published by Unit 42 regarding the unique characteristics of Medusa ransomware with Unit 42 researchers Doel Santos, principal threat researcher, and Anthony Galiette, senior malware reverse engineer. This thought-provoking discussion, hosted by David Moulton, director of thought leadership at Unit 42, focuses on the current state and future trends of AI in cyberthreats. Discover how AI is reshaping the landscape of cyberattacks, the role of generative AI in threat actor tactics, and the challenges of attribution in AI-driven cyberattacks. Wilhoit shares his perspectives on the notable use cases where adversarial AI techniques have been employed and how cybersecurity professionals can adapt to these emerging challenges. Learn about the balance between targeted and non-targeted AI-driven attacks and the strategies being developed to counteract them effectively. The conversation then shifts to new research on Medusa ransomware, with experts Santos and Galiette, offering a snapshot of the threat intel they published on the Unit 42 Threat Research Center. Their research exposes how Medusa employs sophisticated methods for propagation and evasion, a unique multi-extortion strategy, transparently pressurizing victims with online ransom demands, and a detailed breakdown of Medusa ransomware's operations and the proactive protective measures suggested by Palo Alto Networks. Stay ahead of the curve in the cybersecurity world by subscribing to Threat Vector. Join the conversation on our social media channels: Website: ⁠⁠⁠⁠https://www.paloaltonetworks.com/unit42⁠⁠⁠⁠ Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠ Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠ YouTube: ⁠⁠⁠⁠@PaloAltoNetworksUnit42⁠⁠⁠⁠ Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠ About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com⁠

Don’t miss out on the SecOps event of the year — Symphony 2024 on April 17-18. Join industry leaders, tech visionaries, and cybersecurity professionals. See firsthand how AI, automation, and machine learning can empower your team to predict, detect, and respond to threats faster than ever. This episode features Garrett Boyd, a senior consultant with a background as a Marine and professor, discusses the importance of internal training and mentorship in cybersecurity. He provides insights into how training prepares professionals for industry challenges and how mentorship fosters professional growth and innovation. Garrett emphasizes the need for a mentorship culture in organizations and the responsibility of both mentors and mentees in this dynamic. The episode highlights the transformative impact of mentorship through personal experiences and concludes with an invitation for listeners to share their stories and a reminder to stay vigilant in the digital world. Join the conversation on our social media channels: Website: ⁠⁠⁠⁠https://www.paloaltonetworks.com/unit42⁠⁠⁠⁠ Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠ Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠ YouTube: ⁠⁠⁠⁠@PaloAltoNetworksUnit42⁠⁠⁠⁠ Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠ About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. PALO ALTO NETWORKS Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠⁠http://paloaltonetworks.com⁠

Don’t miss out on the SecOps event of the year — Symphony 2024 on April 17-18. Join industry leaders, tech visionaries, and cybersecurity professionals. See firsthand how AI, automation, and machine learning can empower your team to predict, detect, and respond to threats faster than ever. In this episode of Threat Vector, I had an engaging conversation with Madeline Sedgwick about the skills and methods necessary for understanding threat actor intent and behaviors. Madeline, a senior cyber research engineer and threat analyst, shared insights into how analyzing adversary behavior helps in anticipating threats and avoiding guesswork. We discussed the value of understanding both system dynamics and human behavior in cybersecurity, emphasizing that cyber adversaries are limited by the same laws of internet physics. Stay tuned to gain valuable insights into the evolving threat hunting and deterrence landscape. Join the conversation on our social media channels: Website: ⁠⁠⁠⁠https://www.paloaltonetworks.com/unit42⁠⁠⁠⁠ Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠ Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠ YouTube: ⁠⁠⁠⁠@PaloAltoNetworksUnit42⁠⁠⁠⁠ Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠ About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. PALO ALTO NETWORKS Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠⁠http://paloaltonetworks.com⁠

Don’t miss out on the SecOps event of the year — Symphony 2024 on April 17-18. Join industry leaders, tech visionaries, and cybersecurity professionals. See firsthand how AI, automation, and machine learning can empower your team to predict, detect, and respond to threats faster than ever. In this episode of Threat Vector, host David Moulton and guest John Huebner, an XSIAM Consultant at Palo Alto Networks, delve into the intricacies of managing threat intelligence feeds in cybersecurity. They discuss the challenges organizations face in sifting valuable intelligence from the noise, emphasizing the importance of risk assessments in guiding the selection and tuning of these feeds. John shares strategies for refining signal-to-noise ratios and the risks of neglecting feed updates, underlining the necessity of continuous management and adaptation in threat intelligence. The conversation highlights the dynamic nature of cyber threats and the critical role of proactive, tailored cybersecurity strategies. Join the conversation on our social media channels: Website: ⁠⁠⁠⁠https://www.paloaltonetworks.com/unit42⁠⁠⁠⁠ Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠ Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠ YouTube: ⁠⁠⁠⁠@PaloAltoNetworksUnit42⁠⁠⁠⁠ Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠ About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. PALO ALTO NETWORKS Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠⁠http://paloaltonetworks.com⁠

Don’t miss out on the SecOps event of the year — Symphony 2024 on April 17-18. Join industry leaders, tech visionaries, and cybersecurity professionals. See firsthand how AI, automation, and machine learning can empower your team to predict, detect, and respond to threats faster than ever. Join host David Moulton and cybersecurity expert Sama Manchanda in this enlightening episode of Threat Vector. Sama, a consultant with Unit 42, shares her unexpected journey into the world of cybersecurity, reflecting on how an elective course transformed her career trajectory. The conversation delves into the dynamic and fast-evolving nature of cybersecurity, underscoring the constant emergence of new threats and trends. Sama provides an in-depth analysis of various social engineering tactics like phishing, vishing, and smishing, illuminating how attackers craft these deceptions to target individuals and organizations. She underscores the importance of detailed reconnaissance and tailored strategies in executing these attacks, offering insights into the meticulous planning that goes into such exploits. Furthermore, the podcast explores the defensive side of cybersecurity. Sama emphasizes the crucial role of awareness, training, and fostering a security-conscious culture within organizations. She discusses the significance of reporting and addressing security breaches promptly to mitigate potential damages. This episode is a must-listen for anyone interested in understanding the intricacies of cybersecurity, from the perspective of both attackers and defenders. Stay secure and vigilant with these expert insights into the ever-evolving landscape of digital threats. Join the conversation on our social media channels: Website: ⁠⁠⁠https://www.paloaltonetworks.com/unit42⁠⁠⁠ Threat Research: ⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠ Facebook: ⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠ LinkedIn: ⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠ YouTube: ⁠⁠⁠@PaloAltoNetworksUnit42⁠⁠⁠ Twitter: ⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠ About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. PALO ALTO NETWORKS Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠⁠http://paloaltonetworks.com⁠

Don’t miss out on the SecOps event of the year — Symphony 2024 on April 17-18. Join industry leaders, tech visionaries, and cybersecurity professionals. See firsthand how AI, automation, and machine learning can empower your team to predict, detect, and respond to threats faster than ever. In the ever-evolving world of cybersecurity, it's crucial to stay ahead of emerging threats. Join David Moulton, Director of Thought Leadership for Unit 42, in a riveting conversation with Matt Kraning, CTO of the Cortex Xpanse Team, as they dive into the latest Attack Surface Threat Report. This podcast episode unveils the startling fact that 20% of the cloud changes every month, leaving organizations vulnerable to unforeseen risks. Matt's team has the remarkable ability to scan the entire internet, uncovering weaknesses and vulnerabilities that plague organizations. They shed light on the most worrisome problems facing large organizations in today's digital landscape. Please share your thoughts with us for future Threat Vector segments by taking our ⁠⁠brief survey⁠⁠. Join the conversation on our social media channels: Website: ⁠⁠https://www.paloaltonetworks.com/unit42⁠⁠ Threat Research: ⁠⁠https://unit42.paloaltonetworks.com/⁠⁠ Facebook: ⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠ LinkedIn: ⁠⁠https://www.linkedin.com/company/unit42/⁠⁠ YouTube: ⁠⁠@PaloAltoNetworksUnit42⁠⁠ Twitter: ⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠ About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. PALO ALTO NETWORKS Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠⁠http://paloaltonetworks.com⁠

Don’t miss out on the SecOps event of the year — Symphony 2024 on April 17-18. Join industry leaders, tech visionaries, and cybersecurity professionals. See firsthand how AI, automation, and machine learning can empower your team to predict, detect, and respond to threats faster than ever. In this episode of "Threat Vector," hosted by David Moulton, Director of Thought Leadership for Unit 42, Kate Naunheim, Cyber Risk Management Director at Unit 42, discusses the new cybersecurity regulations introduced by the US Securities and Exchange Commission (SEC). To delve further into this topic, join the Unit 42 team for a webinar on November 9, 2023, "The Ransomware Landscape: Threats Driving the SEC Rule and Other Regulations." Join the conversation on our social media channels: Website: ⁠⁠⁠https://www.paloaltonetworks.com/unit42⁠⁠⁠ Threat Research: ⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠ Facebook: ⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠ LinkedIn: ⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠ YouTube: ⁠⁠⁠@PaloAltoNetworksUnit42⁠⁠⁠ Twitter: ⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠ About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. PALO ALTO NETWORKS Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠⁠http://paloaltonetworks.com⁠

Don’t miss out on the SecOps event of the year — Symphony 2024 on April 17-18. Join industry leaders, tech visionaries, and cybersecurity professionals. See firsthand how AI, automation, and machine learning can empower your team to predict, detect, and respond to threats faster than ever. Dive deep into the elusive world of insider threats with our latest episode of Threat Vector. Join host David Moulton as he engages in a riveting conversation with Chris Tillett, a senior research engineer at Palo Alto Networks. Uncover the hidden motivations behind insider threats, learn about behavioral patterns to identify potential risks, and gain insights into safeguarding your organization's digital assets. Join the conversation on our social media channels: Website: ⁠⁠https://www.paloaltonetworks.com/unit42⁠⁠ Threat Research: ⁠⁠https://unit42.paloaltonetworks.com/⁠⁠ Facebook: ⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠ LinkedIn: ⁠⁠https://www.linkedin.com/company/unit42/⁠⁠ YouTube: ⁠⁠@PaloAltoNetworksUnit42⁠⁠ Twitter: ⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠ About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. PALO ALTO NETWORKS Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com⁠

Catch Wendi Whitmore, SVP and leader for Unit 42, at Symphony on April 17-18, where she will share an in-depth exploration of the rapidly changing cyber threat landscape, drawing from her extensive experience guiding organizations across the globe through complex cybersecurity challenges. In this conversation, David Moulton from Unit 42 discusses the evolving threat landscape with Wendi Whitmore, SVP of Unit 42. Wendi highlights the increasing scale, sophistication, and speed of cyberattacks, with examples like the recent Clop ransomware incident, and emphasizes that attackers, including nation-state actors and cybercriminals, are leveraging AI, particularly generative AI, to operate faster and more effectively, especially in social engineering tactics. To protect against these threats, businesses must focus on speed of response, automated integration of security tools, and operationalized capabilities and processes. The conversation underscores the importance of staying vigilant and leveraging technology to defend against the rapidly changing threat landscape. Theat Group Assessments https://unit42.paloaltonetworks.com/category/threat-briefs-assessments/ Please share your thoughts with us for future Threat Vector segments by taking our ⁠brief survey⁠. Join the conversation on our social media channels: Website: ⁠⁠https://www.paloaltonetworks.com/unit42⁠⁠ Threat Research: ⁠⁠https://unit42.paloaltonetworks.com/⁠⁠ Facebook: ⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠ LinkedIn: ⁠⁠https://www.linkedin.com/company/unit42/⁠⁠ YouTube: ⁠⁠@PaloAltoNetworksUnit42⁠⁠ Twitter: ⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠ About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. PALO ALTO NETWORKS Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com⁠

Discover a groundbreaking approach to incident response in our latest episode of Threat Vector. Chris Brewer, Director at Unit 42, delves into the world of "IR Sniping" – a deliberate and targeted methodology that accelerates investigation results. Explore the guiding principles, focused questions, and real-world applications that make "IR Sniping" a game-changer in the realm of cybersecurity. Tune in now for expert insights and strategies to enhance your incident response tactics! Watch Chris present on IR Sniping at CactusCon https://www.youtube.com/live/bPMAusbODK0?feature=share&t=20947 Please share your thoughts with us for future Threat Vector segments by taking our ⁠brief survey⁠. Join the conversation on our social media channels: Website: ⁠https://www.paloaltonetworks.com/unit42⁠ Threat Research: ⁠https://unit42.paloaltonetworks.com/⁠ Facebook: ⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠ LinkedIn: ⁠https://www.linkedin.com/company/unit42/⁠ YouTube: ⁠@PaloAltoNetworksUnit42⁠ Twitter: ⁠https://twitter.com/PaloAltoNtwks⁠ About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. PALO ALTO NETWORKS Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. http://paloaltonetworks.com

In this episode, join host David Moulton as he speaks with Stephanie Regan, a senior consultant at Unit 42. Stephanie, with a background in law enforcement, specializes in compromise assessment and incident response. Discover her insights into combating the Muddled Libra threat group and similar adversaries. Stephanie highlights the crucial role of reconnaissance in investigations and the importance of strong multi-factor authentication (MFA) to counter phishing and social engineering attacks. She delves into techniques like domain typo squatting and shares how domain monitoring can thwart attackers. Learn how Unit 42 assists clients in recovering from attacks, especially those by Muddled Libra. Stephanie emphasizes rapid response and coordination, including using out-of-band communications to outmaneuver threat actors. You can learn more about Muddled Libra at https://unit42.paloaltonetworks.com/muddled-libra/ where Kristopher was the lead author for the Threat Group Assessment: Muddled Libra. Please share your thoughts with us for future Threat Vector segments by taking our ⁠brief survey⁠. Join the conversation on our social media channels: Website: ⁠https://www.paloaltonetworks.com/unit42⁠ Threat Research: ⁠https://unit42.paloaltonetworks.com/⁠ Facebook: ⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠ LinkedIn: ⁠https://www.linkedin.com/company/unit42/⁠ YouTube: ⁠@PaloAltoNetworksUnit42⁠ Twitter: ⁠https://twitter.com/PaloAltoNtwks⁠ About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. PALO ALTO NETWORKS Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com⁠

In this episode, we plunge into the realm of Muddled Libra, an enigmatic and calculated threat actor group that sets its sights on vital industries like telecommunications, technology, and software automation. Joined by Kristopher Russo, Senior Threat Researcher at Unit 42, we unveil the group's tactics, techniques, and strategies, offering a glimpse into their world of cyber espionage. Kristopher's passion for combatting cybercriminals is evident as he shares insights into his journey, driven by a fascination with technology's dual nature – to empower and to destroy. Dive deep into the tactics that define Muddled Libra, as they exploit the 0ktapus phishing kit to craft believable authentication pages and manipulate victims through social engineering. As the episode concludes, Kristopher offers actionable recommendations for safeguarding your environment, from user training to intelligent security automation. Be prepared to face the ever-evolving landscape of cyber threats with knowledge and readiness. Stay tuned for the second part of our exploration, where we'll delve further into defending against Muddled Libra with Stephanie Reagan, Senior Consultant, Unit 42. Until then, heed the wisdom shared in this episode – stay secure, stay vigilant, and venture forth armed with insight. You can learn more about Muddled Libra at https://unit42.paloaltonetworks.com/muddled-libra/ where Kristopher was the lead author for the Threat Group Assessment: Muddled Libra. Please share your thoughts with us for future Threat Vector segments by taking our ⁠brief survey⁠. Join the conversation on our social media channels: Website: ⁠https://www.paloaltonetworks.com/unit42⁠ Threat Research: ⁠https://unit42.paloaltonetworks.com/⁠ Facebook: ⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠ LinkedIn: ⁠https://www.linkedin.com/company/unit42/⁠ YouTube: ⁠@PaloAltoNetworksUnit42⁠ Twitter: ⁠https://twitter.com/PaloAltoNtwks⁠ About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. PALO ALTO NETWORKS Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com⁠