Palo Alto Networks’ Next-Generation CASB, which was announced, raises the bar in SaaS security to support today’s hybrid workplace. Next-Generation CASB was created to help enterprises allow safe SaaS adoption by automatically securing new apps.

Godzilla is a functionality-rich webshell that parses inbound HTTP POST requests, decrypts the data with a secret key, executes decrypted content to carry out additional functionality and returns the result via a HTTP response.

While analyzing an attack against a Middle Eastern telecommunications organization, we discovered a variant of an OilRig-associated tool we call RDAT using a novel email-based command and control (C2) channel that relied on a technique known as steganography to hide commands and data within bitmap images attached to emails.