Tag: backdoor
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 40
by
in SecurityNewsSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure Unboxing Anubis: Exploring the Stealthy Tactics of FIN7’s Latest Backdoor Advancements in delivery: Scripting with Nietzsche Analyzing New HijackLoader Evasion Tactics Malicious Python…
-
Multiple backdoors spread through fake AI, business tools
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/multiple-backdoors-spread-through-fake-ai-business-tools
-
EU Pushes for Backdoors in EndEnd Encryption
by
in SecurityNewsEuropean Commission Demands Law Enforcement Access to Data. The European Commission’s ProtectEU strategy aims to overhaul internal security, proposing law enforcement access to encrypted data by 2026 and a roadmap to explore lawful encryption backdoors and enhanced intelligence-sharing between EU member states and agencies to combat rising cyber threats. First seen on govinfosecurity.com Jump to…
-
FIN7 Uses Python-Based Anubis Backdoor in Windows Attacks
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/fin7-uses-python-based-anubis-backdoor-in-windows-attacks
-
Anubis backdoor deployed in new Windows-targeted FIN7 attacks
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/anubis-backdoor-deployed-in-new-windows-targeted-fin7-attacks
-
EU: These are scary times let’s backdoor encryption!
by
in SecurityNewsProtectEU plan wants to have its cake and eat it too First seen on theregister.com Jump to article: www.theregister.com/2025/04/03/eu_backdoor_encryption/
-
Hersteller warnt: Gefährliche Cisco-Backdoor wird aktiv ausgenutzt
by
in SecurityNewsDurch die Backdoor erhalten Angreifer dank statischer Zugangsdaten Admin-Zugriff auf ein Lizenzierungstool für Cisco-Produkte. First seen on golem.de Jump to article: www.golem.de/news/hersteller-warnt-hacker-nutzen-eine-von-ciscos-backdoors-aus-2504-194970.html
-
Beware fake AutoCAD, SketchUp sites dropping malware
by
in SecurityNewsMalware peddlers are saddling users with the TookPS downloader and the Lapmon and TeviRat backdoors via malicious sites that mimic official ones and ostensibly offer … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/03/fake-autocad-sketchup-malware/
-
New advanced FIN7’s Anubis backdoor allows to gain full system control on Windows
by
in SecurityNewsFIN7 cybercrime group has been linked to Anubis, a Python-based backdoor that provides remote access to compromised Windows systems. The threat actor FIN7, also known as Savage Ladybug, has developed a new Python-based malware, named Anubis Backdoor, which allows attackers to gain full remote control over infected Windows systems. It executes shell commands and system…
-
Cisco warns of CSLU backdoor admin account used in attacks
by
in SecurityNewsCisco warns admins to patch a critical Cisco Smart Licensing Utility (CSLU) vulnerability, which exposes a built-in backdoor admin account now used in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-warns-of-cslu-backdoor-admin-account-used-in-attacks/
-
Unitree Go1: Gefährliche Backdoor in populärem Roboterhund entdeckt
by
in SecurityNewsEin Roboterhund aus China konnte mit einem bestimmten API-Key aus der Ferne gesteuert werden – mit erheblichen Risiken für Personen in der Nähe. First seen on golem.de Jump to article: www.golem.de/news/unitree-go1-gefaehrliche-backdoor-in-populaerem-roboterhund-entdeckt-2504-194933.html
-
FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites
The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis (not to be confused with an Android banking trojan of the same name) that can grant them remote access to compromised Windows systems.”This malware allows attackers to execute remote shell commands and other system operations, giving them full…
-
Hackers Could Unleash Chaos Through Backdoor in China-Made Robot Dogs
An undocumented remote access backdoor in the Unitree Go1 Robot Dog allows remote control over the tunnel network and use of the vision cameras to see through their eyes. The post Hackers Could Unleash Chaos Through Backdoor in China-Made Robot Dogs appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/undocumented-remote-access-backdoor-found-in-unitree-go1-robot-dog/
-
Apple devices are at ‘most risk’ in UK following government ‘backdoor’ order
by
in SecurityNewsHome Office refuses to answer questions from Lords over technical capability notice issued against Apple’s iCloud Advanced Data Protection encryption services First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366621785/Apple-devices-are-at-most-risk-in-UK-following-government-backdoor-order
-
New Phishing Attack Combines Vishing and DLL Sideloading Techniques
A new attack targeting Microsoft Teams users used vishing, remote access tools and DLL sideloading to deploy a JavaScript backdoor First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/phishing-attack-combines-vishing/
-
Hiding WordPress malware in the mu-plugins directory to avoid detection
Sucuri researchers spotted threat actors deploying WordPress malware in the mu-plugins directory to evade security checks. In February, Sucuri warned of threat actors exploiting WordPress mu-plugins, which auto-load without activation, to maintain persistence and evade detection by hiding backdoors in the plugin directory. >>Unlike regular plugins, must-use plugins are automatically loaded on every page load,…
-
Chinesische Hackergruppe UNC3886 – Cyberkriminelle platzieren Backdoors in Juniper-Routern
by
in SecurityNews
Tags: backdoorFirst seen on security-insider.de Jump to article: www.security-insider.de/unc3886-hackergruppe-kompromittiert-juniper-router-a-c17ad34944c943e2f7ee7c3d06b851ac/
-
Earth Alux Hackers Use VARGIET Malware to Target Organizations
by
in SecurityNewsA new wave of cyberattacks orchestrated by the advanced persistent threat (APT) group Earth Alux has been uncovered, revealing the use of sophisticated malware, including the VARGEIT backdoor, to infiltrate critical industries. Linked to China, Earth Alux has been targeting organizations across the Asia-Pacific (APAC) region and Latin America since 2023, focusing on sectors such…
-
Rootkit, Backdoor and Tunneler: Ivanti Malware Does It All
by
in SecurityNewsCISA Publishes Anatomy of Advanced Ivanti VPN Malware. Hackers using Trojans connected to a malware family deployed by Chinese nation-state hackers are actively exploiting a now-patched vulnerability in Ivanti Connect Secure appliances. The malware contains capabilities of a rootkit, dropper, backdoor, bootkit, proxy and tunneler. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/rootkit-backdoor-tunneler-ivanti-malware-does-all-a-27881
-
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
by
in SecurityNewsThe threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp.The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208.”The threat actor deploys payloads primarily by means…
-
Gamaredon Hackers Weaponize LNK Files to Deliver Remcos Backdoor
by
in SecurityNewsCisco Talos has uncovered an ongoing cyber campaign by the Gamaredon threat actor group, targeting Ukrainian users with malicious LNK files to deliver the Remcos backdoor. Active since at least November 2024, this campaign employs spear-phishing tactics, leveraging themes related to the Ukraine conflict to lure victims into executing the malicious files. The LNK files,…
-
Salt Typhoon may have upgraded backdoors for efficiency and evasion
by
in SecurityNewsCrowDoor and attributed to the Earth Estries APT group in November 2024.”GhostSparrow, aka Salt Typhoon (Microsoft), Earth Estries (Trend Micro), Ghost Emperor (Kaspersky Labs), and UNC2286 (Mandiant), has escalated cyber espionage, breaching US telecom networks and accessing data on over a million individuals. One of the key features ESET reported on the two previously unseen…
-
Gamaredon campaign abuses LNK files to distribute Remcos backdoor
by
in SecurityNewsCisco Talos is actively tracking an ongoing campaign, targeting users in Ukraine with malicious LNK files which run a PowerShell downloader since at least November 2024. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/gamaredon-campaign-distribute-remcos/
-
China’s FamousSparrow flies back into action, breaches US org after years off the radar
by
in SecurityNewsCrew also cooked up two fresh SparrowDoor backdoor variants, says ESET First seen on theregister.com Jump to article: www.theregister.com/2025/03/27/china_famoussparrow_back/
-
DeBackdoor: A Framework for Detecting Backdoor Attacks in Deep Learning Models
by
in SecurityNewsDeep learning models, increasingly integral to safety-critical systems like self-driving cars and medical devices, are vulnerable to stealthy backdoor attacks. These attacks involve injecting hidden triggers into models, causing them to misbehave when triggered. Researchers from the Qatar Computing Research Institute and the Mohamed bin Zayed University of Artificial Intelligence have developed DeBackdoor, a novel…
-
Chinese FamousSparrow hackers deploy upgraded malware in attacks
by
in SecurityNewsA China-linked cyberespionage group known as ‘FamousSparrow’ was observed using a new modular version of its signature backdoor ‘SparrowDoor’ against a US-based trade organization. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-famoussparrow-hackers-deploy-upgraded-malware-in-attacks/
-
Malicious npm packages found to create a backdoor in legitimate code
by
in SecurityNewsAttackers open a reverse shell: This payload is a reverse shell that uses the ssh2 client functionality from the original ethers-provider2 to establish an SSH connection to an attacker-controlled server. The ethers-provider2 ssh client code is modified to listen to certain messages from the server and turn into a reverse shell, meaning the server can…
-
New FamousSparrow Malware Targets Hotels and Engineering Firms with Custom Backdoor
ESET researchers have uncovered new activity from the China-aligned APT group FamousSparrow, revealing two previously undocumented versions of their custom SparrowDoor backdoor. The group, thought to be inactive since 2022, compromised a US-based trade organization in the financial sector and a Mexican research institute in July 2024. The first variant closely resembles the CrowDoor malware…
-
New npm Malware Attack Infects Popular Ethereum Library with Backdoor
by
in SecurityNewsSecurity researchers at ReversingLabs have discovered a new malware campaign on the npm package repository, revealing a new… First seen on hackread.com Jump to article: hackread.com/npm-malware-infects-ethereum-library-with-backdoor/