Tag: backdoor

Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor

Dec 5, 2024 2:48 PM

by

Andy Stern

in SecurityNews

Tags: android, backdoor, exploit, hacker, threat, windows

A previously undocumented threat activity cluster dubbed Earth Minotaur is leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs.”Earth Minotaur uses MOONSHINE to deliver the DarkNimbus backdoor to Android and Windows devices, targeting WeChat, and possibly making it a First seen on thehackernews.com…
Backdoor slips into popular code library, drains ~$155k from digital wallets

Dec 5, 2024 1:48 PM

by

Andy Stern

in SecurityNews

Tags: access, backdoor

Solana-web3.js code library drains private keys giving access to user wallets. First seen on arstechnica.com Jump to article: arstechnica.com/information-technology/2024/12/backdoor-slips-into-popular-code-library-drains-155k-from-digital-wallets/
Solana SDK backdoored to steal secrets, private keys

Dec 5, 2024 1:48 PM

by

Andy Stern

in SecurityNews

Tags: access, api, attack, backdoor, blockchain, ceo, cloud, credentials, crypto, data, malicious, phishing, programming, risk, software, supply-chain, unauthorized, update

The JavaScript-based software development kit (SDK) that allows developers to interact with the Solana Blockchain has suffered a supply chain attack aimed at crypto theft.Solana Web3.js library, which provides APIs for sending transactions, managing accounts, querying blockchain data, and interacting with smart contracts, was backdoored to retrieve private keys.The attack was first reported by Anza,…
Solana SDK backdoored for stealing secrets, private keys

Dec 5, 2024 12:48 PM

by

Andy Stern

in SecurityNews

Tags: access, api, attack, backdoor, blockchain, ceo, cloud, credentials, crypto, data, malicious, phishing, programming, risk, software, supply-chain, unauthorized, update

The JavaScript-based software development kit (SDK) that allows developers to interact with the Solana Blockchain has suffered a supply chain attack aimed at crypto theft.Solana Web3.js library, which provides APIs for sending transactions, managing accounts, querying blockchain data, and interacting with smart contracts, was backdoored to retrieve private keys.The attack was first reported by Anza,…
ANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against Japan

Dec 5, 2024 9:48 AM

by

Andy Stern

in SecurityNews

Tags: backdoor, china, phishing, spear-phishing, threat

The China-linked threat actor known as MirrorFace has been attributed to a new spear-phishing campaign mainly targeting individuals and organizations in Japan since June 2024.The aim of the campaign is to deliver backdoors known as NOOPDOOR (aka HiddenFace) and ANEL (aka UPPERCUT), Trend Micro said in a technical analysis.”An interesting aspect of this campaign is…
European law enforcement breaks high-end encryption app used by suspects

Dec 5, 2024 1:48 AM

by

Andy Stern

in SecurityNews

Tags: awareness, backdoor, ciso, communications, computing, crime, crimes, cryptography, data, defense, encryption, endpoint, exploit, flaw, group, hacker, infrastructure, international, jobs, law, malware, monitoring, service, technology, threat, tool, vulnerability

A group of European law enforcement agencies were able to crack a high-level encryption app that a group of suspects created to avoid law enforcement monitoring, according to a statement issued Tuesday by Europol. Europol, understandably, did not provide any specifics about how they broke the app, but encryption experts said that the most likely method…
Researchers Uncover Backdoor in Solana’s Popular Web3.js npm Library

Dec 4, 2024 11:50 AM

by

Andy Stern

in SecurityNews

Tags: attack, backdoor, crypto, cybersecurity, malicious, software, supply-chain

Cybersecurity researchers are alerting to a software supply chain attack targeting the popular @solana/web3.js npm library that involved pushing two malicious versions capable of harvesting users’ private keys with an aim to drain their cryptocurrency wallets.The attack has been detected in versions 1.95.6 and 1.95.7. Both these versions are no longer available for download from…
Venom Spider Spins Web of New Malware for MaaS Platform

Dec 3, 2024 8:48 PM

by

Andy Stern

in SecurityNews

Tags: backdoor, cybercrime, group, malware, threat, tool

A novel backdoor malware and a loader that customizes payload names for each victim have been added to the threat group’s cybercriminal tool set. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/venom-spider-malware-maas-platform
10 most critical LLM vulnerabilities

Dec 3, 2024 8:49 AM

by

Andy Stern

in SecurityNews

Tags: access, ai, api, application-security, attack, authentication, automation, awareness, backdoor, breach, business, compliance, control, corporate, credit-card, cybersecurity, data, data-breach, email, exploit, guide, injection, intelligence, jobs, leak, least-privilege, LLM, malicious, privacy, RedTeam, risk, sans, service, social-engineering, spam, strategy, supply-chain, technology, theft, threat, tool, training, unauthorized, update, vulnerability, zero-trust

Enterprise adoption of generative AI technologies has exploded in 2024 due to the rapid evolution of the technology and the emergence of a variety of business use cases. According to Menlo Ventures, AI spending surged to $13.8 billion this year, up six-fold from 2023, and 72% of US decision makers say they are expanding their…
Zscaler analysiert neue Backdoor-Bedrohung MadMxShell

Dec 1, 2024 7:27 PM

by

Andy Stern

in SecurityNews

Tags: backdoor, malware

Die Gefahr, die von dieser Malvertising-Kampagne ausgeht, zeigt ein hohes Maß an fortschrittlichen Taktiken, Techniken und Vorgehensweisen, die auf IT… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/zscaler-analysiert-neue-backdoor-bedrohung-madmxshell/a37271/
Iranische Angreifer missbrauchen Backdoor für SpearAngriffe

Dec 1, 2024 5:27 PM

by

Andy Stern

in SecurityNews

Tags: backdoor, cyberattack, malware, phishing, spear-phishing

In den meisten Beispielen erstellt BugSleep eine geplante Aufgabe mit demselben Namen wie die Mutex, die die Persistenz der Malware gewährleistet. Die… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/iranische-angreifer-missbrauchen-backdoor-fuer-phishing-angriffe/a37886/
MoustachedBouncer: Spionage gegen ausländische Diplomaten in Belarus

Dec 1, 2024 2:27 PM

by

Andy Stern

in SecurityNews

Tags: backdoor, mail

ige Spionage gegen Diplomaten, Nutzung von E-Mail-basierten C&C-Protokollen, modularen C++-Backdoors und Adversary-in-the-Middle (AitM)-Angriffen… K… First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/moustachedbouncer-spionage-gegen-auslaendische-diplomaten-in-belarus/
Sponsor mit Schnurrhaaren: Ballistic Bobcats Scan- und Strike-Backdoor

Dec 1, 2024 2:27 PM

by

Andy Stern

in SecurityNews

Tags: backdoor

First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/sponsor-mit-schnurrhaaren-ballistic-bobcats-scan-und-strike-backdoor/
Stealth Falcon fällt mit Deadglyph über den Nahen Osten her

Dec 1, 2024 2:27 PM

by

Andy Stern

in SecurityNews

Tags: backdoor

cher haben Deadglyph entdeckt, eine ausgeklügelte Backdoor, die von der berüchtigten Stealth Falcon-Gruppe zur Spionage im Nahen Osten eingesetzt wird… First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/stealth-falcon-fallt-mit-deadglyph-uber-den-nahen-osten-her/
Turla APT Exploits New Backdoors to Infiltrate the EU Ministry of Defense

Dec 1, 2024 1:19 AM

by

Andy Stern

in SecurityNews

Tags: apt, backdoor, defense, exploit

First seen on thefinalhop.com Jump to article: www.thefinalhop.com/turla-apt-exploits-new-backdoors-to-infiltrate-the-eu-ministry-of-defense/
Kimsuky APT Group Deploys New Linux Backdoor: Gomir

Dec 1, 2024 1:19 AM

by

Andy Stern

in SecurityNews

Tags: apt, backdoor, group, linux

First seen on thefinalhop.com Jump to article: www.thefinalhop.com/kimsuky-apt-group-deploys-new-linux-backdoor-gomir/
New Backdoor Used By Iranian State-Sponsored Group

Dec 1, 2024 12:18 AM

by

Andy Stern

in SecurityNews

Tags: backdoor, communications, government, group, intelligence, iran

The backdoor is being used for intelligence gathering campaigns against U.S. organizations in the government, communications equipment, oil and gas an… First seen on duo.com Jump to article: duo.com/decipher/new-backdoor-used-by-iranian-state-sponsored-group
New Backdoor Linked to Earth Lusca Threat Group

Dec 1, 2024 12:18 AM

by

Andy Stern

in SecurityNews

Tags: backdoor, group, linux, threat, windows

Researchers have uncovered a new backdoor called KTLVdoor, which is written in the Go language, has versions for targeting Windows and Linux and is li… First seen on duo.com Jump to article: duo.com/decipher/new-backdoor-linked-to-chinese-threat-group
Code found online exploits LogoFAIL to install Bootkitty Linux backdoor

Nov 29, 2024 11:28 PM

by

Andy Stern

in SecurityNews

Tags: backdoor, exploit, linux

Unearthed sample likely works against Linux devices from Acer, HP, Fujitsu, and Lenovo. First seen on arstechnica.com Jump to article: arstechnica.com/security/2024/11/code-found-online-exploits-logofail-to-install-bootkitty-linux-backdoor/
ANEL Backdoor Reactivated in Earth Kasha Cyber-Espionage Campaign

Nov 28, 2024 5:24 AM

by

Andy Stern

in SecurityNews

Tags: backdoor, cyber, espionage, group, phishing, spear-phishing

In June 2024, Trend Micro identified a new spear-phishing campaign targeting political organizations, research institutions, and think tanks in Japan. This operation, attributed to the cyber-espionage group Earth Kasha, marks... First seen on securityonline.info Jump to article: securityonline.info/anel-backdoor-reactivated-in-earth-kasha-cyber-espionage-campaign/
SMOKEDHAM Backdoor: UNC2465’s Stealth Weapon for Extortion and Ransomware Campaigns

Nov 28, 2024 5:24 AM

by

Andy Stern

in SecurityNews

Tags: backdoor, extortion, malicious, ransomware, threat, tool

A comprehensive analysis by TRAC Labs has shed light on the SMOKEDHAM backdoor, a malicious tool leveraged by the financially motivated threat actor UNC2465. Active since 2019, SMOKEDHAM plays a... First seen on securityonline.info Jump to article: securityonline.info/smokedham-backdoor-unc2465s-stealth-weapon-for-extortion-and-ransomware-campaigns/
Salt Typhoon’s surge extends far beyond US telcos

Nov 28, 2024 1:22 AM

by

Andy Stern

in SecurityNews

Tags: backdoor, cyber, spy

Plus, a brand-new backdoor, GhostSpider, is linked to the cyber-spy crew’s operations First seen on theregister.com Jump to article: www.theregister.com/2024/11/27/salt_typhoons_us_telcos/
Russian APT RomCom combines Firefox and Windows zero-day flaws in drive-by exploit

Nov 27, 2024 8:11 PM

by

Andy Stern

in SecurityNews

Tags: access, antivirus, apt, attack, backdoor, browser, business, computer, cve, cybercrime, cyberespionage, defense, endpoint, exploit, flaw, germany, government, group, insurance, intelligence, malicious, microsoft, msp, password, powershell, russia, software, threat, ukraine, vulnerability, windows, zero-day

A Russia-aligned group that engages in both cybercrime and cyberespionage operations used a zero-click exploit chain last month that combined previously unknown and unpatched vulnerabilities in Firefox and Windows.The campaign, whose goal was to deploy the group’s RomCom backdoor on computers, targeted users from Europe and North America. The APT group, also known as Storm-0978,…
Russian Hackers Exploit Firefox and Windows 0-Days to Deploy Backdoor

Nov 27, 2024 6:11 PM

by

Andy Stern

in SecurityNews

Tags: backdoor, browser, exploit, group, hacker, russia, windows, zero-day

Watch out for the Russian hackers from the infamous RomRom group, also known as Storm-0978, Tropical Scorpius, or UNC2596, and their use of a custom backdoor. First seen on hackread.com Jump to article: hackread.com/russian-hackers-firefox-windows-0-days-backdoor/
APT60 Exploits WPS Office Vulnerability to Deploy SpyGlace Backdoor

Nov 27, 2024 1:11 PM

by

Andy Stern

in CISO

Tags: apt, attack, backdoor, cyber, exploit, google, jobs, office, service, threat, vulnerability

The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor.That’s according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google Drive, Bitbucket, and StatCounter. The attack was carried out around August…
Hackers Exploit Firefox and Windows Flaws: RomCom’s Advanced Attack Unveiled

Nov 27, 2024 12:10 PM

by

Andy Stern

in SecurityNews

Tags: attack, backdoor, browser, cve, exploit, flaw, group, hacker, hacking, malicious, microsoft, russia, vulnerability, windows, zero-day

A Russia-aligned hacking group, known as RomCom (also identified as Storm-0978, Tropical Scorpius, or UNC2596), has successfully exploited two zero-day vulnerabilities”, one in Mozilla Firefox and another in Microsoft Windows Task Scheduler. These vulnerabilities, identified as CVE-2024-9680 and CVE-2024-49039, were chained together to allow the group to execute arbitrary code and install malicious backdoors on…
Russian APT Chained Firefox and Windows Zero-Days Against US and European Targets

Nov 27, 2024 11:10 AM

by

Andy Stern

in SecurityNews

Tags: apt, backdoor, browser, russia, windows, zero-day

The Russia-linked RomCom APT has been observed chaining two zero-days in Firefox and Windows for backdoor delivery. The post Russian APT Chained Firefox and Windows Zero-Days Against US and European Targets appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/russian-apt-chained-firefox-and-windows-zero-days-against-us-and-european-targets/
RomCom Hackers Exploits Windows Firefox Zero-Day in Advanced Cyberattacks

Nov 26, 2024 8:11 PM

by

Andy Stern

in SecurityNews

Tags: attack, backdoor, browser, cyber, cyberattack, exploit, group, hacker, hacking, microsoft, russia, vulnerability, windows, zero-day

In a new wave of cyberattacks, the Russia-aligned hacking group >>RomCom>The compromise chain is composed of a […] The post RomCom Hackers Exploits Windows & Firefox Zero-Day in Advanced Cyberattacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform. First seen on gbhackers.com Jump to article: gbhackers.com/romcom-hackers-exploits-windows-firefox-zero-day/
Chinese APT Hackers Using Multiple Tools And Vulnerabilities To Attack Telecom Orgs

Nov 26, 2024 6:10 PM

by

Andy Stern

in SecurityNews

Tags: apt, attack, backdoor, china, control, cyber, exploit, government, group, hacker, infrastructure, rat, tool, vulnerability

Earth Estries, a Chinese APT group, has been actively targeting critical sectors like telecommunications and government entities since 2023. They employ advanced techniques, including exploiting vulnerabilities, lateral movement, and deploying multiple backdoors like GHOSTSPIDER, SNAPPYBEE, and MASOL RAT, which have impacted Southeast Asia significantly. The group makes use of a sophisticated command and control infrastructure…
Aggressive Chinese APT Group Targets Governments with New Backdoors

Nov 26, 2024 2:10 PM

by

Andy Stern

in SecurityNews

Tags: apt, backdoor, china, detection, espionage, government, group, threat

A Trend Micro analysis of Earth Estries found that the Chinese threat actor is using new backdoors to avoid detection during espionage operations First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-apt-governments-backdoors/