Tag: backdoor
-
RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks
by
in SecurityNewsThe Russia-aligned threat actor known as RomCom has been linked to the zero-day exploitation of two security flaws, one in Mozilla Firefox and the other in Microsoft Windows, as part of attacks designed to deliver the eponymous backdoor on victim systems.”In a successful attack, if a victim browses a web page containing the exploit, an…
-
Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries
The China-linked threat actor known as Earth Estries has been observed using a previously undocumented backdoor called GHOSTSPIDER as part of its attacks targeting Southeast Asian telecommunications companies. Trend Micro, which described the hacking group as an aggressive advanced persistent threat (APT), said the intrusions also involved the use of another cross-platform backdoor dubbed First…
-
RomCom hackers chained Firefox and Windows zero-days to deliver backdoor
by
in SecurityNewsRussia-aligned APT group RomCom was behind attacks that leveraged CVE-2024-9680, a remote code execution flaw in Firefox, and CVE-2024-49039, an elevation of privilege … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/26/romcom-backdoor-cve-2024-9680-cve-2024-49039/
-
Salt Typhoon hackers backdoor telcos with new GhostSpider malware
The Chinese state-sponsored hacking group Salt Typhoon has been observed utilizing a new “GhostSpider” backdoor in attacks against telecommunication service providers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/salt-typhoon-hackers-backdoor-telcos-with-new-ghostspider-malware/
-
WolfsBane Chinesische Hacker bauen Backdoors in Linux ein
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/neue-linux-backdoor-wolfsbane-cybersecurity-bericht-a-b6f2d35625113cea670df3d992bcc192/
-
WolfsBane: Gelsemium APT Group’s Linux Backdoor Debut
ESET researchers have unveiled WolfsBane, the Linux counterpart to the Windows-based Gelsevirine backdoor, marking a significant milestone in the evolution of the Gelsemium Advanced Persistent Threat (APT) group. Known for... First seen on securityonline.info Jump to article: securityonline.info/wolfsbane-gelsemiums-linux-backdoor-debut/
-
1,000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole
PAN-PAN! Intruders inject web shell backdoors, crypto-coin miners, more First seen on theregister.com Jump to article: www.theregister.com/2024/11/22/palo_alto_firewalls_under_exploit/
-
Week in review: 0-days exploited in Palo Alto Networks firewalls, two unknown Linux backdoors identified
by
in SecurityNewsHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: 2,000 Palo Alto Networks devices compromised in latest attacks Attackers have … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/24/week-in-review-0-days-exploited-in-palo-alto-networks-firewalls-two-unknown-linux-backdoors-identified/
-
China-linked APT Gelsemium uses a new Linux backdoor dubbed WolfsBane
China-linked APT Gelsemium has been observed using a new Linux backdoor dubbed WolfsBane in attacks targeting East and Southeast Asia. China-linked APT Gelsemium has deployed a previously unknown Linux backdoor, WolfsBane, in attacks targeting East and Southeast Asia, according to ESET. Victims include entities in Taiwan, the Philippines, and Singapore, as seen in VirusTotal samples from…
-
Tickt in der frei verfügbaren Open-Source-Software eine Security-Zeitbombe?
by
in SecurityNewsOpen-Source: Meldungen, dass Cyberkriminelle Open-Source-Software mit gefährlichen Exploits oder Backdoors infiltrieren, häufen sich. Tickt in der frei verfügbaren Software eine Security-Zeitbombe? Wie können sich insbesondere Entwickler vor gefährlichen Backdoors oder Malware schützen? Netzpalaver hat zu dieser Fragestellung einige Statements aus der Netzpalaver-Community eingefangen, die sukzessive nachfolgend veröffentlicht werden. Statement von Harold Butzbach, Sysdig Statement […]…
-
DEF CON 32 The XZ Backdoor Story: The Undercover Op That Set the Internet on Fire
by
in SecurityNewsAuthors/Presenters: # Thomas Roccia Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/def-con-32-the-xz-backdoor-story-the-undercover-op-that-set-the-internet-on-fire/
-
1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole
PAN-PAN! Intruders inject web shell backdoors, crypto-coin miners, more First seen on theregister.com Jump to article: www.theregister.com/2024/11/22/palo_alto_firewalls_under_exploit/
-
Novel WolfsBane backdoor leveraged in Chinese attacks against Linux systems
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/novel-wolfsbane-backdoor-leveraged-in-chinese-attacks-against-linux-systems
-
Gelsemium-Hacker: ESET warnt vor neuen Linux-Backdoors
by
in SecurityNewsFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/gelsemium-hacker-eset-warnung-neuheit-linux-backdoors
-
Russian TAG-110 Hacked 60+ Users With HTML Loaded Python Backdoor
by
in SecurityNewsThe Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central Asia, East Asia, and Europe by deploying custom malware, HATVIBE and CHERRYSPY, to compromise government entities, human rights groups, and educational institutions. Initial access is typically gained through phishing or exploiting vulnerable web services, as the campaign’s goal is to…
-
Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations
by
in SecurityNewsEarth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India, Taiwan, and Japan, leveraging spear-phishing and exploiting vulnerabilities in public-facing applications like SSL-VPN and file storage services. The group has deployed various backdoors, including Cobalt Strike, LODEINFO, and the newly discovered NOOPDOOR, to maintain persistent access to compromised networks, which…
-
In Other News: Nvidia Fixes Critical Flaw, Chinese Linux Backdoor, New Details in WhatsApp-NSO Lawsuit
by
in SecurityNewsNoteworthy stories that might have slipped under the radar: Nvidia fixes vulnerability with rare ‘critical’ severity, Chinese APT’s first Linux backdoor, new details emerge from the WhatsApp-NSO lawsuit. The post In Other News: Nvidia Fixes Critical Flaw, Chinese Linux Backdoor, New Details in WhatsApp-NSO Lawsuit appeared first on SecurityWeek. First seen on securityweek.com Jump to…
-
Chinese APT Gelsemium Deploys ‘Wolfsbane’ Linux Variant
In a sign of the times, a backdoor malware whose ancestors date back to 2005 has morphed to target Linux systems. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/chinese-apt-gelsemium-wolfsbane-linux-variant
-
Chinese hackers target Linux with new WolfsBane malware
A new Linux backdoor called ‘WolfsBane’ has been discovered, believed to be a port of Windows malware used by the Chinese ‘Gelsemium’ hacking group. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-gelsemium-hackers-use-new-wolfsbane-linux-malware/
-
Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
by
in SecurityNewsThe China-aligned advanced persistent threat (APT) actor known as Gelsemium has been observed using a new Linux backdoor dubbed WolfsBane as part of cyber attacks likely targeting East and Southeast Asia.That’s according to findings from cybersecurity firm ESET based on multiple Linux samples uploaded to the VirusTotal platform from Taiwan, the Philippines, and Singapore in…
-
Researchers unearth two previously unknown Linux backdoors
by
in SecurityNewsESET researchers have identified multiple samples of two previously unknown Linux backdoors: WolfsBane and FireWood. The goal of the backdoors and tools discovered is … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/21/linux-backdoors-wolfsbane-firewood/
-
Rekoobe Backdoor In Open Directories Possibly Attacking TradingView Users
by
in SecurityNewsAPT31, using the Rekoobe backdoor, has been observed targeting TradingView, a popular financial platform, as researchers discovered malicious domains mimicking TradingView, suggesting a potential interest in compromising the platform’s user community. By analyzing shared SSH keys, investigators identified additional infrastructure linked to this campaign and another open directory, highlighting the evolving tactics employed by APT31…
-
African Reliance on Foreign Suppliers Boosts Insecurity Concerns
by
in SecurityNewsRecent backdoor implants and cyber-espionage attacks on their supply chains have African organizations looking to diversify beyond Chinese, American tech vendors. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/african-reliance-on-foreign-suppliers-boosts-insecurity
-
How to make open source software more secure
by
in SecurityNewsEarlier this year, a Microsoft developer realized that someone had inserted a backdoor into the code of open source utility XZ Utils, which is used in… First seen on techcrunch.com Jump to article: techcrunch.com/2024/11/01/how-to-make-open-source-software-more-secure/
-
LightSpy Spyware Operation Expands to Windows
The Chinese APT behind the LightSpy iOS backdoor has expanded its toolset with DeepData, a modular Windows-based surveillance framework. The post LightSpy Spyware Operation Expands to Windows appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/lightspy-ios-spyware-operation-expands-to-windows/
-
Blinded by Silence
by
in SecurityNews
Tags: access, antivirus, attack, backdoor, breach, control, credentials, crowdstrike, cybersecurity, data, defense, detection, edr, endpoint, exploit, extortion, firewall, github, malicious, malware, microsoft, mitre, monitoring, network, open-source, phone, ransomware, risk, service, siem, sophos, threat, tool, update, vulnerability, windowsBlinded by Silence: How Attackers Disable EDR Overview Endpoint Detection and Response systems (EDRs) are an essential part of modern cybersecurity strategies. EDR solutions gather and analyze data from endpoints to identify suspicious activities and provide real-time threat visibility. This allows security teams to respond quickly to incidents, investigate threats thoroughly, and mitigate the impact of…
-
Feds Warn of Godzilla Webshell Threats to Health Sector
by
in SecurityNewsStealthy Backdoor Publicly Available on GitHub Can Be Weaponized for Larger Attacks. Godzilla webshell, a Chinese-language backdoor known for its stealth and ability to execute commands and manipulate files, is now publicly available on GitHub, and federal authorities have issued a stern warning to the healthcare sector to prepare for this threat and inevitable cyberattacks.…
-
Iranian Cybercriminals Target Aerospace Workers via LinkedIn
by
in SecurityNewsThe group seeks out aerospace professionals by impersonating job recruiters, a demographic it has targeted in the past as well, then deploys the SlugResin backdoor malware. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iranian-cybercriminals-aerospace-workers-linkedin
-
Iranian Hackers Use “Dream Job” Lures to Deploy SnailResin Malware in Aerospace Attacks
by
in SecurityNewsThe Iranian threat actor known as TA455 has been observed taking a leaf out of a North Korean hacking group’s playbook to orchestrate its own version of the Dream Job campaign targeting the aerospace industry by offering fake jobs since at least September 2023.”The campaign distributed the SnailResin malware, which activates the SlugResin backdoor,” Israeli…
-
China’s infosec leads accuse Intel of NSA backdoor, cite chip security flaws
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/10/16/china_intel_chip_security/