Tag: backdoor
-
New FamousSparrow Malware Targets Hotels and Engineering Firms with Custom Backdoor
ESET researchers have uncovered new activity from the China-aligned APT group FamousSparrow, revealing two previously undocumented versions of their custom SparrowDoor backdoor. The group, thought to be inactive since 2022, compromised a US-based trade organization in the financial sector and a Mexican research institute in July 2024. The first variant closely resembles the CrowDoor malware…
-
New npm Malware Attack Infects Popular Ethereum Library with Backdoor
by
in SecurityNewsSecurity researchers at ReversingLabs have discovered a new malware campaign on the npm package repository, revealing a new… First seen on hackread.com Jump to article: hackread.com/npm-malware-infects-ethereum-library-with-backdoor/
-
New npm attack poisons local packages with backdoors
by
in SecurityNewsTwo malicious packages were discovered on npm (Node package manager) that covertly patch legitimate, locally installed packages to inject a persistent reverse shell backdoor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-npm-attack-poisons-local-packages-with-backdoors/
-
EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware
by
in SecurityNewsThe threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of malware families, including backdoors and information stealers such as Rhadamanthys and StealC.”In this attack, the threat actor manipulates .msc files and the Multilingual User Interface Path (MUIPath) to download and execute malicious…
-
New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations
The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad.The activity, observed in July 2024, marks the first time the hacking crew has deployed ShadowPad, a malware widely shared…
-
New Sophisticated Linux Backdoor Targets OT Systems via 0-Day RCE Exploit
by
in SecurityNewsResearchers at QiAnXin XLab have uncovered a sophisticated Linux-based backdoor dubbed OrpaCrab, specifically targeting industrial systems associated with ORPAK, a company involved in gas stations and oil transportation. The malware, which was uploaded to VirusTotal in January 2024 from the U.S., employs advanced techniques to evade detection and maintain persistence on compromised systems. Exploitation of…
-
Novel Betruger backdoor deployed by RansomHub affiliate
by
in SecurityNews
Tags: backdoorFirst seen on scworld.com Jump to article: www.scworld.com/brief/novel-betruger-backdoor-deployed-by-ransomhub-affiliate
-
Researchers Uncover FIN7’s Stealthy Python-Based Anubis Backdoor
by
in SecurityNewsResearchers have recently discovered a sophisticated Python-based backdoor, known as the Anubis Backdoor, deployed by the notorious cybercrime group FIN7. This advanced threat actor, active since at least 2015, has been responsible for billions of dollars in damages globally, primarily targeting the financial and hospitality sectors. The Anubis Backdoor represents a significant evolution in FIN7’s…
-
RansomHub affiliate uses custom backdoor Betruger
by
in SecurityNewsSymantec researchers linked a custom backdoor, called Betruger, found in recent ransomware attacks to an affiliate of the RansomHub operation. Symantec’s Threat Hunter team has identified a custom backdoor, named Betruger, linked to a RansomHub affiliate. Designed for ransomware attacks, Betruger combines multiple functions into a single tool to minimize detection. It enables screenshot capture,…
-
Cisco Smart Licensing Utility flaws actively exploited in the wild
by
in SecurityNewsExperts warn of the active exploitation of two recently patched security vulnerabilities affecting Cisco Smart Licensing Utility. Cisco disclosed two vulnerabilities in its Smart Licensing Utility: CVE-2024-20439, a static credential backdoor, and CVE-2024-20440, an information disclosure flaw. Attackers can exploit the backdoor to access sensitive log files. While no active exploitation was initially observed, the…
-
Critical Cisco Smart Licensing Utility flaws now exploited in attacks
by
in SecurityNewsAttackers have started targeting Cisco Smart Licensing Utility (CSLU) instances unpatched against a vulnerability exposing a built-in backdoor admin account. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-cisco-smart-licensing-utility-flaws-now-exploited-in-attacks/
-
RansomHub Affiliate Deploys New Custom Backdoor “Betruger” for Persistent Access
by
in SecurityNewsSymantec’s Threat Hunter team has identified a sophisticated custom backdoor named >>Betruger
-
RansomHub ransomware uses new Betruger ‘multi-function’ backdoor
by
in SecurityNewsSecurity researchers have linked a new backdoor dubbed Betruger, deployed in several recent ransomware attacks, to an affiliate of the RansomHub operation. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ransomhub-ransomware-uses-new-betruger-multi-function-backdoor/
-
RansomHub affiliate leverages multi-function Betruger backdoor
by
in SecurityNewsA RansomHub affiliate is leveraging a new multi-function backdoor dubbed Betruger to perform various actions during their attacks, Symantec researchers have discovered. The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/20/ransomhub-affiliate-leverages-multi-function-betruger-backdoor/
-
New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors
by
in SecurityNewsCybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code.”This technique enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions into seemingly innocent First seen on thehackernews.com Jump…
-
Tomcat PUT to active abuse as Apache deals with critical RCE flaw
by
in SecurityNews
Tags: apache, api, attack, authentication, backdoor, cve, cvss, data, encryption, exploit, flaw, malicious, rce, remote-code-execution, tactics, threat, update, vulnerability) exploit released for the flaw, CVE-2025-24813, just 30 hours after it was publicly disclosed.”A devastating new remote code execution (RCE) vulnerability is now actively exploited in the wild,” Wallarm said in a blog post. “Attackers need just one PUT API request to take over vulnerable Apache Tomcat servers.”PUT API requests are used to update…
-
China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation
Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union with a backdoor known as ANEL.The attack, detected by ESET in late August 2024, singled out a Central European diplomatic institute with lures related to Word Expo,…
-
Chinese Hackers Target European Diplomats with Malware
by
in SecurityNewsMirrorFace Expands Operations, Revives Anel Backdoor for Espionage. A threat actor associated with Chinese cyberespionage campaigns against Japan stepped outside its East Asian comfort zone to target a European organization with a refreshed set of hacking tools. A hacking group tracked as MirrorFace and Earth Kasha deployed a backdoor once exclusively used by APT10. First…
-
Not all cuts are equal: Security budget choices disproportionately impact risk
by
in SecurityNews
Tags: ai, application-security, attack, awareness, backdoor, breach, bug-bounty, business, ceo, ciso, cloud, compliance, container, control, cyber, cybersecurity, data, iam, identity, incident response, infrastructure, monitoring, phishing, risk, risk-management, service, software, strategy, technology, threat, tool, training, update, usa, vulnerability[Source: Splunk] As cyber threats evolve at an unprecedented pace, delaying essential technology upgrades can severely impact an organization. The newest technological updates are introduced to enhance an organization’s security offerings and directly address recently identified challenges.”Outdated systems lack new features and functionality that allow for more sophisticated offerings, like moving to the cloud,” Kirsty…
-
Transparency in UK-Apple backdoor hearing urged by US lawmakers, privacy advocates
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/transparency-in-uk-apple-backdoor-hearing-urged-by-us-lawmakers-privacy-advocates
-
New C++-Based IIS Malware Mimics cmd.exe to Evade Detection
A recent discovery by Palo Alto Networks’ Unit 42 has shed light on sophisticated malware targeting Internet Information Services (IIS) servers. This malware, developed in C++/CLI, a rare choice for malware authors, has been designed to mimic the behavior of cmd.exe to evade detection. The malware operates as a passive backdoor, integrating itself into the…
-
US Legislators Demand Transparency in Apple’s UK Backdoor Court Fight
by
in SecurityNewsA bipartisan delegation of US Congresspeople and Senators has asked the hearing between the UK government and Apple to be made public First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/us-legislators-transparency-apple/
-
UK Cybersecurity Weekly News Roundup 16 March 2025
by
in SecurityNews
Tags: access, apple, attack, backdoor, backup, compliance, control, cyber, cyberattack, cybercrime, cybersecurity, data, encryption, finance, firewall, government, group, hacking, insurance, law, lockbit, malicious, network, office, privacy, ransomware, regulation, risk, russia, service, software, virusWelcome to this week’s edition of our cybersecurity news roundup, bringing you the latest developments and insights from the UK and beyond. UK Government’s Stance on Encryption Raises Global Concerns The UK government has ordered Apple to provide backdoor access to iCloud users’ encrypted backups under the Investigatory Powers Act of 2016. This secret order…
-
AI development pipeline attacks expand CISOs’ software supply chain risk
by
in SecurityNews
Tags: access, ai, api, application-security, attack, backdoor, breach, business, ciso, cloud, container, control, cyber, cybersecurity, data, data-breach, detection, encryption, exploit, flaw, fortinet, government, infrastructure, injection, intelligence, LLM, malicious, malware, ml, network, open-source, password, penetration-testing, programming, pypi, risk, risk-assessment, russia, saas, sbom, service, software, supply-chain, threat, tool, training, vpn, vulnerabilitydevelopment pipelines are exacerbating software supply chain security problems.Incidents of exposed development secrets via publicly accessible, open-source packages rose 12% last year compared to 2023, according to ReversingLabs (RL).A scan of 30 of the most popular open-source packages found an average of six critical-severity and 33 high-severity flaws per package.Commercial software packages are also a…
-
Report on ransomware attacks on Fortinet firewalls also reveals possible defenses
by
in SecurityNews
Tags: access, attack, authentication, automation, backdoor, backup, ciso, control, credentials, cve, cybercrime, data, data-breach, defense, exploit, firewall, fortinet, group, infrastructure, Internet, lockbit, malicious, monitoring, network, password, radius, ransom, ransomware, risk, router, tactics, threat, tool, update, vpn, vulnerability, windowsSigns of intrusion: “This actor exhibits a distinct operational signature that blends elements of opportunistic attacks with ties to the LockBit ecosystem,” Forescout said in its analysis.”Mora_001’s relationship to the broader Lockbit’s ransomware operations underscores the increased complexity of the modern ransomware landscape where specialized teams collaborate to leverage complementary capabilities.”CISOs should note these consistent…
-
Apple Fights UK Over Encryption Backdoors as US Officials Warn of Privacy Violations
by
in SecurityNewsThe British side reportedly said they would have to produce warrants for each individual data access request, so they will always have to be made as part of an investigation into serious crime. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-icloud-encryption-uk-us-privacy/
-
Chinese espionage group UNC3886 targets Juniper routers
by
in SecurityNewsAdvanced persistent threat group UNC3886 deployed custom backdoors on end-of-life Juniper Networks routers, underscoring the need for timely patching and advanced security monitoring First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366620812/Chinese-espionage-group-UNC3886-targets-Juniper-routers
-
US lawmakers urge UK spy court to hold Apple ‘backdoor’ secret hearing in public
by
in SecurityNewsU.S. bipartisan lawmakers say the U.K. order gagging Apple from disclosing the demand is unconstitutional. First seen on techcrunch.com Jump to article: techcrunch.com/2025/03/14/us-lawmakers-urge-uk-spy-court-to-hold-apple-backdoor-secret-hearing-in-public/
-
In Other News: Swiss Breach Disclosure Rules, ESP32 Chip Backdoor Disputed, MassJacker
by
in SecurityNewsNoteworthy stories that might have slipped under the radar: Switzerland requires disclosure of critical infrastructure attacks, ESP32 chips don’t contain a backdoor, MassJacker cryptojacking malware. The post In Other News: Swiss Breach Disclosure Rules, ESP32 Chip Backdoor Disputed, MassJacker appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/in-other-news-swiss-breach-disclosure-rules-esp32-chip-backdoor-disputed-massjacker/