April 3, 2024 at 07:12AM An XZ Utils backdoor, reminiscent of a 2020 F-Droid attempt, highlighted the trend of targeting open source software. Jia Tan, posing as a legitimate developer, embedded a backdoor for remote code execution via Linux systems. Collin’s investigation promises more details, as experts predict further supply chain attacks in open source … Read more
February 15, 2024 at 10:52AM The Russia-sponsored APT group Turla launched a cyberespionage campaign targeting Polish NGOs, using a new backdoor named “TinyTurla-NG” with modular capabilities. The backdoor allows execution of PowerShell and Windows Command Line Interface commands, and a new implant, TurlaPower-NG, for exfiltrating files. Turla also employs old tactics like compromised WordPress-based websites … Read more
February 13, 2024 at 08:27AM Ivanti VPN vulnerability exploited to deploy new ‘DSLog’ backdoor, allowing command execution, web request, and system log theft. SecurityWeek reported the backdoor’s use following the exploit. Based on the meeting notes, the discussion revolved around the deployment of a backdoor using a recent vulnerability in Ivanti VPN. This backdoor allows … Read more
February 12, 2024 at 11:32AM Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti products to deploy the DSLog backdoor, allowing remote command execution. The vulnerability, known as CVE-2024-21893, affects SAML components and enables bypassing authentication. Successful attacks have been reported, prompting the release of security updates to mitigate the risk. Key takeaways … Read more
February 2, 2024 at 03:09PM Security researchers have identified a new cyberattack using cracked copies of popular macOS software to distribute a backdoor. The campaign is notable for its sheer scale and novel payload delivery. It targets business users with titles of likely interest, potentially leading to a significant number of infections. The attack aims … Read more
January 26, 2024 at 04:04PM The threat actor remained undetected for over five years due to a sophisticated backdoor delivered through invisible adversary-in-the-middle attacks. It sounds like the meeting covered the discovery of a threat actor who went undetected for more than five years due to a sophisticated backdoor delivered through invisible adversary-in-the-middle attacks. This … Read more
January 25, 2024 at 11:38AM Cybersecurity researchers uncovered an updated version of the backdoor malware LODEINFO distributed through spear-phishing attacks. Its capabilities include executing shellcode, taking screenshots, and exfiltrating files to an actor-controlled server. The Chinese nation-state actor Stone Panda is behind the backdoor, with attacks targeting Japan since 2021. Notable changes in the latest … Read more
January 5, 2024 at 08:42AM Security researchers have uncovered SpectralBlur, a new macOS backdoor linked to the North Korean malware family KandyKorn. The malware, with capabilities such as file manipulation and communication with the command-and-control server, shares similarities with KandyKorn. It is believed to be another addition to the arsenal of Lazarus, a prominent North … Read more
December 14, 2023 at 11:00AM Cybersecurity researchers have found 116 malicious packages in the Python Package Index repository infecting Windows and Linux systems, targeting around 10,000 downloads since May 2023. Attackers employ various techniques to bundle malicious code, mainly aiming to compromise hosts with backdoor malware, including W4SP Stealer and clipper malware. Python developers are … Read more
October 24, 2023 at 03:55PM Russian state and industrial organizations have been targeted in a cyber attack using a custom Go-based backdoor. Kaspersky detected the campaign in June 2023 and later found a newer version of the backdoor, indicating ongoing optimization by the attackers. The threat actors behind the attack are unknown, but Kaspersky has … Read more