May 24, 2024 at 04:31PM Researchers at security firm Rapid7 discovered a backdoor in Justice AV Solutions (JAVS) audio-visual software used in over 10,000 courtrooms. The backdoor, suspected to be part of a supply chain attack, enabled attackers full system access. Rapid7 urges affected users to reinstall, reset credentials, and upgrade to a secure version … Read more
May 24, 2024 at 09:24AM Thousands of computers are at risk of complete takeover due to a backdoor injected into the Justice AV Solutions (JAVS) Viewer v8.3.7 installer distributed from official servers. The backdoor, discovered by Rapid7, provides attackers with full control over affected systems. Rapid7 recommends updating to version 8.3.8 and re-imaging affected endpoints … Read more
May 20, 2024 at 09:00AM Multiple threat actors are leveraging a design flaw in Foxit PDF Reader to deliver various malware, exploiting a security warning deception to execute harmful commands. Adobe Acrobat Reader is not susceptible to the exploit, contributing to its low detection rate. The malware-laced PDFs are being distributed via unconventional methods like … Read more
May 17, 2024 at 07:48AM Cyble has discovered a new Android banking trojan named Antidot, capable of stealing user credentials, recording conversations, and conducting overlay attacks to harvest victims’ data. The malware uses various tactics, such as posing as a fake Google Play update to obtain elevated permissions and perform remote control activities. It targets … Read more
May 16, 2024 at 12:05PM Security researchers discovered two new backdoors, LunarWeb and LunarMail, used to compromise a European government’s diplomatic institutions abroad. The malware, linked to the Russian state-sponsored hacker group Turla, has been active since 2020. The backdoors allow for prolonged surveillance, data theft, and control over compromised systems, posing a serious security … Read more
May 15, 2024 at 07:06AM Ebury, a sophisticated malware botnet, has compromised 400,000 Linux servers since 2009, with over 100,000 still affected as of late 2023. It is employed for various nefarious activities such as spam distribution, web traffic redirection, and credential theft, as well as cryptocurrency heists and credit card stealing. The threat actors … Read more
May 2, 2024 at 01:18AM The new malware, Cuttlefish, targets small office and home office (SOHO) routers to secretly monitor network traffic and gather authentication data from web requests. It can also hijack DNS and HTTP connections, exfiltrate data, and act as a proxy or VPN. The cybersecurity firm warns that it poses a serious … Read more
April 30, 2024 at 01:33PM JFrog researchers discovered large-scale malicious campaigns targeting Docker Hub, where 3.2 million repositories hosted spam, malware, and phishing content. Analyzing three years of activity, they identified 4.6 million imageless repositories, with 2.9 million used in the campaigns. The repositories were unusable but contained malicious payloads, including trojans and scams. All … Read more
April 24, 2024 at 05:27PM Attacks like those experienced by SolarWinds and CodeCov show that adversaries can employ social engineering to execute supply chain attacks, as demonstrated by the backdoor introduction in the XZ Utils open source utility. This incident, along with warnings from the Open Source Security Foundation, highlights the need for vigilance in … Read more
April 23, 2024 at 10:59AM North Korean hackers have exploited the eScan antivirus updating mechanism to plant backdoors on corporate networks. Using malware named GuptiMiner, they perform DNS requests, extract payloads, and exploit system-level privileges via eScan updates. The hackers have deployed various malware tools, including backdoors and a cryptocurrency miner. Avast researchers identified and … Read more