backdoor

The blockchain needs to choose – to lose all the money of investors or to continue to keep silent about the threat to capital? Cosmos Hub, one of the largest decentralized projects, was at the center of a scandal: specialists from North Korea could develop its Liquid Staking Module (LSM)...

SSH connection is a checkpoint for the entry of uninvited guests. Researchers from ASEC have identified new attacks targeting poorly protected Linux SSH servers. In them, the hackers used the Supershell malware, written in the Go language. This backdoor provides attackers with remote control...

North Korean hackers have turned recruiting into a cyber weapon against the United States. In June 2024, Mandiant Managed Defense specialists discovered the UNC2970 cyberespionage group, which is associated with North Korea. Later that month, Mandiant experts recorded phishing attacks in which...

A poorly studied malware leaves no chance for specialists to study. Trend Micro specialists have discovered a new multi-platform backdoor KTLVdoor from the Chinese group Earth Lusca. KTLVdoor is developed in Golang and has versions for Windows and Linux. The previously unknown malware is...

In a new report, Proofpoint researchers uncover a malicious campaign to distribute a previously undocumented Voldemort backdoor to organizations around the world, acting under the guise of US, European, and Asian tax authorities. The campaign has been active since at least August 5, 2024 and...

The new malware uses a non-standard method of communication. As a result of a cyberattack on one of the universities in Taiwan, a previously unknown malicious program was identified, which was tentatively named Backdoor.Msupedge. The program is distinguished by a unique method of communication...

Cybersecurity researchers have discovered a previously unknown Windows backdoor that uses the Background Intelligent Transfer Service (BITS) to receive commands (C2). The malware has been dubbed BITSLOTH. The backdoor was first spotted by Elastic Security Labs on June 25, 2024. At the time, it...

The education sector is becoming a favorite target of cybercriminals. On July 10, an unnamed private school was attacked by the ransomware group Rhysida, which uses a new version of Oyster Backdoor, also known as Broomstick. This updated version of Oyster was first discovered by Rapid7 at the...

Earlier this month, Kaspersky Lab security solutions repelled two waves of malicious mailings to Russian organizations – government agencies, manufacturing companies, financial institutions, and energy companies. In total, the experts counted about 1,000 recipient addresses. The analysis showed...

Classic cell phones of the Russian brand Digma were infected with malware. Mobile phones do not support the installation of applications – dangerous software may have been integrated into them at one of the production stages. In Russia, Digma cell phones occupy almost 6% of the market, and their...

In some models of D-Link wireless routers, a backdoor (CVE-2024-6045) has been identified that allows an unauthorized user from the local network to activate the telnet service on the device, which provides access to the system with administrator rights, using the username and password saved in...

For years, the malware has been mistaken for variations of other programs, but is this spyware really that simple? Security researchers from Trend Micro recently identified a new type of malware called "Noodle RAT" that Chinese-speaking hacker groups are actively using to attack Windows and...

The backdoor allows you to execute commands remotely and collect data. The expert center Positive Technologies (PT ESC) has identified a previously unknown backdoor written in the Go language, which is used by the cybercrime group ExCobalt to attack Russian organizations. In March 2024, during...

Lasse Collin, the author and maintainer of the xz project, who recently granted rights to the second maintainer of Jia Tan, whose activities led to the introduction of the backdoor, published corrective releases of the XZ Utils package 5.2.13, 5.4.7 and 5.6.2, which removed the backdoor...

CVE-2024-3094 has finally been fixed in version 5.6.2. Exactly two months ago, cyberspace was shaken by the release of an urgent warning regarding malicious code in XZ Utils, which turned out to be a backdoor added by an attacker under the pseudonym Jia Tan. Presumably, a Chinese hacker, or...

Было замечено, что группа Kimsuky (она же Springtail) advanced persistent threat (APT), которая связана с Генеральным бюро разведки Северной Кореи (RGB), внедрила Linux-версию своего бэкдора GoBear backdoor в рамках кампании, нацеленной на южнокорейские организации. Бэкдор под кодовым названием...

The clever tactics of scammers mislead even experienced professionals. On April 17, Zscaler revealed a malicious software distribution campaign targeting IT professionals. This campaign uses deceptive advertising of popular network utilities to introduce a new backdoor called MadMxShell. The...

How did hackers manage to bypass the protection of one of the largest companies in the United States? At the end of last year, a major American automaker, whose name was not disclosed, was the victim of a targeted attack carried out by the hacker group FIN7. According to researchers from the...

How long will it take security researchers to identify projects affected by the February compromise? A recent discovery by Phylum researchers sheds light on a major security challenge facing the open source software community. As it turned out, the liblzma-sys package, widely used by Rust...

The hackers plans have gone to waste, and now the developer community is fully prepared. Binarly, a software security company, has developed a free online scanner to identify Linux files affected by the XZ Utils supply chain attack, designated CVE-2024-3094. CVE-2024-3094 represents a supply...