backdoor

In some models of D-Link wireless routers, a backdoor (CVE-2024-6045) has been identified that allows an unauthorized user from the local network to activate the telnet service on the device, which provides access to the system with administrator rights, using the username and password saved in...

For years, the malware has been mistaken for variations of other programs, but is this spyware really that simple? Security researchers from Trend Micro recently identified a new type of malware called "Noodle RAT" that Chinese-speaking hacker groups are actively using to attack Windows and...

The backdoor allows you to execute commands remotely and collect data. The expert center Positive Technologies (PT ESC) has identified a previously unknown backdoor written in the Go language, which is used by the cybercrime group ExCobalt to attack Russian organizations. In March 2024, during...

Lasse Collin, the author and maintainer of the xz project, who recently granted rights to the second maintainer of Jia Tan, whose activities led to the introduction of the backdoor, published corrective releases of the XZ Utils package 5.2.13, 5.4.7 and 5.6.2, which removed the backdoor...

CVE-2024-3094 has finally been fixed in version 5.6.2. Exactly two months ago, cyberspace was shaken by the release of an urgent warning regarding malicious code in XZ Utils, which turned out to be a backdoor added by an attacker under the pseudonym Jia Tan. Presumably, a Chinese hacker, or...

Было замечено, что группа Kimsuky (она же Springtail) advanced persistent threat (APT), которая связана с Генеральным бюро разведки Северной Кореи (RGB), внедрила Linux-версию своего бэкдора GoBear backdoor в рамках кампании, нацеленной на южнокорейские организации. Бэкдор под кодовым названием...

The clever tactics of scammers mislead even experienced professionals. On April 17, Zscaler revealed a malicious software distribution campaign targeting IT professionals. This campaign uses deceptive advertising of popular network utilities to introduce a new backdoor called MadMxShell. The...

How did hackers manage to bypass the protection of one of the largest companies in the United States? At the end of last year, a major American automaker, whose name was not disclosed, was the victim of a targeted attack carried out by the hacker group FIN7. According to researchers from the...

How long will it take security researchers to identify projects affected by the February compromise? A recent discovery by Phylum researchers sheds light on a major security challenge facing the open source software community. As it turned out, the liblzma-sys package, widely used by Rust...

The hackers plans have gone to waste, and now the developer community is fully prepared. Binarly, a software security company, has developed a free online scanner to identify Linux files affected by the XZ Utils supply chain attack, designated CVE-2024-3094. CVE-2024-3094 represents a supply...

How did the attackers manage to outsmart the developer community? A hidden backdoor was recently discovered in the popular data compression utility XZ Utils, which is widely used on Linux systems. The issue identified as CVE-2024-3094 allows you to bypass OpenSSH authentication, which threatens...

The search for the culprit leads to unexpected conclusions. A hidden backdoor was discovered in the popular xz compression utility, which is widely used in most Linux distributions. This malicious code embedded in the utility package creates a critical threat to the supply chain, potentially...

In the XZ Utils package, which includes the liblzma library and utilities for working with compressed data in the "format.xz", revealed a backdoor (CVE-2024-3094) that allows intercepting and modifying data processed by applications associated with the liblzma library. The main target of the...

Are these additional features or a full-fledged spy tool? ReversingLabs specialists found a suspicious package in the NuGet package manager, presumably aimed at developers using the tools of the Chinese company Bozhon Precision Industry Technology, which specializes in the production of...

Thousands of crypto investors froze in anticipation of an answer, whether their assets suffered. The developers of Tornado Cash, a cryptocurrency mixer based on smart contracts, warned users who made deposits through IPFS gateways between January 1 and February 24 about potential fraud...

Undetected since 2014, the vulnerability allows you to hack devices through cookies. The Ivanti vulnerability, which was disclosed 2 years ago, still causes concern among specialists due to its mysterious origin. This is a code injection vulnerability CVE-2021-44529 (CVSS score: 9.8) in the...

Charming Kitten group hunts down the secrets of political experts: how do fake webinars help? The Middle East has been hit by a new wave of cyberattacks organized by the Iranian hacker group Charming Kitten, also known as APT35 CharmingCypress and Mint Sandstorm. Hackers are using a new...

A botched fix allowed hackers to inject a backdoor into the device's codebase. Hackers are exploiting an SSRF (Server-Side Request Forgery) vulnerability in Ivanti Connect Secure (ICS), Policy Secure (IPS), and ZTA products to deploy a new DSLog backdoor on vulnerable devices. Bug...

Applications with the Xamalicious malware have already been installed via Google Play more than 327,000 times. Analysts from the company McAfee have identified a new malicious backdoor for Android, called Xamalicious . According to experts, it was developed on the basis of the open mobile...

Hackers use the latest techniques to steal sensitive data. Indian government agencies and the defense industry have been targeted by a hacker attack that uses phishing and Rust-based malware for intelligence. The campaign, discovered in October 2023 and called Operation RusticWeb, was...