Tag: backdoor
-
Novel Betruger backdoor deployed by RansomHub affiliate
Tags: backdoorFirst seen on scworld.com Jump to article: www.scworld.com/brief/novel-betruger-backdoor-deployed-by-ransomhub-affiliate
-
Researchers Uncover FIN7’s Stealthy Python-Based Anubis Backdoor
Researchers have recently discovered a sophisticated Python-based backdoor, known as the Anubis Backdoor, deployed by the notorious cybercrime group FIN7. This advanced threat actor, active since at least 2015, has been responsible for billions of dollars in damages globally, primarily targeting the financial and hospitality sectors. The Anubis Backdoor represents a significant evolution in FIN7’s…
-
RansomHub affiliate uses custom backdoor Betruger
Symantec researchers linked a custom backdoor, called Betruger, found in recent ransomware attacks to an affiliate of the RansomHub operation. Symantec’s Threat Hunter team has identified a custom backdoor, named Betruger, linked to a RansomHub affiliate. Designed for ransomware attacks, Betruger combines multiple functions into a single tool to minimize detection. It enables screenshot capture,…
-
Cisco Smart Licensing Utility flaws actively exploited in the wild
Experts warn of the active exploitation of two recently patched security vulnerabilities affecting Cisco Smart Licensing Utility. Cisco disclosed two vulnerabilities in its Smart Licensing Utility: CVE-2024-20439, a static credential backdoor, and CVE-2024-20440, an information disclosure flaw. Attackers can exploit the backdoor to access sensitive log files. While no active exploitation was initially observed, the…
-
Critical Cisco Smart Licensing Utility flaws now exploited in attacks
Attackers have started targeting Cisco Smart Licensing Utility (CSLU) instances unpatched against a vulnerability exposing a built-in backdoor admin account. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-cisco-smart-licensing-utility-flaws-now-exploited-in-attacks/
-
RansomHub Affiliate Deploys New Custom Backdoor “Betruger” for Persistent Access
Symantec’s Threat Hunter team has identified a sophisticated custom backdoor named >>Betruger
-
RansomHub ransomware uses new Betruger ‘multi-function’ backdoor
Security researchers have linked a new backdoor dubbed Betruger, deployed in several recent ransomware attacks, to an affiliate of the RansomHub operation. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ransomhub-ransomware-uses-new-betruger-multi-function-backdoor/
-
RansomHub affiliate leverages multi-function Betruger backdoor
A RansomHub affiliate is leveraging a new multi-function backdoor dubbed Betruger to perform various actions during their attacks, Symantec researchers have discovered. The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/20/ransomhub-affiliate-leverages-multi-function-betruger-backdoor/
-
New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors
Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code.”This technique enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions into seemingly innocent First seen on thehackernews.com Jump…
-
Tomcat PUT to active abuse as Apache deals with critical RCE flaw
Tags: apache, api, attack, authentication, backdoor, cve, cvss, data, encryption, exploit, flaw, malicious, rce, remote-code-execution, tactics, threat, update, vulnerability) exploit released for the flaw, CVE-2025-24813, just 30 hours after it was publicly disclosed.”A devastating new remote code execution (RCE) vulnerability is now actively exploited in the wild,” Wallarm said in a blog post. “Attackers need just one PUT API request to take over vulnerable Apache Tomcat servers.”PUT API requests are used to update…
-
China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation
Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union with a backdoor known as ANEL.The attack, detected by ESET in late August 2024, singled out a Central European diplomatic institute with lures related to Word Expo,…
-
Chinese Hackers Target European Diplomats with Malware
MirrorFace Expands Operations, Revives Anel Backdoor for Espionage. A threat actor associated with Chinese cyberespionage campaigns against Japan stepped outside its East Asian comfort zone to target a European organization with a refreshed set of hacking tools. A hacking group tracked as MirrorFace and Earth Kasha deployed a backdoor once exclusively used by APT10. First…
-
Not all cuts are equal: Security budget choices disproportionately impact risk
Tags: ai, application-security, attack, awareness, backdoor, breach, bug-bounty, business, ceo, ciso, cloud, compliance, container, control, cyber, cybersecurity, data, iam, identity, incident response, infrastructure, monitoring, phishing, risk, risk-management, service, software, strategy, technology, threat, tool, training, update, usa, vulnerability[Source: Splunk] As cyber threats evolve at an unprecedented pace, delaying essential technology upgrades can severely impact an organization. The newest technological updates are introduced to enhance an organization’s security offerings and directly address recently identified challenges.”Outdated systems lack new features and functionality that allow for more sophisticated offerings, like moving to the cloud,” Kirsty…
-
Transparency in UK-Apple backdoor hearing urged by US lawmakers, privacy advocates
First seen on scworld.com Jump to article: www.scworld.com/brief/transparency-in-uk-apple-backdoor-hearing-urged-by-us-lawmakers-privacy-advocates
-
New C++-Based IIS Malware Mimics cmd.exe to Evade Detection
A recent discovery by Palo Alto Networks’ Unit 42 has shed light on sophisticated malware targeting Internet Information Services (IIS) servers. This malware, developed in C++/CLI, a rare choice for malware authors, has been designed to mimic the behavior of cmd.exe to evade detection. The malware operates as a passive backdoor, integrating itself into the…
-
US Legislators Demand Transparency in Apple’s UK Backdoor Court Fight
A bipartisan delegation of US Congresspeople and Senators has asked the hearing between the UK government and Apple to be made public First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/us-legislators-transparency-apple/
-
UK Cybersecurity Weekly News Roundup 16 March 2025
Tags: access, apple, attack, backdoor, backup, compliance, control, cyber, cyberattack, cybercrime, cybersecurity, data, encryption, finance, firewall, government, group, hacking, insurance, law, lockbit, malicious, network, office, privacy, ransomware, regulation, risk, russia, service, software, virusWelcome to this week’s edition of our cybersecurity news roundup, bringing you the latest developments and insights from the UK and beyond. UK Government’s Stance on Encryption Raises Global Concerns The UK government has ordered Apple to provide backdoor access to iCloud users’ encrypted backups under the Investigatory Powers Act of 2016. This secret order…
-
AI development pipeline attacks expand CISOs’ software supply chain risk
Tags: access, ai, api, application-security, attack, backdoor, breach, business, ciso, cloud, container, control, cyber, cybersecurity, data, data-breach, detection, encryption, exploit, flaw, fortinet, government, infrastructure, injection, intelligence, LLM, malicious, malware, ml, network, open-source, password, penetration-testing, programming, pypi, risk, risk-assessment, russia, saas, sbom, service, software, supply-chain, threat, tool, training, vpn, vulnerabilitydevelopment pipelines are exacerbating software supply chain security problems.Incidents of exposed development secrets via publicly accessible, open-source packages rose 12% last year compared to 2023, according to ReversingLabs (RL).A scan of 30 of the most popular open-source packages found an average of six critical-severity and 33 high-severity flaws per package.Commercial software packages are also a…
-
Report on ransomware attacks on Fortinet firewalls also reveals possible defenses
Tags: access, attack, authentication, automation, backdoor, backup, ciso, control, credentials, cve, cybercrime, data, data-breach, defense, exploit, firewall, fortinet, group, infrastructure, Internet, lockbit, malicious, monitoring, network, password, radius, ransom, ransomware, risk, router, tactics, threat, tool, update, vpn, vulnerability, windowsSigns of intrusion: “This actor exhibits a distinct operational signature that blends elements of opportunistic attacks with ties to the LockBit ecosystem,” Forescout said in its analysis.”Mora_001’s relationship to the broader Lockbit’s ransomware operations underscores the increased complexity of the modern ransomware landscape where specialized teams collaborate to leverage complementary capabilities.”CISOs should note these consistent…
-
Apple Fights UK Over Encryption Backdoors as US Officials Warn of Privacy Violations
The British side reportedly said they would have to produce warrants for each individual data access request, so they will always have to be made as part of an investigation into serious crime. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-icloud-encryption-uk-us-privacy/
-
Chinese espionage group UNC3886 targets Juniper routers
Advanced persistent threat group UNC3886 deployed custom backdoors on end-of-life Juniper Networks routers, underscoring the need for timely patching and advanced security monitoring First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366620812/Chinese-espionage-group-UNC3886-targets-Juniper-routers
-
US lawmakers urge UK spy court to hold Apple ‘backdoor’ secret hearing in public
U.S. bipartisan lawmakers say the U.K. order gagging Apple from disclosing the demand is unconstitutional. First seen on techcrunch.com Jump to article: techcrunch.com/2025/03/14/us-lawmakers-urge-uk-spy-court-to-hold-apple-backdoor-secret-hearing-in-public/
-
In Other News: Swiss Breach Disclosure Rules, ESP32 Chip Backdoor Disputed, MassJacker
Noteworthy stories that might have slipped under the radar: Switzerland requires disclosure of critical infrastructure attacks, ESP32 chips don’t contain a backdoor, MassJacker cryptojacking malware. The post In Other News: Swiss Breach Disclosure Rules, ESP32 Chip Backdoor Disputed, MassJacker appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/in-other-news-swiss-breach-disclosure-rules-esp32-chip-backdoor-disputed-massjacker/
-
UK’s secret iCloud backdoor order triggers civil rights challenge
The U.K. government’s secret order to Apple demanding it backdoor the end-to-end encrypted version of its iCloud storage service has now been challenged by two civil rights groups, Liberty and Privacy International, which filed complaints Thursday. They called the order >>unacceptable and disproportionate>global consequences
-
The most notorious and damaging ransomware of all time
Tags: access, android, attack, backdoor, backup, banking, botnet, breach, communications, computer, control, credentials, cryptography, cyber, cybercrime, dark-web, data, defense, detection, email, encryption, endpoint, exploit, extortion, finance, flaw, framework, germany, google, government, group, hacker, hacking, healthcare, infection, infrastructure, international, jobs, korea, law, lazarus, leak, linux, malicious, malware, microsoft, mobile, msp, network, north-korea, office, open-source, oracle, password, phishing, phone, powershell, ransom, ransomware, russia, service, software, spam, switch, technology, threat, tool, ukraine, update, usa, virus, vulnerability, windowsConti: History: First appearing in May 2020, the Conti RaaS platform is considered the successor to the Ryuk ransomware. As of January 2021, Conti is believed to have infected over 150 organizations and earned millions of dollars for its criminal developers and their affiliates. At least three new versions have been found since its inception.How it works: Conti uses the…
-
Bluetooth- und WLAN-Chip ESP32 – Backdoor in Bluetooth-Chip betrifft eine Milliarde Geräte
Tags: backdoorFirst seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsluecke-esp32-chip-iot-geraete-a-67b4d0ab0bf289e4a247775d313dc7ef/
-
Juniper patches bug that let Chinese cyberspies backdoor routers
Juniper Networks has released emergency security updates to patch a Junos OS vulnerability exploited by Chinese hackers to backdoor routers for stealthy access. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/juniper-patches-bug-that-let-chinese-cyberspies-backdoor-routers-since-mid-2024/
-
Apple’s appeal against UK’s secret iCloud backdoor order must be held in public, rights groups urge
Privacy rights groups have called on Apple’s legal challenge to a secret U.K. government order asking it to backdoor an end-to-end encrypted (E2EE) version of its iCloud storage service to be heard in public, rather than behind closed doors. The existence of the order emerged via press reports last month. Apple went on to confirm…
-
New DCRat Campaign Uses YouTube Videos to Target Users
A new campaign involving the DCRat backdoor has recently been uncovered, leveraging YouTube as a primary distribution channel. Since the beginning of the year, attackers have been using the popular video-sharing platform to target users by creating fake or stolen accounts. These malicious actors upload videos that appear to offer cheats, cracks, game bots, and…