Tag: backdoor
-
Weaponized Go Package Module Let Attackers Gain Remote Access to Infected Systems
Tags: access, attack, backdoor, cyber, cybersecurity, malicious, open-source, software, supply-chain, threatIn a significant software supply chain attack, cybersecurity researchers uncovered a malicious Go package that impersonates the widely trusted BoltDB database module. The typosquat packagegithub.com/boltdb-go/bolt was found to include a backdoor enabling remote access to infected systems, allowing attackers to execute arbitrary commands. This discovery underscores the growing sophistication of threats targeting open-source ecosystems. The…
-
Chinese Hackers Attacking Linux Devices With New SSH Backdoor
A sophisticated cyber espionage campaign attributed to the Chinese hacking group DaggerFly has been identified, targeting Linux systems through an advanced Secure Shell (SSH) backdoor known as ELF/Sshdinjector.A!tr. This malware, part of a broader attack framework, compromises Linux-based network appliances and Internet-of-Things (IoT) devices, enabling data exfiltration and prolonged persistence within compromised environments. Discovered in…
-
22 New Mac Malware Families Seen in 2024
Nearly two dozen new macOS malware families were observed in 2024, including stealers, backdoors, downloaders and ransomware. The post 22 New Mac Malware Families Seen in 2024 appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/22-new-mac-malware-families-seen-in-2024/
-
Chinese cyberspies use new SSH backdoor in network device hacks
A Chinese hacking group is hijacking the SSH daemon on network appliances by injecting malware into the process for persistent access and covert operations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-cyberspies-use-new-ssh-backdoor-in-network-device-hacks/
-
Team82 stuft vermeintliche Hintertür in medizinischem Überwachungsmonitor als Schwachstelle ein
Am 30. Januar veröffentlichte die US-amerikanische Cybersicherheitsbehörde CISA eine Warnung, die durch eine Benachrichtigung der US-Arzneimittelbehörde (FDA) ergänzt wurde. Demnach enthalten der in China hergestellte medizinische Überwachungsmonitor Contec-CMS8000 sowie OEM-White-Label-Varianten eine Backdoor, die mit einer chinesischen IP-Adresse kommuniziert. Die Sicherheitsforscher von Team82, der Forschungsabteilung des Spezialisten für die Sicherheit von cyberphysischen Systemen (CPS) Claroty, untersuchten…
-
Contec Patient Monitors Not Malicious, but Still Pose Big Risk to Healthcare
The Contec CMS8000 patient monitors do not contain a malicious backdoor but are plagued by an insecure and vulnerable design. The post Contec Patient Monitors Not Malicious, but Still Pose Big Risk to Healthcare appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/contec-patient-monitors-not-malicious-but-still-pose-big-risk-to-healthcare/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 31
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. ESXi Ransomware Attacks: Stealthy Persistence through SSH Tunneling MintsLoader: StealC and BOINC Delivery Cloud Ransomware Developments – The Risks of Customer-Managed Keys New TorNet backdoor seen in widespread campaign Active Exploitation: New Aquabot Variant Phones Home…
-
Backdoor in Contec CMS8000 monitors may allow faulty patient readings
Tags: backdoorFirst seen on scworld.com Jump to article: www.scworld.com/news/backdoor-in-contec-cms8000-monitors-may-allow-faulty-patient-readings
-
Critical ‘Backdoor’ Discovered in Widely Used Healthcare Patient Monitors
On January 30, 2025, the U.S. Food and Drug Administration (FDA) issued a safety communication regarding cybersecurity vulnerabilities in Contec CMS8000 and Epsimed MN-120 patient monitors. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/critical-backdoor-discovered-in-widely-used-healthcare-patient-monitors/
-
Phishing campaign in Poland and Germany deploys TorNet backdoor
First seen on scworld.com Jump to article: www.scworld.com/brief/phishing-campaign-in-poland-and-germany-deploys-tornet-backdoor
-
New phishing campaign targets users in Poland and Germany
An ongoing phishing campaign, presumably by an advanced persistent threat (APT) actor, is seen dropping a new backdoor on victim systems enabling stealthy C2 operations.The backdoor, which Cisco’s Talos Intelligence Unit is tracking as TorNet, was found connecting victim machines to the decentralized and anonymizing TOR network for C2 communications.”Cisco Talos discovered an ongoing malicious…
-
Google Researchers Breakdowns Scatterbrain Behind PoisonPlug Malware
Google’s Threat Intelligence Group (GTIG) in collaboration with Mandiant has revealed critical insights into ScatterBrain, a sophisticated obfuscation tool utilized by China-nexus cyber espionage groups, specifically APT41, to deploy the advanced backdoor family POISONPLUG.SHADOW. This analysis underscores the significant evolution of obfuscation techniques from earlier counterparts like ScatterBee, making ScatterBrain a primary contributor to the…
-
Unknown threat actor targeting Juniper routers with backdoor: Report
Network administrators using routers from Juniper Networks are being urged to scan for possible compromise after the discovery that an unknown threat actor has been installing a backdoor in customer routers since at least 2023.The bad news: According to researchers at Lumen Technology’s Black Lotus Labs, the unknown attacker can install a reverse shell on…
-
TorNet Backdoor Exploits Windows Scheduled Tasks to Deploy Malware
Cisco Talos researchers have identified an ongoing cyber campaign, active since mid-2024, deploying a previously undocumented backdoor known as >>TorNet.
-
New TorNet Backdoor Exploits TOR Network in Advanced Phishing Attack
Advanced phishing campaign targets Poland and Germany, delivering Agent Tesla, Snake Keylogger and newly identified TorNet backdoor via… First seen on hackread.com Jump to article: hackread.com/tornet-backdoor-exploits-tor-network-phishing-attack/
-
PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks
A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in Poland and Germany.The attacks have led to the deployment of various payloads, such as Agent Tesla, Snake Keylogger, and a previously undocumented backdoor dubbed TorNet that’s delivered by…
-
Europeans targeted with new Tor-using backdoor and infostealers
A financially motivated threat actor has been targeting German and Polish-speaking users with info-stealing malware and TorNet, a previously undocumented .NET backdoor that … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/28/tornet-tor-backdoor-infostealers/
-
New TorNet backdoor seen in widespread campaign
Cisco Talos discovered an ongoing malicious campaign operated by a financially motivated threat actor targeting users, predominantly in Poland and Germany. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/new-tornet-backdoor-campaign/
-
Juniper-Router: Maßgeschneiderte Backdoors warten auf Magic Packets
IT-Forscher haben Backdoors auf Juniper-Routern entdeckt und untersucht. Sie werden durch Magic Packets aktiviert. First seen on heise.de Jump to article: www.heise.de/news/Juniper-Router-Massgeschneiderte-Backdoors-warten-auf-Magic-Packets-10258653.html
-
Auch in Deutschland: Tausende Scriptkiddies fallen auf FakeBuilder rein
Forscher haben einen trojanisierten Malware-Builder untersucht. Damit wurden wohl über 18.000 Systeme von Scriptkiddies mit einer Backdoor ausgestattet. First seen on golem.de Jump to article: www.golem.de/news/auch-in-deutschland-tausende-scriptkiddies-fallen-auf-fake-malware-builder-rein-2501-192765.html
-
Chinese PlushDaemon APT Targets S. Korean IPany VPN with Backdoor
Cybersecurity firm ESET uncovers PlushDaemon, a previously unknown APT group targeting South Korea, deploying a SlowStepper backdoor. This… First seen on hackread.com Jump to article: hackread.com/chinese-plushdaemon-apt-south-korean-vpn-backdoor/
-
Black ‘Magic’ Targets Enterprise Juniper Routers With Backdoor
Such routers typically lack endpoint detection and response protection, are in front of a firewall, and don’t run monitoring software like Sysmon, making the attacks harder to detect. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/black-magic-enterprise-juniper-routers-backdoor
-
Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers
Enterprise-grade Juniper Networks routers have become the target of a custom backdoor as part of a campaign dubbed J-magic.According to the Black Lotus Labs team at Lumen Technologies, the activity is so named for the fact that the backdoor continuously monitors for a “magic packet” sent by the threat actor in TCP traffic. “J-magic campaign…
-
New backdoor discovered that specifically targets Juniper routers
Researchers at Black Lotus Labs have uncovered an operation where a back door is dropped onto enterprise-grade Juniper Networks routers and listens for specific network signals, known as >>magic packets,
-
Chinese Cyberspies Target South Korean VPN in Supply Chain Attack
Advanced persistent threat group PlushDaemon, active since 2019, is using a sophisticated modular backdoor to collect data from infected systems in South Korea. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/chinese-cyberspies-target-south-korean-vpn-supply-chain-attack
-
PlushDaemon APT Targeted South Korean VPN Software
PlushDaemon APT hacked South Korean VPN software with SlowStepper backdoor as part of a 2023 espionage campaign First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/plushdaemon-apt-targeted-south/