Found 15 bookmarks
Custom sorting
OpenSSH Backdoors
OpenSSH Backdoors
Imagine this: an OpenSSH backdoor is discovered, maintainers rush to push out a fixed release package, security researchers trade technical details on mailing lists to analyze the backdoor code. Speculation abounds on the attribution and motives of the attacker, and the tech media pounces on the story. A near miss of epic proportions, a blow to the fabric of trust underlying open source development, a stark reminder of the risks of supply-chain attacks. Equal measures brilliant and devious.
#blog.isosceles.com#EN#2024#openssh#backdoor#analysis#supply-chain
·blog.isosceles.com·
OpenSSH Backdoors
Analyzing DPRK's SpectralBlur
Analyzing DPRK's SpectralBlur
In both his twitter (err, X) thread and in a subsequent posting he provided a comprehensive background and triage of the malware dubbed SpectralBlur. In terms of its capabilities he noted: SpectralBlur is a moderately capable backdoor, that can upload/download files, run a shell, update its configuration, delete files, hibernate or sleep, based on commands issued from the C2. -Greg He also pointed out similarities to/overlaps with the DPRK malware known as KandyKorn (that we covered in our “Mac Malware of 2024” report), while also pointing out there was differences, leading him to conclude: We can see some similarities ... to the KandyKorn. But these feel like families developed by different folks with the same sort of requirements. -Greg
#objective-see#EN#2024#Analysis#macOS#backdoor#SpectralBlur#malware
·objective-see.org·
Analyzing DPRK's SpectralBlur
TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks
TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks
Cybersecurity researchers have offered insight into a previously undocumented software control panel used by a financially motivated threat group known as TA505. "The group frequently changes its malware attack strategies in response to global cybercrime trends," Swiss cybersecurity firm PRODAFT said in a report shared with The Hacker News. "It opportunistically adopts new technologies in order to gain leverage over victims before the wider cybersecurity industry catches on."
#thehackernews#EN#2022#PRODAFT#TeslaGun#ServHelper#Backdoor#Analysis
·thehackernews.com·
TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks
TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks
TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks
Cybersecurity researchers have offered insight into a previously undocumented software control panel used by a financially motivated threat group known as TA505. "The group frequently changes its malware attack strategies in response to global cybercrime trends," Swiss cybersecurity firm PRODAFT said in a report shared with The Hacker News. "It opportunistically adopts new technologies in order to gain leverage over victims before the wider cybersecurity industry catches on."
#thehackernews#EN#2022#PRODAFT#TeslaGun#ServHelper#Backdoor#Analysis
·thehackernews.com·
TA505 Hackers Using TeslaGun Panel to Manage ServHelper Backdoor Attacks