Search cyberveille.decio.ch

Found 104 bookmarks

Custom sorting

RansomHub Affiliate leverages Python-based backdoor

In an incident response in Q4 of 2024, GuidePoint Security identified evidence of a threat actor utilizing a Python-based backdoor to maintain access to compromised endpoints. The threat actor later leveraged this access to deploy RansomHub encryptors throughout the entire impacted network. ReliaQuest documented an earlier version of this malware on their website in February 2024.

#guidepointsecurity #EN #2025 #incident-response #Python-based #backdoor #ransomware #RansomHub #SocGholish #FakeUpdate

·guidepointsecurity.com·Jan 19, 2025

RansomHub Affiliate leverages Python-based backdoor

Backdooring Your Backdoors - Another $20 Domain, More Governments

After the excitement of our .MOBI research, we were left twiddling our thumbs. As you may recall, in 2024, we demonstrated the impact of an unregistered domain when we subverted the TLS/SSL CA process for verifying domain ownership to give ourselves the ability to issue valid and trusted TLS/

#watchtowr #EN #2025 #backdoor #infrastructure #abandoned #access #analysis #hack #research #hackback

·labs.watchtowr.com·Jan 12, 2025

Backdooring Your Backdoors - Another $20 Domain, More Governments

PHP Reinfector and Backdoor Malware Target WordPress Sites

Understand the threat of PHP reinfector malware on WordPress sites, compromising plugins like Imagify and using malicious admin users.

#blog.sucuri #EN #2024 #Backdoor #Malware #WordPress #PHP-Reinfector

·blog.sucuri.net·Dec 1, 2024

PHP Reinfector and Backdoor Malware Target WordPress Sites

Windows infected with backdoored Linux VMs in new phishing attacks

A new phishing campaign dubbed 'CRON#TRAP' infects Windows with a Linux virtual machine that contains a built-in backdoor to give stealthy access to corporate networks.

#Backdoor #Linux #Phishing #QEMU #Virtual-Machine #Windows #Security #InfoSec #Computer-Security

·bleepingcomputer.com·Nov 13, 2024

Windows infected with backdoored Linux VMs in new phishing attacks

An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader

UNC2970 is a cyber espionage group suspected to have a North Korea nexus.

#Mandiant #2024 #UNC2970 #Backdoor #PDF #PDF-Reader #North #North-Korea

·cloud.google.com·Sep 17, 2024

An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader

Cisco warns of backdoor admin account in Smart Licensing Utility

Cisco has removed a backdoor account in the Cisco Smart Licensing Utility (CSLU) that can be used to log into unpatched systems with administrative privileges.

#bleepingcomputer #EN #2024 #Backdoor #Cisco #Smart-Licensing-Utility

·bleepingcomputer.com·Sep 4, 2024

Cisco warns of backdoor admin account in Smart Licensing Utility

HZ Rat backdoor for macOS harvests data from WeChat and DingTalk

Kaspersky experts discovered a macOS version of the HZ Rat backdoor, which collects user data from WeChat and DingTalk messengers.

#securelist #EN #2024 #HZRat #Apple #MacOS #Backdoor #Instant-Messengers #Malware #Malware-Descriptions #shell #Trojan

·securelist.com·Aug 28, 2024

HZ Rat backdoor for macOS harvests data from WeChat and DingTalk

OpenSSH Backdoors

Imagine this: an OpenSSH backdoor is discovered, maintainers rush to push out a fixed release package, security researchers trade technical details on mailing lists to analyze the backdoor code. Speculation abounds on the attribution and motives of the attacker, and the tech media pounces on the story. A near miss of epic proportions, a blow to the fabric of trust underlying open source development, a stark reminder of the risks of supply-chain attacks. Equal measures brilliant and devious.

#blog.isosceles.com #EN #2024 #openssh #backdoor #analysis #supply-chain

·blog.isosceles.com·Aug 25, 2024

OpenSSH Backdoors

MIFARE Classic: exposing the static encrypted nonce variant... and a few hardware backdoors

We studied the most secure static encrypted nonce variant of "MIFARE Classic compatible" cards -- meant to resist all known card-only attacks -- and developed new attacks defeating it, uncovering a hardware backdoor in the process. And that's only the beginning...

#quarkslab #NFC #RFID #Proxmark3 #MIFARE #cryptography #backdoor #2024 #FM11RF08S #Fudan #Microelectronics

·blog.quarkslab.com·Aug 24, 2024

MIFARE Classic: exposing the static encrypted nonce variant... and a few hardware backdoors

Major Backdoor in Millions of RFID Cards Allows Instant Cloning

French security services firm Quarkslab has made an eye-popping discovery: a significant backdoor in millions of contactless cards made by Shanghai Fudan Microelectronics Group, a leading chip manufacturer in China.

#securityweek #EN #2024 #RFID #cards #cloned #Quarkslab #backdoor #Shanghai #Fudan #Microelectronics #Group

·securityweek.com·Aug 24, 2024

Major Backdoor in Millions of RFID Cards Allows Instant Cloning

CloudSorcerer APT uses cloud services and GitHub as C2 | Securelist

Kaspersky discovered a new APT CloudSorcerer targeting Russian government entities and using cloud services as C2, just like the CloudWizard actor.

#securelist #Kaspersky #EN #2024 #APT #Backdoor #Cloud-services #CloudWizard #Cyber-espionage #Dropbox #Malware #Malware-Technologies #Targeted-attacks

·securelist.com·Jul 11, 2024

CloudSorcerer APT uses cloud services and GitHub as C2 | Securelist

Malvertising Campaign Leads to Execution of Oyster Backdoor

Rapid7 observed a recent malvertising campaign luring users to download malicious installers for popular software like Google Chrome and Microsoft Teams.

#rapid7 #EN #2024 #Malvertising #Oyster #Backdoor

·rapid7.com·Jun 24, 2024

Malvertising Campaign Leads to Execution of Oyster Backdoor

XZ backdoor behavior inside OpenSSH

In this article, we analyze XZ backdoor behavior inside OpenSSH, after it has achieved RSA-related function hook.

#securelist #EN #2024 #Backdoor #Cyber-espionage #Linux #Malware #Malware-Descriptions #Malware-Technologies #SSH #Targeted-attacks #XZ

·securelist.com·Jun 24, 2024

XZ backdoor behavior inside OpenSSH

Newly discovered: BadSpace backdoor delivered by high-ranking websites

Threat actors deliver fake software updates on websites for popular browsers: Sites with a high search engine ranking are at an increased risk.

#gdatasoftware #EN #2024 #analysis #BadSpace #backdoor #high-ranking #websites

·gdatasoftware.com·Jun 17, 2024

Newly discovered: BadSpace backdoor delivered by high-ranking websites

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.

#Backdoor #Cobalt-Strike #Cobalt-Strike-Beacon #Linux #macOS #PyPI #Python #Windows #supplychain

·bleepingcomputer.com·May 21, 2022

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Chinese hackers abuse VLC Media Player to launch malware loader

Security researchers have uncovered a long-running malicious campaign from hackers associated with the Chinese government who are using VLC Media Player to launch a custom malware loader.

#APT10 #Backdoor #China #Cicada #Microsoft-Exchange #VLC #VLC-Media-Player #EN #2022 #bleepingcomputer

·bleepingcomputer.com·Apr 6, 2022

Chinese hackers abuse VLC Media Player to launch malware loader

Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica

Never-before-seen, cross-platform SysJoker came from an "advanced threat actor."

#Backdoor #RAT #EN #arstechnica #SysJoker #APT

·arstechnica.com·Feb 15, 2022

Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.

#Backdoor #Cobalt-Strike #Cobalt-Strike-Beacon #Linux #macOS #PyPI #Python #Windows #supplychain

·bleepingcomputer.com·May 21, 2022

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Chinese hackers abuse VLC Media Player to launch malware loader

Security researchers have uncovered a long-running malicious campaign from hackers associated with the Chinese government who are using VLC Media Player to launch a custom malware loader.

#APT10 #Backdoor #China #Cicada #Microsoft-Exchange #VLC #VLC-Media-Player #EN #2022 #bleepingcomputer

·bleepingcomputer.com·Apr 6, 2022

Chinese hackers abuse VLC Media Player to launch malware loader

Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica

Never-before-seen, cross-platform SysJoker came from an "advanced threat actor."

#Backdoor #RAT #EN #arstechnica #SysJoker #APT

·arstechnica.com·Feb 15, 2022

Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica

Kaspersky analysis of the backdoor in XZ

Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process.

#securelist #EN #2024 #Backdoor #Cyber-espionage #Linux #Malware #analysis #Malware-Descriptions #Malware-Technologies #SSH #XZ

·securelist.com·Apr 13, 2024

Kaspersky analysis of the backdoor in XZ

+92,000 Internet-facing D-Link NAS devices can be easily hacked

A researcher disclosed an arbitrary command injection and hardcoded backdoor issue in multiple end-of-life D-Link NAS models.

#securityaffairs #EN #2024 #D-Link #NAS #devices #backdoor

·securityaffairs.com·Apr 7, 2024

+92,000 Internet-facing D-Link NAS devices can be easily hacked

Over 92,000 exposed D-Link NAS devices have a backdoor account

A threat researcher has disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage (NAS) device models.

#bleepingcomputer #En #2024 #Backdoor #Command-Injection #D-Link #EOL #NAS #Remote-Code-Execution #Vulnerability

·bleepingcomputer.com·Apr 6, 2024

Over 92,000 exposed D-Link NAS devices have a backdoor account

GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)

notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) - amlweems/xzbot

#amlweems #EN #2024 #CVE-2024-3094 #xz #backdoor #honeypot #analysis

·github.com·Apr 1, 2024

GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)

What we know about the xz Utils backdoor that almost infected the world

Malicious updates made to a ubiquitous tool were a few weeks away from going mainstream.

#arstechnica #EN #2024 #xz #Supply-chain-attack #backdoor #CVE-2024-3094

·arstechnica.com·Apr 1, 2024

What we know about the xz Utils backdoor that almost infected the world

xz-utils backdoor situation

This is still a new situation. There is a lot we don't know. We don't know if there are more possible exploit paths. We only know about this one path. Please update your systems regardless. Unknown unknowns are safer than known unknowns. This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't know much about what's going on.

#thesamesam #xz #CVE-2024-3094 #backdoor #FAQ

·gist.github.com·Apr 1, 2024

xz-utils backdoor situation

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems.

#Backdoor #Cobalt-Strike #Cobalt-Strike-Beacon #Linux #macOS #PyPI #Python #Windows #supplychain

·bleepingcomputer.com·May 21, 2022

Malicious PyPI package opens backdoors on Windows, Linux, and Macs

Chinese hackers abuse VLC Media Player to launch malware loader

Security researchers have uncovered a long-running malicious campaign from hackers associated with the Chinese government who are using VLC Media Player to launch a custom malware loader.

#APT10 #Backdoor #China #Cicada #Microsoft-Exchange #VLC #VLC-Media-Player #EN #2022 #bleepingcomputer

·bleepingcomputer.com·Apr 6, 2022

Chinese hackers abuse VLC Media Player to launch malware loader

Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica

Never-before-seen, cross-platform SysJoker came from an "advanced threat actor."

#Backdoor #RAT #EN #arstechnica #SysJoker #APT

·arstechnica.com·Feb 15, 2022

Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica

XZ Utils backdoor

This page is short for now but it will get updated as I learn more about the incident. Most likely it will be during the first week of April 2024. The Git repositories of XZ projects are on git.tukaani.org. xz.tukaani.org DNS name (CNAME) has been removed. The XZ projects currently don’t have a home page. This will be fixed in a few days.

#tukaani #EN #2024 #XZ #backdoor #linux

·tukaani.org·Mar 30, 2024

XZ Utils backdoor