Search cyberveille.decio.ch

Found 7 bookmarks

Custom sorting

OpenSSH Backdoors

Imagine this: an OpenSSH backdoor is discovered, maintainers rush to push out a fixed release package, security researchers trade technical details on mailing lists to analyze the backdoor code. Speculation abounds on the attribution and motives of the attacker, and the tech media pounces on the story. A near miss of epic proportions, a blow to the fabric of trust underlying open source development, a stark reminder of the risks of supply-chain attacks. Equal measures brilliant and devious.

#blog.isosceles.com #EN #2024 #openssh #backdoor #analysis #supply-chain

·blog.isosceles.com·Aug 25, 2024

OpenSSH Backdoors

Newly discovered: BadSpace backdoor delivered by high-ranking websites

Threat actors deliver fake software updates on websites for popular browsers: Sites with a high search engine ranking are at an increased risk.

#gdatasoftware #EN #2024 #analysis #BadSpace #backdoor #high-ranking #websites

·gdatasoftware.com·Jun 17, 2024

Newly discovered: BadSpace backdoor delivered by high-ranking websites

Kaspersky analysis of the backdoor in XZ

Kaspersky analysis of the backdoor recently found in XZ, which is used in many popular Linux distributions and in OpenSSH server process.

#securelist #EN #2024 #Backdoor #Cyber-espionage #Linux #Malware #analysis #Malware-Descriptions #Malware-Technologies #SSH #XZ

·securelist.com·Apr 13, 2024

Kaspersky analysis of the backdoor in XZ

GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)

notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094) - amlweems/xzbot

#amlweems #EN #2024 #CVE-2024-3094 #xz #backdoor #honeypot #analysis

·github.com·Apr 1, 2024

GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)

Code injection or backdoor: A new look at Ivanti’s CVE-2021-44529

In 2021, Ivanti patched a vulnerability that they called “code injection”. Rumors say it was a backdoor in an open source project. Let’s find out what actually happened!

#greynoise #EN #2024 #backdoor #Ivanti #CVE-2021-44529 #analysis

·labs.greynoise.io·Feb 18, 2024

Code injection or backdoor: A new look at Ivanti’s CVE-2021-44529

New MacOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group

Bitdefender researchers have discovered a new backdoor targeting Mac OS users.

#bitdefender #EN #2024 #macOS #Backdoor #rust #Trojan.MAC.RustDoor #analysis

·bitdefender.com·Feb 13, 2024

New MacOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group

Analyzing DPRK's SpectralBlur

In both his twitter (err, X) thread and in a subsequent posting he provided a comprehensive background and triage of the malware dubbed SpectralBlur. In terms of its capabilities he noted: SpectralBlur is a moderately capable backdoor, that can upload/download files, run a shell, update its configuration, delete files, hibernate or sleep, based on commands issued from the C2. -Greg He also pointed out similarities to/overlaps with the DPRK malware known as KandyKorn (that we covered in our “Mac Malware of 2024” report), while also pointing out there was differences, leading him to conclude: We can see some similarities ... to the KandyKorn. But these feel like families developed by different folks with the same sort of requirements. -Greg

#objective-see #EN #2024 #Analysis #macOS #backdoor #SpectralBlur #malware

·objective-see.org·Jan 5, 2024

Analyzing DPRK's SpectralBlur