backdoor
-
Blog
Chinese cyberspies use new SSH backdoor in network device hacks
A Chinese hacking group is hijacking the SSH daemon on network appliances by injecting malware into the process for persistent access and covert operations. The newly identified attack suite has been used in attacks since mid-November 2024, attributed to the Chinese Evasive Panda, aka DaggerFly, cyber-espionage group. As per the findings of Fortinet’s Fortiguard researchers, the attack suite is named “ELF/Sshdinjector.A!tr” and…
Read More » -
Blog
Backdoor found in two healthcare patient monitors, linked to IP in China
The US Cybersecurity and Infrastructure Security Agency (CISA) is warning that Contec CMS8000 devices, a widely used healthcare patient monitoring device, include a backdoor that quietly sends patient data to a remote IP address and downloads and executes files on the device. CISA learned of the malicious behavior from an external researcher who disclosed the vulnerability to the agency. When CISA…
Read More » -
Blog
/cdn.vox-cdn.com/uploads/chorus_asset/file/25461728/STK432_Government__CVirginia_D.jpg)
FBI’s warrantless ‘backdoor’ searches ruled unconstitutional
Following years of litigation, a federal court has finally ruled it unconstitutional for the FBI to search communications of US citizens collected under Section 702 of the Foreign Intelligence Surveillance Act (FISA). In a ruling unsealed last week, US District Court Judge LaShann DeArcy Hall decided that these “backdoor” searches violate the Fourth Amendment. This particular decision stems from a…
Read More » -
Blog
Eagerbee backdoor deployed against Middle Eastern govt orgs, ISPs
New variants of the Eagerbee malware framework are being deployed against government organizations and internet service providers (ISPs) in the Middle East. Previously, the malware was seen in attacks conducted by Chinese state-backed threat actors who Sophos tracked as ‘Crimson Palace.’ According to a new report by Kaspersky researchers, there’s a potential connection to a threat group they call ‘CoughingDown,’ based…
Read More » -
Blog
New ‘OtterCookie’ malware used to backdoor devs in fake job offers
North Korean threat actors are using new malware called OtterCookie in the Contagious Interview campaign that is targeting software developers. Contagious Interview has been active since at least December 2022, according to researchers at cybersecurity company Palo Alto Networks. The campaign targets software developers with fake job offers to deliver malware such as BeaverTail and InvisibleFerret. A report from NTT Security…
Read More » -
Blog
Winnti hackers target other threat actors with new Glutton PHP backdoor
The Chinese Winnti hacking group is using a new PHP backdoor named ‘Glutton’ in attacks on organizations in China and the U.S., and also in attacks on other cybercriminals. Chinese security firm QAX’s XLab discovered the new PHP malware in late April 2024, but evidence of its deployment, along with other files, dates back to December 2023. XLab comments that,…
Read More » -
Blog
Hackers exploit ProjectSend flaw to backdoor exposed servers
Threat actors are using public exploits for a critical authentication bypass flaw in ProjectSend to upload webshells and gain remote access to servers. The flaw, tracked as CVE-2024-11680, is a critical authentication bug impacting ProjectSend versions before r1720, allowing attackers to send specially crafted HTTP requests to ‘options.php’ to change the application’s configuration. Successful exploitation allows the creation of rogue…
Read More » -
Blog
Salt Typhoon hackers backdoor telcos with new GhostSpider malware
The Chinese state-sponsored hacking group Salt Typhoon has been observed utilizing a new “GhostSpider” backdoor in attacks against telecommunication service providers. The backdoor was discovered by Trend Micro, which has been monitoring Salt Typhoon’s attacks against critical infrastructure and government organizations worldwide. Along with GhostSpider, Trend Micro discovered that the threat group also uses a previously documented Linux backdoor named…
Read More » -
Blog
Amazon CEO Andy Jassy claims controversial RTO mandate is not a “backdoor layoff” strategy – but it’s a tactic that some execs admit to
Amazon CEO Andy Jassy has pushed back on claims that the company’s controversial return to office (RTO) mandate was a thinly veiled attempt to encourage layoffs. Speaking at an all-hands meeting on 5 November, Jassy denied accusations that his recently announced RTO strategy was a “backdoor layoff”, insisting the move was motivated by improving the organization’s culture. “A number of…
Read More » -
Blog
Fake Palo Alto GlobalProtect used as lure to backdoor enterprises
Threat actors target Middle Eastern organizations with malware disguised as the legitimate Palo Alto GlobalProtect Tool that can steal data and execute remote PowerShell commands to infiltrate internal networks further. Palo Alto GlobalProtect is a legitimate security solution offered by Palo Alto Networks that provides secure VPN access with multi-factor authentication support. Organizations widely use the product to ensure remote employees,…
Read More »