backdoor – Page 4 – WindowsTechs.com

CloudSorcerer – A new APT targeting Russian government entities

Posted on July 8, 2024 by Sergey Lozhkin

Kaspersky discovered a new APT CloudSorcerer targeting Russian government entities and using cloud services as C2, just like the CloudWizard actor. Continue reading CloudSorcerer – A new APT targeting Russian government entities→

Compromised plugins found on WordPress.org

Posted on June 26, 2024 by Zeljka Zorz

An unknown threat actor has compromised five (and possibly more) WordPress plugins and injected them with code that creates a new admin account, effectively allowing them complete control over WordPress installations / websites. “In addition, it … Continue reading Compromised plugins found on WordPress.org→

XZ backdoor: Hook analysis

Posted on June 24, 2024 by Anderson Leite, Sergey Belov

In this article, we analyze XZ backdoor behavior inside OpenSSH, after it has achieved RSA-related function hook. Continue reading XZ backdoor: Hook analysis→

New BadSpace Backdoor Deployed in Drive-By Attacks

Posted on June 18, 2024 by Ionut Arghire

The BadSpace backdoor is being distributed via drive-by attacks involving infected websites and JavaScript downloaders.
The post New BadSpace Backdoor Deployed in Drive-By Attacks appeared first on SecurityWeek.
Continue reading New BadSpace Backdoor Deployed in Drive-By Attacks→

Removing android persistent backdoor [closed]

Posted on June 12, 2024 by chromebook

My device phone+pc got hacked, it is physical access hacking. It get backdoored before I buy it. Wherever i goes all pc, phone and router within 10 km of my location get hacked by mercenaries.
I need assistance regarding rewriting every pr… Continue reading Removing android persistent backdoor [closed]→

‘NsaRescueAngel’ Backdoor Account Again Discovered in Zyxel Products

Posted on June 5, 2024 by Ionut Arghire

Critical vulnerabilities in discontinued Zyxel NAS products allow unauthenticated attackers to execute arbitrary code and OS commands.
The post ‘NsaRescueAngel’ Backdoor Account Again Discovered in Zyxel Products appeared first on SecurityW… Continue reading ‘NsaRescueAngel’ Backdoor Account Again Discovered in Zyxel Products→

Trusted relationship attacks: trust, but verify

Posted on May 28, 2024 by Dmitry Kachan, Alina Sukhanova

We analyze the tactics and techniques of attackers targeting organizations through trusted relationships – that is, through contractors and external IT service providers. Continue reading Trusted relationship attacks: trust, but verify→

Ebury botnet compromises 400,000+ Linux servers

Posted on May 16, 2024 by Help Net Security

ESET researchers released its deep-dive investigation into one of the most advanced server-side malware campaigns. It is still growing and has seen hundreds of thousands of compromised servers in its at least 15-year-long operation. The Ebury group and… Continue reading Ebury botnet compromises 400,000+ Linux servers→

APT trends report Q1 2024

Posted on May 9, 2024 by GReAT

The report features the most significant developments relating to APT groups in Q1 2024, including the new malware campaigns DuneQuixote and Durian, and hacktivist activity. Continue reading APT trends report Q1 2024→

Random Requests Trying To Download Virus On Server?

Posted on May 9, 2024 by OJector

So, I was hosting my website on fastapi, and then I saw this 2 requests on my server.
I found that there was link, that was linking to file named "shk" on random ip adresses. I tried to download this on my VM and I got this:
.
D… Continue reading Random Requests Trying To Download Virus On Server?→