Security News

'Fully undetectable' Windows backdoor gets detected
2022-10-18 20:14

SafeBreach Labs says it has detected a novel fully undetectable PowerShell backdoor, which calls into question the accuracy of threat naming. "The attack starts with a malicious Word document, which includes a macro that launches an unknown PowerShell script," said Bar.

Researchers Uncover Custom Backdoors and Spying Tools Used by Polonium Hackers
2022-10-13 07:18

A threat actor tracked as Polonium has been linked to over a dozen highly targeted attacks aimed at Israelian entities with seven different custom backdoors since at least September 2021. ESET's latest discovery of five more previously undocumented backdoors brings into focus an active espionage-oriented threat actor that's constantly refining and retooling its malware arsenal.

Inserting a Backdoor into a Machine-Learning System
2022-10-11 12:18

Abstract: Early backdoor attacks against machine learning set off an arms race in attack and defence development. Defences have since appeared demonstrating some ability to detect backdoors in models or even remove them.

Steganography alert: Backdoor spyware stashed in Microsoft logo
2022-10-02 12:56

Internet snoops have been caught concealing spyware in an old Windows logo in an attack on governments in the Middle East. The Witchetty gang used steganography to stash backdoor Windows malware - dubbed Backdoor.

Steganography alert: Backdoor spyware stashed in Microsoft logo
2022-10-02 12:56

Internet snoops has been caught concealing spyware in an old Windows logo in an attack on governments in the Middle East. The Witchetty gang used steganography to stash backdoor Windows malware, dubbed Backdoor.

Hacking group hides backdoor malware inside Windows logo image
2022-09-29 21:14

Security researchers have discovered a malicious campaign by the 'Witchetty' hacking group, which uses steganography to hide a backdoor malware in a Windows logo. The group is also considered part of the TA410 operatives, previously linked to attacks against U.S. energy providers.

New malware backdoors VMware ESXi servers to hijack virtual machines
2022-09-29 13:00

Hackers have found a new method to establish persistence on VMware ESXi hypervisors to control vCenter servers and virtual machines for Windows and Linux while avoiding detection.A modified level of trust is not enough for the ESXi system to accept it by default but the attacker also used the '-force' flag to install the malicious VIBs.

Chinese Espionage Hackers Target Tibetans Using New LOWZERO Backdoor
2022-09-26 12:14

A China-aligned advanced persistent threat actor known as TA413 weaponized recently disclosed flaws in Sophos Firewall and Microsoft Office to deploy a never-before-seen backdoor called LOWZERO as part of an espionage campaign aimed at Tibetan entities. Targets primarily consisted of organizations associated with the Tibetan community, including enterprises associated with the Tibetan government-in-exile.

Hackers trojanize PuTTY SSH client to backdoor media company
2022-09-15 20:45

North Korean hackers are using trojanized versions of the PuTTY SSH client to deploy backdoors on targets' devices as part of a fake Amazon job assessment. A novel element in this campaign is the use of a trojanized version of the PuTTY and KiTTY SSH utility to deploy a backdoor, which in this case, is 'AIRDRY.V2'.

Linux variant of the SideWalk backdoor discovered
2022-09-15 08:48

ESET researchers have discovered a Linux variant of the SideWalk backdoor, one of the multiple custom implants used by the SparklingGoblin APT group. Commands with different or missing implementation in the Linux version of SideWalk.