Security News

APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor
2022-06-28 20:13

Entities located in Afghanistan, Malaysia, and Pakistan are in the crosshairs of an attack campaign that targets unpatched Microsoft Exchange Servers as an initial access vector to deploy the ShadowPad malware. "During the initial attacks, the group exploited an MS Exchange vulnerability to deploy ShadowPad malware and infiltrated building automation systems of one of the victims," the company said.

Symbiote Backdoor in Linux
2022-06-22 11:07

What makes Symbiote different from other Linux malware that we usually come across, is that it needs to infect other running processes to inflict damage on infected machines. Instead of being a standalone executable file that is run to infect a machine, it is a shared object library that is loaded into all running processes using LD PRELOAD, and parasitically infects the machine.

Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses
2022-06-13 23:58

Cybersecurity researchers have disclosed details of two medium-security flaws in Mitel 6800/6900 desk phones that, if successfully exploited, could allow an attacker to gain root privileges on the devices. Tracked as CVE-2022-29854 and CVE-2022-29855, the access control issues were discovered by German penetration testing firm SySS, following which patches were shipped in May 2022.

Gallium hackers backdoor finance, govt orgs using new PingPull malware
2022-06-13 21:56

The Gallium state-sponsored hacking group has been spotted using a new 'PingPull' remote access trojan against financial institutions and government entities in Europe, Southeast Asia, and Africa. Gallium is believed to originate from China, and its targeting scope of the telecommunications, finance, and government sectors in espionage operations aligns with the country's interests.

New Syslogk Linux rootkit uses magic packets to trigger backdoor
2022-06-13 15:13

A new Linux rootkit malware named 'Syslogk' is being used in attacks to hide malicious processes, using specially crafted "Magic packets" to awaken a backdoor laying dormant on the device. Syslogk can force-load its modules into the Linux kernel, hide directories and network traffic, and eventually load a backdoor called 'Rekoobe.

HelloXD Ransomware Installing Backdoor on Targeted Windows and Linux Systems
2022-06-13 05:37

Windows and Linux systems are being targeted by a ransomware variant called HelloXD, with the infections also involving the deployment of a backdoor to facilitate persistent remote access to infected hosts. "Unlike other ransomware groups, this ransomware family doesn't have an active leak site; instead it prefers to direct the impacted victim to negotiations through Tox chat and onion-based messenger instances," Daniel Bunce and Doel Santos, security researchers from Palo Alto Networks Unit 42, said in a new write-up.

Hello XD ransomware now drops a backdoor while encrypting
2022-06-12 14:11

Cybersecurity researchers report increased activity of the Hello XD ransomware, whose operators are now deploying an upgraded sample featuring stronger encryption. The Hello XD ransomware operation is not currently using a Tor payment site to extort victims but instead instructs victims to enter negotiations directly through a TOX chat service.

Iranian hackers target energy sector with new DNS backdoor
2022-06-10 18:06

NET-based DNS backdoor to conduct attacks on companies in the energy and telecommunication sectors. A recent analysis by Zscaler presents a new DNS backdoor based on the DIG.net open-source tool to carry out "DNS hijacking" attacks, execute commands, drop more payloads, and exfiltrate data.

Chinese LuoYu Hackers Using Man-on-the-Side Attacks to Deploy WinDealer Backdoor
2022-06-05 19:39

An "Extremely sophisticated" Chinese-speaking advanced persistent threat actor dubbed LuoYu has been observed using a malicious Windows tool called WinDealer that's delivered by means of man-on-the-side attacks. "Such attacks are especially dangerous and devastating because they do not require any interaction with the target to lead to a successful infection."

Malicious PyPI package opens backdoors on Windows, Linux, and Macs
2022-05-21 15:16

Another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems. PyPI is a repository of open-source packages that developers can use to share their work or benefit from the work of others, downloading the functional libraries required for their projects.