Security News

A U.S. federal government commission associated with international rights has been targeted by a backdoor that reportedly compromised its internal network in what the researchers described as a "Classic APT-type operation." "This attack could have given total visibility of the network and complete control of a system and thus could be used as the first step in a multi-stage attack to penetrate this, or other networks more deeply," Czech security company Avast said in a report published last week.

According to Jens Zimmermann, the German coalition negotiations had made it "Quite clear" that the incoming government of the Social Democrats, the Greens and the business-friendly liberal FDP would reject "The weakening of encryption, which is being attempted under the guise of the fight against child abuse" by the coalition partners. Which are already enshrined in the interim solution of the ePrivacy Regulation, for example, "Diametrically contradict the character of the coalition agreement" because secure end-to-end encryption is guaranteed there, Zimmermann said.

A series of malicious campaigns have been leveraging fake installers of popular apps and games such as Viber, WeChat, NoxPlayer, and Battlefield as a lure to trick users into downloading a new backdoor and an undocumented malicious Google Chrome extension with the goal of stealing credentials and data stored in the compromised systems as well as maintaining persistent remote access. A noteworthy aspect of the intrusions is the use of malvertising as a means to strike individuals who are looking for popular software on search engines to present them links to download fake installers that drop a password stealer called RedLine Stealer, a Chrome extension dubbed "MagnatExtension" that's programmed to record keystrokes and capture screenshots, and an AutoIt-based backdoor that establishes remote access to the machine.

A security researcher has shed light on how invisible characters can be snuck into JavaScript code to introduce security risks, like backdoors, into your software. This week, a researcher has disclosed how certain characters could be injected into JavaScript code to introduce invisible backdoors and security vulnerabilities.

A security researcher has shed light on how invisible characters can be snuck into JavaScript code to introduce security risks, like backdoors, into your software. This week, a researcher has disclosed how certain characters could be injected into JavaScript code to introduce invisible backdoors and security vulnerabilities.

A newly discovered and previously undocumented UEFI bootkit has been used by attackers to backdoor Windows systems by hijacking the Windows Boot Manager since 2012. Bootkits are malicious code planted in the firmware invisible to security software that runs within the operating system since the malware is designed to load before everything else, in the initial stage of the booting sequence.

Cybersecurity researchers on Wednesday disclosed a previously undocumented backdoor likely designed and developed by the Nobelium advanced persistent threat behind last year's SolarWinds supply chain attack, joining the threat actor's ever-expanding arsenal of hacking tools. "While supply-chain attacks were already a documented attack vector leveraged by a number of APT actors, this specific campaign stood out due to the extreme carefulness of the attackers and the high-profile nature of their victims," Kaspersky researchers said.

Kaspersky security researchers have discovered a new backdoor likely developed by the Nobelium hacking group behind last year's SolarWinds supply chain attack. The new malware found by Kaspersky, dubbed Tomiris, was first spotted in June even though the first samples were deployed in the wild in February 2021, one month before the "Sophisticated second-stage backdoor" Sunshuttle was found by FireEye and linked to Nobelium.

Researchers have discovered a campaign delivering a previously unknown backdoor they're calling Tomiris. Namely, Tomiris has a number of similarities to the Sunshuttle second-stage malware that was distributed by Nobelium.

Security intelligence vendor Flashpoint claims to have found forum comments from customers of the REvil ransomware-as-a-service gang, and they're not happy. The gang's malware may contain backdoors that REvil uses to restore encrypted files itself.