Security News

A new multi-platform backdoor malware named 'SysJocker' has emerged in the wild, targeting Windows, Linux, and macOS with the ability to evade detection on all three operating systems. The discovery of the new malware comes from researchers at Intezer who first saw signs of its activity in December 2021 after investigating an attack on a Linux-based web server.

Dubbed SysJoker by Intezer, the backdoor is used for establishing initial access on a target machine. A possible attack vector for SysJoker is an infected npm package, according to Intezer's analysis - an increasingly popular vector for dropping malware on targets.

Multiple backdoors have been discovered during a penetration test in the firmware of a widely used voice over Internet Protocol appliance from Auerswald, a German telecommunications hardware manufacturer, that could be abused to gain full administrative access to the devices. "Two backdoor passwords were found in the firmware of the COMpact 5500R PBX," researchers from RedTeam Pentesting said in a technical analysis published Monday.

A U.S. federal government commission associated with international rights has been targeted by a backdoor that reportedly compromised its internal network in what the researchers described as a "Classic APT-type operation." "This attack could have given total visibility of the network and complete control of a system and thus could be used as the first step in a multi-stage attack to penetrate this, or other networks more deeply," Czech security company Avast said in a report published last week.

According to Jens Zimmermann, the German coalition negotiations had made it "Quite clear" that the incoming government of the Social Democrats, the Greens and the business-friendly liberal FDP would reject "The weakening of encryption, which is being attempted under the guise of the fight against child abuse" by the coalition partners. Which are already enshrined in the interim solution of the ePrivacy Regulation, for example, "Diametrically contradict the character of the coalition agreement" because secure end-to-end encryption is guaranteed there, Zimmermann said.

A series of malicious campaigns have been leveraging fake installers of popular apps and games such as Viber, WeChat, NoxPlayer, and Battlefield as a lure to trick users into downloading a new backdoor and an undocumented malicious Google Chrome extension with the goal of stealing credentials and data stored in the compromised systems as well as maintaining persistent remote access. A noteworthy aspect of the intrusions is the use of malvertising as a means to strike individuals who are looking for popular software on search engines to present them links to download fake installers that drop a password stealer called RedLine Stealer, a Chrome extension dubbed "MagnatExtension" that's programmed to record keystrokes and capture screenshots, and an AutoIt-based backdoor that establishes remote access to the machine.

A security researcher has shed light on how invisible characters can be snuck into JavaScript code to introduce security risks, like backdoors, into your software. This week, a researcher has disclosed how certain characters could be injected into JavaScript code to introduce invisible backdoors and security vulnerabilities.

A security researcher has shed light on how invisible characters can be snuck into JavaScript code to introduce security risks, like backdoors, into your software. This week, a researcher has disclosed how certain characters could be injected into JavaScript code to introduce invisible backdoors and security vulnerabilities.

A newly discovered and previously undocumented UEFI bootkit has been used by attackers to backdoor Windows systems by hijacking the Windows Boot Manager since 2012. Bootkits are malicious code planted in the firmware invisible to security software that runs within the operating system since the malware is designed to load before everything else, in the initial stage of the booting sequence.

Cybersecurity researchers on Wednesday disclosed a previously undocumented backdoor likely designed and developed by the Nobelium advanced persistent threat behind last year's SolarWinds supply chain attack, joining the threat actor's ever-expanding arsenal of hacking tools. "While supply-chain attacks were already a documented attack vector leveraged by a number of APT actors, this specific campaign stood out due to the extreme carefulness of the attackers and the high-profile nature of their victims," Kaspersky researchers said.