Security News

An unknown threat actor used a new stealthy rootkit to backdoor targeted Windows systems what looks like an ongoing espionage campaign dubbed TunnelSnake going back to at least 2018. Rootkits are malicious tools designed to evade detection by burying deep into the operating system and used by attackers to fully take over infected systems while avoiding detection.

Previously undocumented and stealthy Linux malware named RotaJakiro has been discovered targeting Linux X64 systems. Investigation revealed the backdoor malware they named RotaJakiro, because, say the researchers, "The family uses rotate encryption and behaves differently for root/non-root accounts when executing."

Chinese security outfit Qihoo 360 Netlab on Wednesday said it has identified Linux backdoor malware that has remained undetected for a number of years. An MD5 signature for the file systemd-daemon first showed up in VirusTotal back on May 16, 2018 without the detection of any known malware.

Bad actors with suspected ties to China have been behind a wide-ranging cyberespionage campaign targeting military organizations in Southeast Asia for nearly two years, according to new research. Attributing the attacks to a threat actor dubbed "Naikon APT," cybersecurity firm Bitdefender laid out the ever-changing tactics, techniques, and procedures adopted by the group, including weaving new backdoors named "Nebulae" and "RainyDay" into their data-stealing missions.

A recently discovered Linux malware with backdoor capabilities has flown under the radar for years, allowing attackers to harvest and exfiltrate sensitive information from compromised devices. RotaJakiro is designed to operate as stealthy as possible, encrypting its communication channels using ZLIB compression and AES, XOR, ROTATE encryption.

A Chinese-speaking threat actor has deployed a new backdoor in multiple cyber-espionage operations spanning roughly two years and targeting military organizations from Southeast Asia. Naikon is likely a state-sponsored threat actor tied to China, mostly known for focusing its efforts on high-profile orgs, including government entities and military orgs.

Click Studios, the Australian software company behind the Passwordstate password management application, has notified customers to reset their passwords following a supply chain attack. "Manual Upgrades of Passwordstate are not compromised. Affected customers password records may have been harvested."

Unpatched Microsoft Exchange servers are being targeted by the Prometei botnet and added to its operators' army of Monero cryptocurrency mining bots. Based on new malware samples recently found by Cybereason during recent incident responses, the botnet has also been updated to exploit Exchange Server vulnerabilities patched by Microsoft in March.

Update: QNAP confirmed that Qlocker ransomware has used the removed backdoor account to hack into some customers' NAS devices and encrypt their files. T]he so-called Qlocker ransomware took advantage of one of the patched vulnerabilities in HBS to launch a hostile campaign, targeting QNAP NAS directly connected to the Internet with unpatched old versions of HBS. QNAP has addressed a critical vulnerability allowing attackers to log into QNAP NAS devices using hardcoded credentials.

'To observe the outputs of the two black boxes for a finite time and make a pronouncment of if the boxes contain a random generator or a determanistic generator. 2, The first is not, the second is.3, The first is, the second is not.4, Both are random.