Security News

Two new backdoors have been attributed to the Molerats advanced persistent threat group, which is believed to be associated with the Palestinian terrorist organization Hamas. In early 2020, security researchers at Cybereason's Nocturnus group published information on two new malware families used by the APT, namely Spark and Pierogi.

Tutanota has been served with a court order to backdoor its encrypted email service - a situation founder Matthias Pfau described to The Register as "Absurd." Our friends at Heise reported auf Deutsch that a court in Germany last month ordered Tutanota to help investigators monitor the contents of a user's encrypted mailbox.

The attackers exploited multiple security vulnerabilities impacting these older and deprecated Magento 2.x versions to inject backdoors and inject credit card stealer scripts that allowed them to harvest the store customers' payment card data. Credit card skimmers are JavaScript-based scripts injected by Magecart cybercrime groups on compromised e-commerce sites' pages to exfiltrate payment and personal info submitted by customers to servers under their control.

Over the past several months, the "Mercenary" advanced persistent threat group known as DeathStalker has been using a new PowerShell backdoor in its attacks, Kaspersky reports. Kaspersky's security researchers, who have been tracking the group since 2018, identified a previously unknown implant the group has been using in attacks since mid-July.

Kaspersky researchers discovered a previously undocumented Windows PowerShell malware dubbed PowerPepper and developed by the hacker-for-hire group DeathStalker. The new PowerPepper implant was discovered by Kaspersky in May 2020 while researching other attacks using the group's other PowerShell-based implant known as Powersing.

ESET's security researchers have discovered yet another piece of malware that Russian cyber-espionage group Turla has been using in its attacks. According to ESET, the malware might be used only against very specific targets, a common feature for many Turla tools.

Researchers have discovered a previously undocumented backdoor and document stealer, which they have linked to the Russian-speaking Turla advanced persistent threat espionage group. Researchers said that the Crutch toolset has been designed to exfiltrate sensitive documents and other files to Dropbox accounts, which Turla operators control.

The Vietnam-backed OceanLotus has been around since at least 2013, and previously launched targeted attacks against media, research and construction companies. Older samples of the backdoor have targeted the same region before, according to researchers with Trend Micro.

Trend Micro's security researchers have identified a new macOS backdoor that they believe is used by the Vietnamese threat actor OceanLotus. A document used in the campaign features a Vietnamese name, which has led researchers to believe that users from Vietnam have been targeted with the new malware.

A UK infosec bod has launched a petition asking the government if it would please drop its plans to install backdoors in end-to-end encryption. Application security specialist Sean Wright's Parliamentary petition comes as an expression of uneasiness at long-signalled plans for British state agencies to sidestep encryption and enable snooping on private citizens' online conversations at will.