Security News

Scripting attacks are nearly as common as malware-based attacks in the United States and, according to the most recent Crowdstrike Global Threat Report, scripting is the most common attack vector in the EMEA region. Python backdoor scripts are easy to find - a simple GitHub search turns up more than 200.

Researchers have discovered 16 types of vulnerabilities, including many backdoors, in Zyxel's CloudCNM SecuManager network management software. Zyxel CloudCNM SecuManager provides a console that organizations can use to monitor and manage their security gateways, including on internal and global networks.

Newly introduced legislation seeks to protect journalist who publish classified information, as well as security researchers who discover classified government backdoors. The modification to the Espionage Act of 1917 would better protect journalists that have been increasingly targeted for disclosing government secrets.

Exploiting VPN Flaws to Compromise Enterprise Networks The primary attack vector employed by the Iranian groups has been the exploitation of unpatched VPN vulnerabilities to penetrate and steal information from target companies. Once the attackers gained lateral movement capabilities, the attackers move to the final stage: execute the backdoor to scan the compromised system for relevant information and exfiltrate the files back to the attacker by establishing a remote desktop connection or opening a socket-based connection to a hardcoded IP address.

Exploiting VPN Flaws to Compromise Enterprise Networks The primary attack vector employed by the Iranian groups has been the exploitation of unpatched VPN vulnerabilities to penetrate and steal information from target companies. Once the attackers gained lateral movement capabilities, the attackers move to the final stage: execute the backdoor to scan the compromised system for relevant information and exfiltrate the files back to the attacker by establishing a remote desktop connection or opening a socket-based connection to a hardcoded IP address.

Now, security firm ClearSky says that at least three advanced persistent threat groups, all with apparent ties to the Iranian government, have been joining the fray and hitting unpatched Fortinet, Pulse Secure and Palo Alto Networks VPN servers and Citrix remote gateways. Specific flaws needing to be patched include CVE-2019-11510 in Pulse Secure's VPN SSL servers, CVE-2018-13379 in Fortigate's SSL VPN servers, and CVE-2019-1579 in Palo Alto Network VPN servers, all of which ClearSky says Fox Kitten is now exploiting.

Two apparently politically motivated backdoor campaigns have been observed operating in the Middle East, targeting influential Palestinians. The two campaigns are primarily differentiated by the backdoor malware used: Spark and Pierogi - and have been named as the Spark Campaign and the Pierogi Campaign respectively by researchers at Cybereason's Nocturnus group.

As the U.S. ramps up pressure on its allies to ban equipment from Chinese manufacturer Huawei from their 5G networks, U.S. officials now say they have evidence that the firm has created a backdoor that allows it to access mobile phone networks around the world, according to the Wall Street Journal. "We have evidence that Huawei has the capability secretly to access sensitive and personal information in systems it maintains and sells around the world," says Robert O'Brien, national security adviser, according to the Journal report.

The Chinese company Huawei can secretly tap into communications through the networking equipment it sells globally, a U.S. official charged as the White House stepped up efforts to persuade allies to ban the gear from next-generation cellular networks. The Trump administration has been lobbying for more than a year to persuade allies to exclude Huawei equipment from their next-generation cellular networks, known as 5G. Britain and the European Union have declined to impose an outright ban, however.

FireEye researchers are tracking a hacker campaign using a new type of backdoor they call "Minebridge" that has primarily been targeting U.S. financial firms this year. The campaign, which appears to have started around Jan. 7, involves planting the Minebridge backdoor into corporate networks to deliver other malware and allow attackers to map the infrastructure, according to a new FireEye report.