Security News

A new version of the Sarwent malware can open the Remote Desktop Protocol port on target Windows computers to make sure that crooks can find their way back into the system through the backdoor. Create a new Windows user account, enable the RDP service for it, and make changes to the Windows firewall so that RDP access to the infected machine is allowed.

While encryption can come in many forms, it always comes with the same goal: protecting data confidentiality. End-to-end encryption achieves that goal by setting up an encrypted channel where only the client applications themselves have access to the decryption keys.

The U.S. Department of Justice announced on Monday that the FBI managed to gain access to the data stored on two iPhones belonging to an individual who last year killed and wounded several people at a United States naval base. U.S. Attorney General William Barr and FBI Director Christopher Wray announced on Monday that the FBI managed to access the data stored on the two locked iPhones.

A vulnerability discovered last year in the defunct OneTone WordPress theme plugin is now being exploited by hackers to compromise entire sites while installing backdoor admin accounts. If successful, hijacking this session in turn allows them to create a backdoor admin account as well as set up additional PHP backdoors through the WordPress dashboard for added persistence.

In March researchers reported that some apps pay a lot of attention to other apps installed on a device, which in theory could be used to gather data on a user's behaviour and inclinations. The study examined two issues - what proportion of apps exhibited secret behaviours and how these might be used or abused.

A recently uncovered attack campaign that stayed under the radar since May 2018 has targeted Microsoft SQL servers with backdoors and crypto-miners, Guardicore Labs reveals. Attacks begin with MS-SQL brute force login attempts and continue with a series of configuration changes to allow command execution.

Named "Vollgar" after the Vollar cryptocurrency it mines and its offensive "Vulgar" modus operandi, researchers at Guardicore Labs said the attack employs password brute-force to breach Microsoft SQL servers with weak credentials exposed to the Internet. Researchers claim the attackers managed to successfully infect nearly 2,000-3,000 database servers daily over the past few weeks, with potential victims belonging to healthcare, aviation, IT & telecommunications, and higher education sectors across China, India, the US, South Korea, and Turkey.

Windows users under attack via two new RCE zero-daysAttackers are exploiting two new zero-days in the Windows Adobe Type Manager Library to achieve remote code execution on targeted Windows systems. Widely available ICS attack tools lower the barrier for attackersThe general availability of ICS-specific intrusion and attack tools is widening the pool of attackers capable of targeting operational technology networks and industrial control systems.

Scripting attacks are nearly as common as malware-based attacks in the United States and, according to the most recent Crowdstrike Global Threat Report, scripting is the most common attack vector in the EMEA region. Python backdoor scripts are easy to find - a simple GitHub search turns up more than 200.

Researchers have discovered 16 types of vulnerabilities, including many backdoors, in Zyxel's CloudCNM SecuManager network management software. Zyxel CloudCNM SecuManager provides a console that organizations can use to monitor and manage their security gateways, including on internal and global networks.