Security News

Proposed Bill Seeks to Protect Researchers Disclosing Classified Government Backdoors
2020-03-09 16:41

Newly introduced legislation seeks to protect journalist who publish classified information, as well as security researchers who discover classified government backdoors. The modification to the Espionage Act of 1917 would better protect journalists that have been increasingly targeted for disclosing government secrets.

Iranian Hackers Exploiting VPN Flaws to Backdoor Organizations Worldwide
2020-02-18 15:06

Exploiting VPN Flaws to Compromise Enterprise Networks The primary attack vector employed by the Iranian groups has been the exploitation of unpatched VPN vulnerabilities to penetrate and steal information from target companies. Once the attackers gained lateral movement capabilities, the attackers move to the final stage: execute the backdoor to scan the compromised system for relevant information and exfiltrate the files back to the attacker by establishing a remote desktop connection or opening a socket-based connection to a hardcoded IP address.

Iranian Hackers Exploiting VPN Flaws to Backdoor Organizations Worldwide
2020-02-18 07:13

Exploiting VPN Flaws to Compromise Enterprise Networks The primary attack vector employed by the Iranian groups has been the exploitation of unpatched VPN vulnerabilities to penetrate and steal information from target companies. Once the attackers gained lateral movement capabilities, the attackers move to the final stage: execute the backdoor to scan the compromised system for relevant information and exfiltrate the files back to the attacker by establishing a remote desktop connection or opening a socket-based connection to a hardcoded IP address.

APT Groups Planting Backdoors: Report
2020-02-17 22:48

Now, security firm ClearSky says that at least three advanced persistent threat groups, all with apparent ties to the Iranian government, have been joining the fray and hitting unpatched Fortinet, Pulse Secure and Palo Alto Networks VPN servers and Citrix remote gateways. Specific flaws needing to be patched include CVE-2019-11510 in Pulse Secure's VPN SSL servers, CVE-2018-13379 in Fortigate's SSL VPN servers, and CVE-2019-1579 in Palo Alto Network VPN servers, all of which ClearSky says Fox Kitten is now exploiting.

New Backdoor Attacks Leverage Political Turmoil in Middle East
2020-02-13 19:48

Two apparently politically motivated backdoor campaigns have been observed operating in the Middle East, targeting influential Palestinians. The two campaigns are primarily differentiated by the backdoor malware used: Spark and Pierogi - and have been named as the Spark Campaign and the Pierogi Campaign respectively by researchers at Cybereason's Nocturnus group.

US Has Evidence of Huawei Backdoor: Report
2020-02-13 17:33

As the U.S. ramps up pressure on its allies to ban equipment from Chinese manufacturer Huawei from their 5G networks, U.S. officials now say they have evidence that the firm has created a backdoor that allows it to access mobile phone networks around the world, according to the Wall Street Journal. "We have evidence that Huawei has the capability secretly to access sensitive and personal information in systems it maintains and sells around the world," says Robert O'Brien, national security adviser, according to the Journal report.

White House Claims Huawei Equipment Has Backdoor for Spying
2020-02-13 11:45

The Chinese company Huawei can secretly tap into communications through the networking equipment it sells globally, a U.S. official charged as the White House stepped up efforts to persuade allies to ban the gear from next-generation cellular networks. The Trump administration has been lobbying for more than a year to persuade allies to exclude Huawei equipment from their next-generation cellular networks, known as 5G. Britain and the European Union have declined to impose an outright ban, however.

Financial Firms Targeted With New Type of Backdoor: Report
2020-02-07 15:49

FireEye researchers are tracking a hacker campaign using a new type of backdoor they call "Minebridge" that has primarily been targeting U.S. financial firms this year. The campaign, which appears to have started around Jan. 7, involves planting the Minebridge backdoor into corporate networks to deliver other malware and allow attackers to map the infrastructure, according to a new FireEye report.

U.S. Finance Sector Hit with Targeted Backdoor Campaign
2020-02-06 17:54

The financial services sector in the U.S. found itself under a barrage of cyberattacks last month, all bent on delivering a powerful backdoor called Minebridge. The term refers to "The manipulation of Office documents where the source code of a macro is made to mismatch the pseudo-code of the document," according to FireEye.

This is not Huawei to reassure people about Beijing's spying eyes: Trivial backdoor found in HiSilicon's firmware for net-connected cams, recorders
2020-02-04 22:26

CCTV equipment maker Xiongmai effectively built a poorly hidden, insecure backdoor into potentially millions of surveillance devices, it is claimed. A hardware probester going by the name of Vladislav Yarmak alleged this week that China-based Xiongmai - best known for its wide-open security cameras - left a remote debugging and management tool in its firmware, which is used in network-connected surveillance video recorders.