Security News

Cybersecurity researchers on Wednesday shed light on a new sophisticated backdoor targeting Linux endpoints and servers that's believed to be the work of Chinese nation-state actors. RedXOR's name comes from the fact that it encodes its network data with a scheme based on XOR, and that it's compiled with a legacy GCC compiler on an old release of Red Hat Enterprise Linux, suggesting that the malware is deployed in targeted attacks against legacy Linux systems.

FireEye and Microsoft on Thursday said they discovered three more malware strains in connection with the SolarWinds supply-chain attack, including a "Sophisticated second-stage backdoor," as the investigation into the sprawling espionage campaign continues to yield fresh clues about the threat actor's tactics and techniques. Dubbed GoldMax, GoldFinder, and Sibot, the new set of malware adds to a growing list of malicious tools such as Sunspot, Sunburst, Teardrop, and Raindrop that were stealthily delivered to enterprise networks by alleged Russian operatives.

The exploitation of bitsquatted domains tends to be automatic when a DNS request is being made from a computer impacted by a hardware error, solar flare, or cosmic rays, thereby flipping one of the bits of the legitimate domain names. Researacher sees real windows.com traffic coming to his domains!

SunCrypt, a ransomware strain that went on to infect several targets last year, may be an updated version of the QNAPCrypt ransomware, which targeted Linux-based file storage systems, according to new research. "While the two ransomware [families] are operated by distinct different threat actors on the dark web, there are strong technical connections in code reuse and techniques, linking the two ransomware to the same author," Intezer Lab researcher Joakim Kennedy said in a malware analysis published today revealing the attackers' tactics on the dark web.

For public health officials, contact tracing remains critical to managing the spread of the coronavirus - particularly as it appears that variants of the virus could be more transmissible. The need for widespread contact tracing at the start of the pandemic led tech giants Apple and Google to announce a plan to turn iOS and Android phones into mobile "Beacons" that alert users who opt in of potential exposure to COVID-19.

At nearly a year old, the invitation-only, audio-based social-media platform ClubHouse is grappling with security issues on multiple fronts, but the consensus among researchers is coming into focus: Assume your ClubHouse conversations are being recorded. Another user, located in mainland China, meanwhile wrote code that allows anyone to listen in on ClubHouse conversations without the required invitation code, and posted it on GitHub, Silicon Angle reported.

The Dark Web allows cybercriminals to create a Cyber Attacks-as-a-Service ecosystem that outmaneuvers security defenses. Cybersecurity researchers Keman Huang, Michael Siegel, Keri Pearlson and Stuart Madnick in their paper Casting the Dark Web in a New Light, published in the MIT Sloan Management Review, asked whether attackers-who more often than not are one or two steps ahead of cyberdefenders-are more technically adept, or is it something else? The paper was written in 2019, but the material is as relevant now as it was then, and maybe even more so.

A bug bounty hunter claims he has earned a $5,000 reward from Apple for reporting a stored cross-site scripting vulnerability on iCloud.com. Vishal Bharad, a researcher and penetration tester from India, published a blog post earlier this week describing his findings.

Cybersecurity researchers have disclosed a new kind of Office malware distributed as part of a malicious email campaign that targeted more than 80 customers worldwide in an attempt to control victim machines and steal information remotely. About 40 hackers in total are said to be behind the operation, utilizing 100 different email senders in a slew of attacks targeting users in more than 30 different countries.

These npm packages are identical to the proof-of-concept packages created by Alex Birsan, the researcher who had recently managed to infiltrate over major 35 tech firms and walk away with over six-figures in bug bounty rewards. Birsan tells BleepingComputer he is not behind these copycat "Research" packages, although he did admit to uploading a few more packages today under his real npm account.