#backdoor

The advanced persistent threat (APT) actor tracked as Evilnum is once again exhibiting signs of renewed activity aimed at European financial and investment entities. "Evilnum is a backdoor that can be used for data theft or to load additional payloads," enterprise security firm Proofpoint said in a report shared with The Hacker News. "The malware includes multiple interesting components to evade

A large software development company whose software is used by different state entities in Ukraine was at the receiving end of an "uncommon" piece of malware, new research has found. The malware, first observed on the morning of May 19, 2022, is a custom variant of the open source backdoor known as GoMet and is designed for maintaining persistent access to the network. "This access could be

Executive summary Since the Russian invasion of Ukraine began, Ukrainians have been under a nearly constant barrage of cyber attacks. Working jointly with Ukrainian organizations, Cisco Talos has discovered a fairly uncommon piece of malware targeting Ukraine — this time aimed at a large software development company whose software is used in various state organizations within Ukraine. We believe that this campaign is likely sourced by Russian state-sponsored actors or those acting in their interests. As this firm is involved in software development, we cannot ignore the possibility that the perpetrating threat actor's intent was to gain access to source a supply chain-style attack, though at this time we do not have any evidence that they were successful. Cisco Talos confirmed that the malware is a slightly modified version of the open-source backdoor named "GoMet." The malware was first observed on March 28, 2022. GoMet backdoor The story of this backdoor is rather curious — ther...

The debug interface of Goldshell ASIC Miners v2.2.1 and below was discovered to be exposed publicly on the web interface, allowing attackers to access passwords and other sensitive information in plaintext.

By Deeba Ahmed ChromeLoader malware is spread through pirated games, malicious QR codes, and cracked software that hijacks the victim’s web… This is a post from HackRead.com Read the original post: Researchers Warn of New Variants of ChromeLoader Browser in the Wild

Researchers go public after vendor disputes impersonation threat

The conventional wisdom that virtual container environments were somehow immune from malware and hackers has been upended.

Cybersecurity researchers have taken the wraps off a previously undocumented spyware targeting the Apple macOS operating system. The malware, codenamed CloudMensis by Slovak cybersecurity firm ESET, is said to exclusively use public cloud storage services such as pCloud, Yandex Disk, and Dropbox for receiving attacker commands and exfiltrating files. "Its capabilities clearly show that the

Tools purporting to help organizations recover lost passwords for PLCs are really droppers for malware targeting industrial control systems, vendor says.

Builder XtremeRAT malware version 3.7 suffers from an insecure cryptography implementation vulnerability that allows an attacker to login with only partial knowledge of a secret.