17 Jan 2020

Critical WordPress Bug Leaves 320,000 Sites Open to Attack

Infinite Client and WP Time Capsule, two WordPress plugins, contain vulnerabilities that leave sites open to attack. The bug is a critical authorization complication that allows adversaries access to the backend of a site without a password. The attacker only needs the admin username for the WordPress plugins. Both of

Read More
17 Oct 2019

.WAVs Hide Malware in Their Depths in Innovative Campaign

Security researchers with BlackBerry Cylance have spotted a new sophisticated campaign that spreads cryptojacking malware and a backdoor via .WAV audio files. The malware is embedded in the audio data and loaded when an infected file is played. Some of the malicious audio samples played music without glitches, while others

Read More
15 Oct 2019

Tactics of Supply-Chain Attack Group Exposed

Recent research by ESET has uncovered some of the tactics and tools used by the Winnti hacking group that has been carrying out supply-chain attacks against gaming companies since at least 2011. The attackers usually target game developers in order to embed backdoors in video games. In March of this

Read More
04 Oct 2019

Experts Slam US, Australia and UK’s Facebook Encryption Demands

The governments of the United States, the United Kingdom and Australia are urging Facebook not to implement end-to-end encryption on its Instagram and Messenger services. Earlier this year, the FTC slapped a $5bn fine on the social media giant over data protection and privacy issues that led to the Cambridge

Read More
30 Sep 2019

Global Consumers Reject Government-Mandated Encryption Backdoors

While the US Justice Department’s claims that government-mandated encryption backdoors would make it easier to prevent terror attacks, almost two-thirds (64%) of consumers across the US, UK, France and Germany don’t believe this argument, a recent survey by Venafi found. Only 30% of respondents expressed trust in governments to safeguard

Read More
26 Sep 2019

Hackers Replace Windows Narrator to Get SYSTEM Level Access

Researchers with Cylance have uncovered a new hacking campaign that takes advantage of the Windows Narrator app that users can launch from the logon screen before they have entered their credentials. The attackers, who are believed to be operating from China, have developed a malicious version of the app that

Read More
10 Sep 2019

Public Exposure Does Little to Slow China-Based Thrip APT

Symantec warns that in the past year, Chinese cyber-espionage group Thrip has launched successful campaigns against no less than 12 military, telecom and satellite organizations across Southeast Asia. Evidently, a 2018 report by Symantec detailing Thrip’s activities has done little to deter the group. Thrip has adopted new malware in

Read More
10 Sep 2019

Stealth Falcon Targets Middle East with Windows BITS Feature

New ESET research reveals that Stealth Falcon, a cyber espionage group targeting political activists and journalists in the Middle East, has changed tactics and is currently using a backdoor relying on Windows Background Intelligent Transfer Service (BITS), instead of the PowerShell-based backdoor used by the group in previous campaigns. The

Read More
20 Aug 2019

Backdoor found in Webmin, a popular web-based utility for managing Unix servers

Security researchers have uncovered a backdoor in Webmin, a highly popular application for remotely managing Linux servers and other Unix-based systems. Threat actors could use the backdoor to take over machines running Webmin and subsequently target the remote systems being managed via the app. Webmin is installed on over 1

Read More
27 Jun 2019

Huawei security: Half its kit has ‘at least one potential backdoor’

Against a background of US-China trade tensions and a US ban on Huawei telecommunications equipment over security concerns, security researchers with Finite State claim that more than half of Huawei products come with “at least one potential backdoor”. In a report[pdf] released by the IoT security firm, Finite State mentions

Read More