19 Jun 2019

Modular Backdoor Can Spread Over Local Network

A new report by Kaspersky provides insight into Plurox, a highly sophisticated piece of malware first discovered in February. Plurox is a modular backdoor capable of distributing itself across networks and of planting additional malware on infected machines. Multi-functional “modular” malware is a growing threat to organizations. Plurox can infiltrate

Read More
10 Jun 2019

Microsoft Warns of Campaign Exploiting 2017 Bug

Microsoft is urging users to update a two-year-old vulnerability that is being used in a fresh wave of attacks. The flaw, tracked as CVE-2017-11882, was patched in 2017, but many unpatched systems remain vulnerable. The new campaign involves spam emails containing malicious RTF attachments capable of exploiting the vulnerability in order

Read More
08 May 2019

Russian cyberspies are using one hell of a clever Microsoft Exchange backdoor

Notorious Russian hacking group Turla is using a highly sophisticated backdoor as part of a cyber espionage campaign targeting email servers, ESET researchers have discovered. The backdoor, dubbed LightNeuron, is the first of its kind “to be directly integrated into the working flow of Microsoft Exchange,” one of the researchers

Read More
01 May 2019

Vodafone Found Hidden Backdoors in Huawei Equipment

Vodafone has admitted to Bloomberg that it discovered backdoors in software for Huawei products used by the carrier to provide various services to customers in Italy. The backdoors were discovered between 2009 and 2011 and remained in place for years. As a result, Huawei could have obtained unauthorized access to

Read More
11 Apr 2019

US Government Warns of New North Korean Malware

The US Department of Homeland Security (DHS) has published a report about a newly uncovered malware strain that is linked to the infamous North Korean hacking group Hidden Cobra aka Lazarus. The malware, dubbed Hoplight, is a backdoor Trojan that has the ability to: “Read, Write, and Move Files; Enumerate

Read More
10 Apr 2019

TajMahal cyber-espionage campaign uses previously unseen malicious tools

At the Kaspersky Security Analyst Summit (SAS) in Singapore, Kaspersky Lab researchers described a sophisticated cyber espionage campaign uncovered at the end of last year. The campaign, which seems to have no links to know threat actors, uses malware dubbed TajMahal, which researchers describe as “a technically sophisticated APT framework

Read More
29 Mar 2019

IT Security Pros Slam State-Backed Encryption Backdoors

New Venafi research shows that the vast majority of IT professionals have major problems with state-enforced encryption backdoors. Almost 3 in 4 (73%) respondents believe that state laws mandating that tech firms provide law enforcement with access to encrypted communications, actually serve to undermine national security. In addition, 70% of

Read More
26 Mar 2019

Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers

After compromising an ASUS server last year, threat actors installed a malicious backdoor on half a million computers sold by the Taiwan-based electronics giant, Kaspersky Lab claims. The hackers used their access to the server to disguise the malware as a legitimate software update which they then pushed to ASUS

Read More
29 Jan 2019

Unsecured MongoDB databases expose Kremlin’s backdoor into Russian businesses

Thanks to a leaky MongoDB database, a prominent Dutch white-hat hacker has discovered the backdoor account used by the Russian government to access servers belonging to businesses and organizations operating in Russia. The leaky server in which the backdoor account admin@kremlin.ru was first discovered, belonged to a Russian Lotto Website. The researcher then discovered the

Read More
10 Dec 2018

Australia Anti-Encryption Law Triggers Sweeping Backlash

“A controversial Australian bill, which could give the government access to data protected by end-to-end encryption, was passed Thursday. The bill, called the Assistance and Access Act, empowers Australian police to essentially force companies (that are operating in the country) to help the government hack into systems, plant malware or

Read More