BACKDOOR Archives - Cybersecurity News Everyday

Critical Cisco Smart Licensing Utility flaws now exploited in attacks

Summary: Attackers are now targeting unpatched Cisco Smart Licensing Utility (CSLU) instances due to a vulnerability that exposes a backdoor admin account. Cisco released a patch for this flaw (CVE-2024-20439) in September, along with another critical vulnerability (CVE-2024-20440) that allows attackers to access sensitive log files.…

Cyber Attack

RansomHub ransomware uses new Betruger ‘multi-function’ backdoor

March 21, 2025 BleepingComputer

Summary: A new custom backdoor malware named Betruger has been identified in recent ransomware attacks, particularly linked to the RansomHub RaaS operation. This multifunctional backdoor is designed to perform various malicious activities to facilitate ransomware deployment while minimizing the number of tools used in an attack.…

Threat Research

SideWinder Threat Group: Maritime and Nuclear Sectors at Risk with Updated Toolset

March 20, 2025 Picussecurity

SideWinder, also known as Rattlesnake or T-APT-04, is an advanced persistent threat group from India that has expanded its operations to target maritime and nuclear sectors across Asia, the Middle East, and Africa since 2012. Known for quickly adapting to security measures, SideWinder employs various tactics, techniques, and procedures (TTPs) to execute sophisticated cyber-attacks, primarily through phishing and malware.…

Interesting Stuff

Hacking Open Docker Registries: Pulling, Extracting, and Exploiting Images

March 20, 2025March 20, 2025 Infosecwriteups

This article discusses the security risks associated with misconfigured Docker registries, featuring a firsthand account of exploiting such a vulnerability to gain unauthorized access to sensitive data. The author provides a detailed walkthrough on discovering open Docker registries, extracting information from images, and even injecting a backdoored image if the registry permits.…

Threat Research

North Korea Kimsuky Malicious Backdoor VBS Script-vbs.html (2025.3.16)

March 20, 2025March 20, 2025 iocOne

This article discusses a malicious VBS script named vbs.html created by the North Korean hacking group Kimsuky, which is distributed via a specific malicious URL. The script uses several obfuscation techniques to evade detection and can execute remote code via HTTP requests, indicating its potential use as a backdoor.…

Threat Research

Resurgence of a Fake Captcha Malware Campaign

March 20, 2025March 20, 2025 Securonix

The article discusses a recent investigation by Trustwave SpiderLabs that uncovered a campaign leveraging fake CAPTCHA verifications to execute malicious PowerShell scripts, leading to the deployment of infostealers like Lumma and Vidar. The multi-stage attack involves deceptive prompts to execute commands, downloading HTA files, decrypting payloads, and executing infostealers.…

Threat Research

Fake Cloudflare Verification Results in LummaStealer Trojan Infections

March 20, 2025 Sucuri

This article describes an ongoing malware campaign utilizing malicious WordPress plugins to spread the LummaStealer trojan. The malware trick users into running harmful PowerShell commands, thus collecting sensitive data from infected PCs. The campaign exploits fake human verification prompts primarily targeting Windows users. Affected: WordPress websites, Windows operating system users

Keypoints :

LummaStealer is an infostealer malware designed to collect sensitive data.…

Cyber Security News

FIN7’s New Stealth Weapon, Anubis Backdoor, Emerges in the Wild

March 20, 2025 Cyware

Summary: PRODAFT has identified a new Python-based backdoor called AnubisBackdoor, associated with the FIN7 group, which allows for complete control over infected computers. The malware is adept at evading traditional security defenses, remaining undetected by most antivirus solutions. Delivered via malspam campaigns and compromised SharePoint instances, AnubisBackdoor demonstrates adaptability in its execution methods, posing a significant threat to enterprise environments.…

Cyber Security News

INDOHAXSEC: Emerging Indonesian Hacktivist Collective Targets Southeast Asia

March 19, 2025 CybersecurityNews

Summary: A new report by Arctic Wolf Labs reveals the emergence of the Indonesian hacktivist group INDOHAXSEC, which has been conducting various cyberattacks, including DDoS and ransomware attacks, largely motivated by political ideologies. The group, which is known for targeting entities perceived to support Israel, has also formed an alliance with the pro-Russian group NoName057(16).…

Threat Research

Securonix Threat Labs Monthly Intelligence Insights – February 2025

March 19, 2025 Securonix

The Monthly Intelligence Insights report from Securonix Threat Labs analyzes significant cybersecurity threats from February 2025, including sophisticated campaigns such as DEEP#DRIVE by Kimsuky and various ransomware activities. Key findings include the emergence of new threat actors and tactics targeting critical sectors through phishing and exploiting vulnerabilities.…

Youtube

New French law puts encryption at risk #hackernews #cybersecuritynews #technews

March 19, 2025 Youtube

Summary: The video discusses the UK’s demand for Apple to create a back door for accessing encrypted iCloud data, prompting Apple to remove end-to-end encryption for UK users. Following suit, France is proposing a law requiring tech companies to provide unencrypted information within 72 hours of a request.…

Cyber Attack

Western Alliance Bank notifies 21,899 customers of data breach

March 19, 2025 BleepingComputer

Summary: Western Alliance Bank has informed nearly 22,000 customers that their personal information was compromised due to a breach of a third-party vendor’s secure file transfer software in October. A zero-day vulnerability was exploited during this breach, and affected data includes names, Social Security numbers, and financial account information.…

Cyber Security News

New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors

March 18, 2025 CybersecurityNews

Summary: Researchers have identified a new supply chain attack method called Rules File Backdoor, targeting AI-powered code editors like GitHub Copilot and Cursor. This technique allows hackers to inject malicious code into AI-generated code through hidden instructions in configuration files. As a result, this poses significant supply chain risks as the compromised code can propagate silently across various projects.…

Cyber Security News

BADBOX 2.0 Botnet Infects 1 Million Android Devices for Ad Fraud and Proxy Abuse

March 18, 2025 CybersecurityNews

Summary: The BADBOX 2.0 scheme involves at least four distinct threat actors operating a large-scale ad fraud and residential proxy operation, utilizing compromised consumer devices to create a massive botnet. This sophisticated fraud ring targets inexpensive Android devices worldwide, causing significant financial damage through various forms of cybercrime.…

Cyber Security News

China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation

March 18, 2025 CybersecurityNews

Summary: A recent malware campaign by the China-aligned MirrorFace threat actor has targeted a Central European diplomatic organization, employing a backdoor known as ANEL. The campaign, called Operation AkaiRyū, marks a notable shift as it extends beyond the group’s usual focus on Japanese entities. Enhanced operational security measures have complicated the incident investigation, reflecting the evolved tactics of this cyber threat group.…

Threat Research

Operation AkaiRyū: MirrorFace invites Europe to Expo 2025 and revives ANEL backdoor

March 18, 2025 ESET-welivesecurity

In August 2024, ESET researchers uncovered cyberespionage activities by the MirrorFace APT group targeting a Central European diplomatic institute related to Expo 2025 in Osaka, Japan. This marks the first instance of MirrorFace infiltrating a European entity, showcasing new tactics and tools, including the backdoor ANEL and a customized variant of AsyncRAT.…

Threat Research

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

March 18, 2025 Reliaquest

This report discusses the ongoing exploitation of older VPN vulnerabilities, particularly CVE-2018-13379 and CVE-2022-40684, highlighting how attackers, including cybercriminal and state-sponsored groups, continue to target these flaws for credential theft and administrative control. The research indicates substantial growth in discussions around Fortinet VPN vulnerabilities on cybercriminal forums, illustrating their significance in the current threat landscape.…

Threat Research

Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers | Google Cloud Blog

March 18, 2025March 18, 2025 Securonix

Mandiant’s discovery in mid-2024 revealed that the China-nexus espionage group, UNC3886, deployed custom backdoors on Juniper Networks’ Junos OS routers, utilizing various capabilities to maintain long-term access while circumventing security protections. Mandiant urges organizations to upgrade their Juniper devices to mitigate these vulnerabilities and recommends security measures.…

Cyber Security News

⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More

March 17, 2025 CybersecurityNews

Summary: This week’s cybersecurity report highlights the evolving landscape of cyber threats, including advanced techniques used by threat groups and rising supply chain vulnerabilities. Law enforcement efforts against cybercriminal networks show promise, while new exploits and vulnerabilities demand prompt attention from organizations. The report includes notable incidents, emerging attack methods, and critical vulnerabilities that security teams should prioritize.…

Tag: BACKDOOR