HackDig : Dig high-quality web security articles for hacker

IoT: a malware story

Since 2008, cyber-criminals have been creating malware to attack IoT-devices, such as routers and other types of network equipment. You will find a lot of statistics on this on Securelist, most notably, here and here. The main problem with these IoT/embedded devices is that one simply cannot install any kind of security software. How do we deal with that? Th
Publish At:2019-10-15 06:20 | Read:104 | Comments:0 | Tags:Featured Malware reports Backdoor Botnets honeypot Internet

Agent 1433: remote attack on Microsoft SQL Server

All over the world companies large and small use Microsoft SQL Server for database management. Highly popular yet insufficiently protected, this DBMS is a target of choice for hacking. One of the most common attack on Microsoft SQL Server — the remote attack based on malicious jobs — has been around for a long time, but it is still used to get access to work
Publish At:2019-09-19 18:20 | Read:180 | Comments:0 | Tags:Research Backdoor Microsoft SQL Passwords Trojan

Silence – a new Trojan attacking financial organizations

More information about the Silence Trojan is available to customers of Kaspersky Intelligence Reporting Service. Contact: intelreports@kaspersky.com In September 2017, we discovered a new targeted attack on financial institutions. Victims are mostly Russian banks but we also found infected organizations in Malaysia and Armenia. The attackers were using a kno
Publish At:2017-11-01 18:25 | Read:3607 | Comments:0 | Tags:Featured Research Backdoor Dropper Financial malware Targete

ATMii: a small but effective ATM robber

While some criminals blow up ATMs to steal cash, others use less destructive methods, such as infecting the ATM with malware and then stealing the money. We have written about this phenomenon extensively in the past and today we can add another family of malware to the list – Backdoor.Win32.ATMii. ATMii was first brought to our attention in April 2017,
Publish At:2017-10-21 15:05 | Read:2888 | Comments:0 | Tags:Research ATM Backdoor Financial malware

SYSCON Backdoor Uses FTP as a C&C Channel

By Jaromir Horejsi (Threat Researcher) Bots can use various methods to establish a line of communication between themselves and their command-and-control (C&C) server. Usually, these are done via HTTP or other TCP/IP connections. However, we recently encountered a botnet that uses a more unusual method: an FTP server that, in effect, acts as a C&C se
Publish At:2017-10-05 23:30 | Read:4169 | Comments:0 | Tags:Malware backdoor FTP SYSCON

Experts discovered a SYSCON Backdoor using FTP Server as C&C

Security researchers with Trend Micro discovered a backdoor dubbed SYSCON that uses an FTP server for command and control (C&C) purposes. The SYSCON backdoor is spreading through tainted documents that refer North Korea and target individuals connected to the Red Cross and the World Health Organization. The use of an FTP server as C&C is uncommon fo
Publish At:2017-10-05 17:05 | Read:4805 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware backdoor botnet Cy

Crooks spreads backdoor devised as a security WordPress Plugin

Experts from Sucuri discovered crooks are spreading a fake WordPress plugin dubbed X-WP-SPAM-SHIELD-PRO containing a backdoor. A fake WordPress plugin dubbed X-WP-SPAM-SHIELD-PRO containing a backdoor was spread by crooks abusing the popularity of WP-SpamShield Anti-Spam, a WordPress antispam tool. The WP-SpamShield Anti-Spam plugin has over 100,000 installs
Publish At:2017-09-30 07:30 | Read:2803 | Comments:0 | Tags:Breaking News Hacking Malware backdoor fake plugin Wordpress

CCleaner hackers targeted tech giants with a second-stage malware

The threat actor that recently compromised the supply chain of the CCleaner software targeted at least 20 tech firms with a second-stage malware. The threat actor that recently compromised the supply chain of the CCleaner software to distribute a tainted version of the popular software targeted at least 20 major international technology firms with a second-
Publish At:2017-09-22 14:45 | Read:2340 | Comments:0 | Tags:APT Breaking News Cyber Crime Hacking Malware APT17 backdoor

Expert disclosed 10 zero-day vulnerabilities in D-Link DIR 850L wireless routers

The security researcher Pierre Kim has discovered ten critical zero-day vulnerabilities in D-Link DIR 850L routers and invites users to stop using them. The security researcher Pierre Kim has discovered ten critical zero-day vulnerabilities in routers from networking equipment manufacturer D-Link that open owners to cyber attacks. The flawed devices are the
Publish At:2017-09-11 20:30 | Read:3157 | Comments:0 | Tags:Breaking News Hacking backdoor D-Link DIR 850L wireless rout

ShadowPad in corporate networks

 ShadowPad, part 2: Technical Details (PDF) In July 2017, during an investigation, suspicious DNS requests were identified in a partner’s network. The partner, which is a financial institution, discovered the requests originating on systems involved in the processing of financial transactions. Further investigation showed that the sour
Publish At:2017-08-15 14:15 | Read:3472 | Comments:0 | Tags:Featured Research Backdoor DNS Software supply-chain attack

Malware campaign targets Russian-Speaking companies with a new Backdoor

Trend Micro spotted a new espionage campaign that has been active for at least 2 months and that is targeting Russian-speaking firms with a new backdoor Security experts at Trend Micro have spotted a new cyber espionage campaign that has been active for at least two months and that is targeting Russian-speaking enterprises delivering a new Windows-based back
Publish At:2017-08-11 16:10 | Read:3194 | Comments:0 | Tags:Breaking News Hacking Malware backdoor malware Russia Squibl

Backdoor-carrying Emails Set Sights on Russian-speaking Businesses

by Lenart Bermejo, Ronnie Giagone, Rubio Wu, and Fyodor Yarochkin  A malicious email campaign against Russian-speaking enterprises is employing a combination of exploits and Windows components to deliver a new backdoor that allows attackers to take over the affected system. The attack abuses various legitimate Windows components to run unauthorized scripts;
Publish At:2017-08-07 10:55 | Read:2988 | Comments:0 | Tags:Exploits Malware backdoor CVE-2017-0199 JavaScript Powershel

Black Hat 2017 – GitPwnd tool could be used by attackers to communicate with compromised devices via Git repositor

Black Hat 2017 – Security experts develop GitPwnd, a tool that could be used by attackers to communicate with compromised devices via Git repositories. Even if the Black Hat conference was ended a few days ago, here we are discussing interesting talks of cyber security experts that participated at the event. Clint Gibler, a security researcher at NCC G
Publish At:2017-08-04 21:15 | Read:3296 | Comments:0 | Tags:Breaking News Hacking backdoor cyber espionage GitHub GitPwn

CowerSnail, from the creators of SambaCry

We recently reported about SambaCry, a new family of Linux Trojans exploiting a vulnerability in the Samba protocol. A week later, Kaspersky Lab analysts managed to detect a malicious program for Windows that was apparently created by the same group responsible for SambaCry. It was the common C&C server that both programs used – cl.ezreal.space:20480 – t
Publish At:2017-07-25 11:30 | Read:3896 | Comments:0 | Tags:Research Backdoor malware description Windows

Android Backdoor GhostCtrl can Silently Record Your Audio, Video, and More

by Lenart Bermejo, Jordan Pan, and Cedric Pernet The information-stealing RETADUP worm that affected Israeli hospitals is actually just part of an attack that turned out to be bigger than we first thought—at least in terms of impact. It was accompanied by an even more dangerous threat: an Android malware that can take over the device. Detected by Trend Micro
Publish At:2017-07-17 08:20 | Read:2731 | Comments:0 | Tags:Mobile android backdoor GhostCtrl OmniRAT

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud