HackDig : Dig high-quality web security articles for hacker

Silence – a new Trojan attacking financial organizations

More information about the Silence Trojan is available to customers of Kaspersky Intelligence Reporting Service. Contact: intelreports@kaspersky.com In September 2017, we discovered a new targeted attack on financial institutions. Victims are mostly Russian banks but we also found infected organizations in Malaysia and Armenia. The attackers were using a kno
Publish At:2017-11-01 18:25 | Read:154 | Comments:0 | Tags:Featured Research Backdoor Dropper Financial malware Targete

ATMii: a small but effective ATM robber

While some criminals blow up ATMs to steal cash, others use less destructive methods, such as infecting the ATM with malware and then stealing the money. We have written about this phenomenon extensively in the past and today we can add another family of malware to the list – Backdoor.Win32.ATMii. ATMii was first brought to our attention in April 2017,
Publish At:2017-10-21 15:05 | Read:118 | Comments:0 | Tags:Research ATM Backdoor Financial malware

SYSCON Backdoor Uses FTP as a C&C Channel

By Jaromir Horejsi (Threat Researcher) Bots can use various methods to establish a line of communication between themselves and their command-and-control (C&C) server. Usually, these are done via HTTP or other TCP/IP connections. However, we recently encountered a botnet that uses a more unusual method: an FTP server that, in effect, acts as a C&C se
Publish At:2017-10-05 23:30 | Read:261 | Comments:0 | Tags:Malware backdoor FTP SYSCON

Experts discovered a SYSCON Backdoor using FTP Server as C&C

Security researchers with Trend Micro discovered a backdoor dubbed SYSCON that uses an FTP server for command and control (C&C) purposes. The SYSCON backdoor is spreading through tainted documents that refer North Korea and target individuals connected to the Red Cross and the World Health Organization. The use of an FTP server as C&C is uncommon fo
Publish At:2017-10-05 17:05 | Read:359 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware backdoor botnet Cy

Crooks spreads backdoor devised as a security WordPress Plugin

Experts from Sucuri discovered crooks are spreading a fake WordPress plugin dubbed X-WP-SPAM-SHIELD-PRO containing a backdoor. A fake WordPress plugin dubbed X-WP-SPAM-SHIELD-PRO containing a backdoor was spread by crooks abusing the popularity of WP-SpamShield Anti-Spam, a WordPress antispam tool. The WP-SpamShield Anti-Spam plugin has over 100,000 installs
Publish At:2017-09-30 07:30 | Read:296 | Comments:0 | Tags:Breaking News Hacking Malware backdoor fake plugin Wordpress

CCleaner hackers targeted tech giants with a second-stage malware

The threat actor that recently compromised the supply chain of the CCleaner software targeted at least 20 tech firms with a second-stage malware. The threat actor that recently compromised the supply chain of the CCleaner software to distribute a tainted version of the popular software targeted at least 20 major international technology firms with a second-
Publish At:2017-09-22 14:45 | Read:297 | Comments:0 | Tags:APT Breaking News Cyber Crime Hacking Malware APT17 backdoor

Expert disclosed 10 zero-day vulnerabilities in D-Link DIR 850L wireless routers

The security researcher Pierre Kim has discovered ten critical zero-day vulnerabilities in D-Link DIR 850L routers and invites users to stop using them. The security researcher Pierre Kim has discovered ten critical zero-day vulnerabilities in routers from networking equipment manufacturer D-Link that open owners to cyber attacks. The flawed devices are the
Publish At:2017-09-11 20:30 | Read:392 | Comments:0 | Tags:Breaking News Hacking backdoor D-Link DIR 850L wireless rout

ShadowPad in corporate networks

 ShadowPad, part 2: Technical Details (PDF) In July 2017, during an investigation, suspicious DNS requests were identified in a partner’s network. The partner, which is a financial institution, discovered the requests originating on systems involved in the processing of financial transactions. Further investigation showed that the sour
Publish At:2017-08-15 14:15 | Read:697 | Comments:0 | Tags:Featured Research Backdoor DNS Software supply-chain attack

Malware campaign targets Russian-Speaking companies with a new Backdoor

Trend Micro spotted a new espionage campaign that has been active for at least 2 months and that is targeting Russian-speaking firms with a new backdoor Security experts at Trend Micro have spotted a new cyber espionage campaign that has been active for at least two months and that is targeting Russian-speaking enterprises delivering a new Windows-based back
Publish At:2017-08-11 16:10 | Read:426 | Comments:0 | Tags:Breaking News Hacking Malware backdoor malware Russia Squibl

Backdoor-carrying Emails Set Sights on Russian-speaking Businesses

by Lenart Bermejo, Ronnie Giagone, Rubio Wu, and Fyodor Yarochkin  A malicious email campaign against Russian-speaking enterprises is employing a combination of exploits and Windows components to deliver a new backdoor that allows attackers to take over the affected system. The attack abuses various legitimate Windows components to run unauthorized scripts;
Publish At:2017-08-07 10:55 | Read:391 | Comments:0 | Tags:Exploits Malware backdoor CVE-2017-0199 JavaScript Powershel

Black Hat 2017 – GitPwnd tool could be used by attackers to communicate with compromised devices via Git repositor

Black Hat 2017 – Security experts develop GitPwnd, a tool that could be used by attackers to communicate with compromised devices via Git repositories. Even if the Black Hat conference was ended a few days ago, here we are discussing interesting talks of cyber security experts that participated at the event. Clint Gibler, a security researcher at NCC G
Publish At:2017-08-04 21:15 | Read:860 | Comments:0 | Tags:Breaking News Hacking backdoor cyber espionage GitHub GitPwn

CowerSnail, from the creators of SambaCry

We recently reported about SambaCry, a new family of Linux Trojans exploiting a vulnerability in the Samba protocol. A week later, Kaspersky Lab analysts managed to detect a malicious program for Windows that was apparently created by the same group responsible for SambaCry. It was the common C&C server that both programs used – cl.ezreal.space:20480 – t
Publish At:2017-07-25 11:30 | Read:338 | Comments:0 | Tags:Research Backdoor malware description Windows

Android Backdoor GhostCtrl can Silently Record Your Audio, Video, and More

by Lenart Bermejo, Jordan Pan, and Cedric Pernet The information-stealing RETADUP worm that affected Israeli hospitals is actually just part of an attack that turned out to be bigger than we first thought—at least in terms of impact. It was accompanied by an even more dangerous threat: an Android malware that can take over the device. Detected by Trend Micro
Publish At:2017-07-17 08:20 | Read:334 | Comments:0 | Tags:Mobile android backdoor GhostCtrl OmniRAT

Honeypots and the Internet of Things

There were a number of incidents in 2016 that triggered increased interest in the security of so-called IoT or ‘smart’ devices. They included, among others, the record-breaking DDoS attacks against the French hosting provider OVH and the US DNS provider Dyn. These attacks are known to have been launched with the help of a massive botnet made up o
Publish At:2017-06-19 09:35 | Read:634 | Comments:0 | Tags:Featured Research Backdoor Botnets DDoS-attacks honeypot Int

SambaCry is coming

Not long ago, news appeared online of a younger sibling for the sensational vulnerability EternalBlue. The story was about a new vulnerability for *nix-based systems – EternalRed (aka SambaCry). This vulnerability (CVE-2017-7494) relates to all versions of Samba, starting from 3.5.0, which was released in 2010, and was patched only in the latest versions of
Publish At:2017-06-10 04:35 | Read:639 | Comments:0 | Tags:Featured Research Backdoor Cryptocurrencies Vulnerabilities

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud