#backdoor

Microsoft on Thursday attributed the recent spate of ransomware incidents targeting transportation and logistics sectors in Ukraine and Poland to a threat cluster that shares overlaps with the Russian state-sponsored Sandworm group. The attacks, which were disclosed by the tech giant last month, involved a strain of previously undocumented malware called Prestige and is said to have taken place

Welcome to this week’s edition of the Threat Source newsletter. Tuesday was an absolute hammer for the infosec community. Not only did we have the US elections but we had Emotet returning and a regular Microsoft Tuesday release. That release always leads me to think about the bug

Security researchers see updated tactics and tools—and a tempo change—in the cyberattacks Russia’s GRU military intelligence agency is inflicting on Ukraine.

Backdoor.Win32.Aphexdoor.LiteSock malware suffers from a buffer overflow vulnerability.

Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. NOTE: Obsidian is a specific version of the Plesk product: version numbers were used through version 12, and then the convention was changed so that versions are identified by names ("Obsidian"), not numbers.

Hole-y software alert, Batman: Cybercriminal faves Citrix Gateway and VMware Workspace ONE have authentication-bypass bugs that could offer up total access to attackers.

Cryptocurrency users are being targeted with a new clipper malware strain dubbed Laplas by means of another malware known as SmokeLoader. SmokeLoader, which is delivered by means of weaponized documents sent through spear-phishing emails, further acts as a conduit for other commodity trojans like SystemBC and Raccoon Stealer 2.0, according to an analysis from Cyble. Observed in

An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel.

In the nearly two years since the company discovered the cyber intrusion, SolarWinds has fundamentally rearchitected its development environment to make it much harder to compromise, CISO Tim Brown tells Dark Reading.

The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0.