Cybersecurity researchers have disclosed details of two medium-security flaws in Mitel 6800/6900 desk phones that, if successfully exploited, could allow an attacker to gain root privileges on the devices. Tracked as CVE-2022-29854 and CVE-2022-29855 (CVSS score: 6.8), the access control issues were discovered by German penetration testing firm SySS, following which patches … [Read more...] about Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses
backdoor
Researchers Find Backdoor in School Management Plugin for WordPress
Multiple versions of a WordPress plugin by the name of "School Management Pro" harbored a backdoor that could grant an adversary complete control over vulnerable websites. The issue, spotted in premium versions before 9.9.7, has been assigned the CVE identifier CVE-2022-1609 and is rated 10 out of 10 for severity. The backdoor, which is believed to have existed since version … [Read more...] about Researchers Find Backdoor in School Management Plugin for WordPress
DeFi wallet with Lazarus backdoor
In mid-December last year, a suspicious file was uploaded to VirusTotal — the online service that scans files for malware. At first glance, it looked like a cryptocurrency wallet installer. But our experts analyzed it and found that, besides the wallet, it delivers malware to a user’s device. And it seems that the program isn’t the work of small-time crooks — but the infamous … [Read more...] about DeFi wallet with Lazarus backdoor
New “SockDetour” Fileless, Socketless Backdoor Targets U.S. Defense Contractors
Cybersecurity researchers have taken the wraps off a previously undocumented and stealthy custom malware called SockDetour that targeted U.S.-based defense contractors with the goal of being used as a secondary implant on compromised Windows hosts. "SockDetour is a backdoor that is designed to remain stealthily on compromised Windows servers so that it can serve as a backup … [Read more...] about New “SockDetour” Fileless, Socketless Backdoor Targets U.S. Defense Contractors
Russian Turla APT Group Deploying New Backdoor on Targeted Systems
State-sponsored hackers affiliated with Russia are behind a new series of intrusions using a previously undocumented implant to compromise systems in the U.S., Germany, and Afghanistan. Cisco Talos attributed the attacks to the Turla advanced persistent threat (APT) group, coining the malware "TinyTurla" for its limited functionality and efficient coding style that allows it to … [Read more...] about Russian Turla APT Group Deploying New Backdoor on Targeted Systems
Researchers Warn of Facefish Backdoor Spreading Linux Rootkits
Cybersecurity researchers have disclosed a new backdoor program capable of stealing user login credentials, device information and executing arbitrary commands on Linux systems. The malware dropper has been dubbed "Facefish" by Qihoo 360 NETLAB team owing its capabilities to deliver different rootkits at different times and the use of Blowfish cipher to encrypt communications … [Read more...] about Researchers Warn of Facefish Backdoor Spreading Linux Rootkits
Passwordstate Password Manager Update Hijacked to Install Backdoor on Thousands of PCs
Click Studios, the Australian software company behind the Passwordstate password management application, has notified customers to reset their passwords following a software supply chain attack. The Adelaide-based firm said a bad actor used sophisticated techniques to compromise the software's update mechanism and used it to drop malware on user computers. The breach is said to … [Read more...] about Passwordstate Password Manager Update Hijacked to Install Backdoor on Thousands of PCs
Cisco Secure Workload Immediate Actions in Response to “SUNBURST” Trojan and Backdoor
Background The SUNBURST trojan and backdoor, as dubbed by FireEye researchers, that has compromised multiple U.S. Government systems recently, highlights the complexity and connectedness of the modern enterprise IT environment as a security weakness. Recent reporting makes clear that the adversary took advantage of software complexity to deliver a highly refined attack … [Read more...] about Cisco Secure Workload Immediate Actions in Response to “SUNBURST” Trojan and Backdoor
Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products
Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices. The flaw, tracked as CVE-2020-29583 (CVSS score 7.8), affects version 4.60 present in wide-range of Zyxel devices, including Unified … [Read more...] about Secret Backdoor Account Found in Several Zyxel Firewall, VPN Products
New Evidence Suggests SolarWinds’ Codebase Was Hacked to Inject Backdoor
The investigation into how the attackers managed to compromise SolarWinds' internal network and poison the company's software updates is still underway, but we may be one step closer to understanding what appears to be a very meticulously planned and highly-sophisticated supply chain attack. A new report published by ReversingLabs today and shared in advance with The Hacker … [Read more...] about New Evidence Suggests SolarWinds’ Codebase Was Hacked to Inject Backdoor