Archive for the ‘Backdoor’ Category

Red TIM Research discovers a Command Injection with a 9,8 score on Resi

During the bug hunting activity, Red Team Research (RTR) detected 2 zero-day bugs on GEMINI-NET, a RESI Informatica solution. It’s been detected an OS Command Injection, which has been identified from NIST as a Critical one, its score is 9,8.  This vulnerability comes from a failure to check the parameters sent as inputs into the […]

Leave a Comment

Undetectable Backdoors in Machine-Learning Models

https://www.schneier.com/crypto-gram/archives/2022/0515.html#cg1 New paper: “Planting Undetectable Backdoors in Machine Learning Models“: Abstract: Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. We show how a malicious learner can plant an undetectable backdoor into a classifier. On the surface, such a backdoored classifier […]

Leave a Comment

Fileless SockDetour backdoor targets U.S.-based defense contractors

Researchers provided details about a stealthy custom malware dubbed SockDetour that targeted U.S.-based defense contractors. Cybersecurity researchers from Palo Alto Networks’ Unit 42 have analyzed a previously undocumented and custom backdoor tracked as SockDetour that targeted U.S.-based defense contractors. According to the experts, the SockDetour backdoor has been in the wild since at least July 2019. Unit 42 attributes […]

Leave a Comment

Sophisticated attackers used DazzleSpy macOS backdoor in watering hole attacks

The investigation started in November after Google TAG published a blogpost about watering-hole attacks targeting macOS users in Hong Kong. Google TAG researchers discovered that threat actors leveraged a zero-day vulnerability in macOS in a watering hole campaign aimed at delivering malware to users in Hong Kong. The attackers exploited a XNU privilege escalation vulnerability (CVE-2021-30869) unpatched in […]

Leave a Comment

Pegasus: Google reveals how the sophisticated spyware hacked into iPhones without user’s knowledge

Pegasus spyware was allegedly used by governments to spy upon prominent journalists, politicians and activists. A Google blog has revealed how the sophisticated software was used to attack iPhone users. The software used a vulnerability in iMessages to hack into iPhones without the user’s knowledge. The Pegasus spyware, developed by Israel’s NSO group, made headlines for being used by […]

Leave a Comment

The Pegasus project: key takeaways for the corporate world

Forbidden Stories, a Paris-based non-profit organisation that seeks to ensure the freedom of speech of journalists, recently announced that the Pegasus Project surveillance solution by the Israeli NSO Group selected 50,000 phone numbers for surveillance by its customers following a data leak.  The NSO Group has always maintained that the purpose of the Pegasus Project […]

Leave a Comment

Apple’s iPhone Backdoor

More on Apple’s iPhone Backdoor In this post, I’ll collect links on Apple’s iPhone backdoor for scanning CSAM images. Previous links are here and here. Apple says that hash collisions in its CSAM detection system were expected, and not a concern. I’m not convinced that this secondary system was originally part of the design, since it wasn’t discussed in the […]

Leave a Comment

Apple Adds a Backdoor to iMesssage and iCloud Storage

This is pretty shocking coming from Apple, which is generally really good about privacy. It opens the door for all sorts of other surveillance, since now that the system is build it can be used for all sorts of other messages. And it breaks end-to-end encryption, despite Apple’s denials: Does this break end-to-end encryption in Messages? […]

Leave a Comment

FBI/AFP-Run Encrypted Phone

If there is any moral to this, it’s one that all of my blog readers should already know: trust is essential to security. And the number of people you need to trust is larger than you might originally think. For an app to be secure, you need to trust the hardware, the operating system, the […]

Leave a Comment

Siloscape, first known malware that drops a backdoor into Kubernetes clusters

Siloscape is a new strain of malware that targets Windows Server containers to execute code on the underlying node and spread in the Kubernetes cluster. Researchers from Palo Alto Networks have spotted a piece of malware that targets Windows Server containers to execute code on the underlying node and then drop a backdoor into Kubernetes clusters. […]

Leave a Comment

Backdoor Found in Codecov Bash Uploader

Developers have discovered a backdoor in the Codecov bash uploader. It’s been there for four months. We don’t know who put it there. Codecov said the breach allowed the attackers to export information stored in its users’ continuous integration (CI) environments. This information was then sent to a third-party server outside of Codecov’s infrastructure,” the company warned. Codecov’s […]

Leave a Comment

Hackers breached the PHP ‘s Git Server and inserted a backdoor in the source code

Threat actors hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a backdoor into the source code. Unknown attackers hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a backdoor into the source code. On March 28, the attackers pushed two commits to […]

Leave a Comment

Serious Security: Mac “XcodeSpy” backdoor takes aim at Xcode devs

Remember XcodeGhost? It was a pirated and malware-tainted version of Apple’s XCode development app that worked in a devious way. You may be wondering, as we did back in 2015, why anyone would download and use a pirated version of Xcode.app when the official version is available as a free download anyway. Nevertheless, this redistributed version of Xcode […]

Leave a Comment

More SolarWinds News

Leave a Comment

Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways

The username and password (zyfwp/PrOw!aN_fXp) were visible in one of the Zyxel firmware binaries. More than 100,000 Zyxel firewalls, VPN gateways, and access point controllers contain a hardcoded admin-level backdoor account that can grant attackers root access to devices via either the SSH interface or the web administration panel. The backdoor account, discovered by a […]

Leave a Comment