News

Latest news on the subject of B2B cyber security >>> PR agencies: Add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Tag: backdoor

TA4557: Venom Spider targets HR departments
8 May 2025
| No comments
| Short news
B2B Cyber ​​Security ShortNews

TA4557, better known as Venom Spider, is increasingly exploiting phishing attacks and attempting to deploy its backdoor malware. The attacks are particularly targeting HR departments and recruiters, who are often desperately looking for staff. As part of its ongoing monitoring of the threat actor TA4557 (also known as Venom Spider), Arctic Wolf's threat research team has discovered a new campaign targeting HR departments and recruiters within companies. The threat group uses phishing techniques to deploy an enhanced version of a powerful backdoor called More_eggs on victims' devices. New group in focus: HR departments. Previously…

Read more

FamousSparrow: Hacker group spies again
1 May 2025
| No comments
| Short news
Eset_News

Security experts have uncovered new activities by the seemingly inactive hacker group "FamousSparrow." To gain access to networks, the hackers are using two improved versions of the "SparrowDoor" backdoor and the infamous "ShadowPad" backdoor for espionage. For a long time, the Chinese hacker group FamousSparrow was suspiciously quiet. This may have just been the calm before the storm, suspects IT security vendor ESET. Its researchers discovered new activities by the dangerous APT group, targeting high-profile targets in the US, Mexico, and Honduras. Those affected include a US trade group in the financial sector, a Mexican...

Read more

PlushDaemon: New Chinese APT group discovered
28. February 2025
| No comments
| Short news
Eset_News

The Chinese APT hacker group PlushDaemon attacks both companies and private users around the world. They use the "Slow Stepper" backdoor to spy on Windows computers and steal access data, among other things. Researchers have discovered a previously unknown Advanced Persistent Threat (APT) group: "PlushDaemon" is linked to China and has been active since at least 2019. The hackers use their "SlowStepper" hacking tool to carry out sophisticated cyber espionage attacks on Windows computers. During their attacks, they stole valuable information from private individuals and companies in East Asia, the USA and New Zealand. PlushDaemon comes into the system as a copycat PlushDaemon uses various…

Read more

Backdoor in surveillance monitor classified as vulnerability
13. February 2025
| No comments
| Short news
B2B Cyber ​​Security ShortNews

On January 30, the US cybersecurity agency CISA published an alert about a backdoor in medical monitoring monitors, which was supplemented by a notification from the US Food and Drug Administration (FDA). According to the alert, the Chinese-made Contec CMS8000 medical monitoring monitor and OEM white-label variants contain a backdoor that communicates with a Chinese IP address. Security researchers from Team82, the research division of cyber-physical systems (CPS) security specialist Claroty, examined the firmware and concluded that it is most likely NOT a hidden backdoor, but an insecure/vulnerable design that poses a high risk for...

Read more

Zero-day vulnerability allows remote access 
7 January 2025
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Arctic Wolf Labs Threat Intelligence Teams have observed new malicious activity related to the zero-day vulnerability in Cleo Managed File Transfer (MFT) software uncovered by Huntress. In December 2024, Arctic Wolf Labs identified a mass exploitation campaign in which attackers leveraged Cleo MFT solutions for unauthorized remote access. The attack chain consisted of an obfuscated PowerShell stager, a Java loader, and a Java-based backdoor that Arctic Wolf refers to as “Cleopatra.” The campaign began on December 7, 2024, and is still active. The Cleopatra backdoor enables in-memory file storage, supports Windows and Linux, and provides specific functionality to access…

Read more

Lazarus APT targets nuclear organizations with backdoor CookiePlus
1 January 2025
| No comments
| Kaspersky, PR News
Lazarus APT targets nuclear organizations with backdoor CookiePlus

Kaspersky experts have discovered that Lazarus APT is targeting nuclear organizations with a new CookiePlus malware. The new backdoor is disguised as a skills test for IT professionals and contains infected archive files. Lazarus' North Korea-aligned hackers are also behind many supply chain attacks. Lazarus' main operation - "Operation DreamJob" - is evolving with new, sophisticated tactics that have been in place for more than five years, according to Kaspersky's Global Research and Analysis Team (GReAT). The latest targets include employees of a nuclear-related organization, which has three compromised…

Read more

MadMxShell: New backdoor threat
25 May 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The backdoor MadMxShell attempts to gain access to IT environments via fake IP scanners and IP management software domains. The wrong domains are distributed via Google Ads campaigns. In early March 2024, security researchers from the Zscaler ThreatLabz team uncovered a new backdoor called MadMxShell, through which a previously unknown threat actor is attempting to gain access to IT environments via fake IP Scanner software domains. For this purpose, the method of typo-squatting was used and various similar-looking domains were registered that mimic the name of the popular port scanning software. These domain names were advertised via Google Ads campaigns and...

Read more

ArcaneDoor: Cisco espionage campaign discovered
9 May 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Attackers target perimeter network devices, such as firewalls, to break into organizations. Cisco has identified the Line Runner and Line Dancer backdoors. These are 0-day vulnerabilities that admins should urgently patch. The backdoors belong to the identified ArcaneDoor campaign. Cisco has identified two vulnerabilities exploited in the ArcaneDoor campaign (CVE-2024-20353 CVSS 8.6 and CVE-2024-20359 CVSS 6.0). Patches for these vulnerabilities are already listed in published Cisco Security Advisories. ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from various vendors. Perimeter network devices are…

Read more

New Russian malware Kapeka discovered
24 April 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The security experts at WithSecure have exposed Kapeka. The new malware appears to have ties to the Russian hacker group Sandworm. Several factors clearly indicate that the development and use of the malware are related to the Russia-Ukraine war: the timing, the locations, and the likely connection to the Russian Sandworm group. Threat intelligence researchers at WithSecure™ (formerly F-Secure Business) have discovered a novel malware that has been used in attacks on targets in Central and Eastern Europe since at least mid-2022. The malware, called Kapeka, can be linked to a group called Sandworm. Sandworm...

Read more

XZ vulnerability: free XZ backdoor scanner
15 April 2024
| No comments
| Bitdefender, Short news
Bitdefender_News

Bitdefender Labs offers a free scanner that companies can use to check their IT systems for the CVE-29-2024 vulnerability in the widely used data compression library XZ Utils, which became known on March 2024, 3094. The free Bitdefender XZ Backdoor Scanner specifically searches for this vulnerability. Programmed in Go and initially tested on Fedora, Debian and a Debian container, it offers various advantages: Portability to various Linux systems without additional software installations Various scanning modes: In the preset fast scan mode, the tool searches for infected people systems and focuses on the liblzma library, which the respective SSH daemon…

Read more

© 2025 MedPressIT Selinger
Cookie Settings