News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

MadMxShell: New backdoor threat
B2B Cyber ​​Security ShortNews

The backdoor MadMxShell attempts to gain access to IT environments via fake IP scanners and IP management software domains. The wrong domains are distributed via Google Ads campaigns. In early March 2024, security researchers from the Zscaler ThreatLabz team uncovered a new backdoor called MadMxShell, through which a previously unknown threat actor is attempting to gain access to IT environments via fake IP Scanner software domains. For this purpose, the method of typo-squatting was used and various similar-looking domains were registered that mimic the name of the popular port scanning software. These domain names were advertised via Google Ads campaigns and...

Read more

ArcaneDoor: Cisco espionage campaign discovered
B2B Cyber ​​Security ShortNews

Attackers target perimeter network devices, such as firewalls, to break into organizations. Cisco has identified the Line Runner and Line Dancer backdoors. These are 0-day vulnerabilities that admins should urgently patch. The backdoors belong to the identified ArcaneDoor campaign. Cisco has identified two vulnerabilities exploited in the ArcaneDoor campaign (CVE-2024-20353 CVSS 8.6 and CVE-2024-20359 CVSS 6.0). Patches for these vulnerabilities are already listed in published Cisco Security Advisories. ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting perimeter network devices from various vendors. Perimeter network devices are…

Read more

New Russian malware Kapeka discovered
B2B Cyber ​​Security ShortNews

The security experts at WithSecure have exposed Kapeka. The new malware appears to have ties to the Russian hacker group Sandworm. Several factors clearly indicate that the development and use of the malware are related to the Russia-Ukraine war: the timing, the locations, and the likely connection to the Russian Sandworm group. Threat intelligence researchers at WithSecure™ (formerly F-Secure Business) have discovered a novel malware that has been used in attacks on targets in Central and Eastern Europe since at least mid-2022. The malware, called Kapeka, can be linked to a group called Sandworm. Sandworm...

Read more

XZ vulnerability: free XZ backdoor scanner
Bitdefender_News

Bitdefender Labs offers a free scanner that companies can use to check their IT systems for the CVE-29-2024 vulnerability in the widely used data compression library XZ Utils, which became known on March 2024, 3094. The free Bitdefender XZ Backdoor Scanner specifically searches for this vulnerability. Programmed in Go and initially tested on Fedora, Debian and a Debian container, it offers various advantages: Portability to various Linux systems without additional software installations Various scanning modes: In the preset fast scan mode, the tool searches for infected people systems and focuses on the liblzma library, which the respective SSH daemon…

Read more

2023: over 400.000 new malicious files per day
Kaspersky_news

It's just one manufacturer that's on the lookout for new malware around the clock: Kaspersky discovered an average of 2023 new malicious files per day in 411.000; this corresponds to an increase of almost three percent compared to the previous year. More than half (53 percent) of attacks involved malicious Microsoft Office and other types of documents. There has also been a significant increase in backdoor Trojans that can control infected systems - 40.000 discoveries were made every day this year. Kaspersky security solutions discovered an average of 2023 new malicious...

Read more

Constant threat of multi-malware attacks
Kaspersky_news

Since April 2023, there have been over 10.000 multi-malware attacks from backdoors, keyloggers and miners on more than 200 companies. In April 2023, the FBI reported on a multi-malware campaign in which cybercriminals attacked companies with miners, keyloggers and backdoors. Kaspersky experts further analyzed the campaign and found that it is still active. The cyberattacks identified by Kaspersky occurred between May and October of this year and primarily targeted government agencies, farms, and wholesale and retail companies. According to Kaspersky telemetry, the more than 10.000 attacks affected over 200 users, the majority...

Read more

Camaro Dragon hides backdoor in TP-Link router
Camaro Dragon hides backdoor in TP-Link router

Researchers from Check Point Research(CPR) were able to uncover a series of cyberattacks by the Chinese APT group "Camaro Dragon". A modified, malicious firmware for TP-Link routers was discovered, which includes a customized backdoor called "Horse Shell". Recently, Check Point Research (CPR) investigated a series of targeted cyberattacks on European foreign affairs agencies and traced them to a Chinese state-sponsored APT group dubbed the "Camaro Dragon" by CPR. These activities share significant infrastructural overlap with activities publicly associated with "Mustang Panda"...

Read more

New Trojan Pikabot
B2B Cyber ​​Security ShortNews

The malicious backdoor Pikabot is modular, with a loader and a core component that implements most of the functionality. A number of anti-analysis techniques are employed, making it difficult to detect malicious activity. The analysis found a similarity to Qakbot in terms of distribution mode, campaigns, and malware behavior, with no indication of whether they are the same malware authors. It is capable of receiving commands from a command-and-control server, which injects any shellcode, DLL, or executable file. Malicious Functionality After…

Read more

Infected version of VoIP program 3CX delivers backdoor
Kaspersky_news

Kaspersky experts analyzed the supply chain attack carried out via the popular VoIP program 3CXDesktopApp and installed an infostealer or backdoor. During the analysis, they found a suspicious dynamic link library (DLL) on one computer, which was loaded into the infected 3CXDesktopApp.exe process. Kaspersky experts launched an investigation into a case related to this DLL on March 21, about a week before the discovery of the supply chain attack. This DLL was used in deployments of the "Gopuram" backdoor and has been observed by Kaspersky since 2020....

Read more