Security
Headlines
HeadlinesLatestCVEs

Tag

#backdoor

Massive 3CX Supply-Chain Hack Targeted Cryptocurrency Firms

North Korean hackers appear to have used the corrupted VoIP software to go after just a handful of crypto firms with “surgical precision.”

Wired
Open in Source
#mac#apple#backdoor
Crypto-Stealing OpcJacker Malware Targets Users with Fake VPN Service

A piece of new information-stealing malware called OpcJacker has been spotted in the wild since the second half of 2022 as part of a malvertising campaign. "OpcJacker's main functions include keylogging, taking screenshots, stealing sensitive data from browsers, loading additional modules, and replacing cryptocurrency addresses in the clipboard for hijacking purposes," Trend Micro researchers

Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation

Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems. This entails the abuse of CVE-2022-46169 (CVSS score: 9.8) and CVE-2021-35394 (CVSS score: 9.8) to deliver MooBot and ShellBot (aka PerlBot), Fortinet FortiGuard Labs said in a report published this week. CVE-2022-46169 relates to a critical

Hackers Exploiting WordPress Elementor Pro Vulnerability: Millions of Sites at Risk!

Unknown threat actors are actively exploiting a recently patched security vulnerability in the Elementor Pro website builder plugin for WordPress. The flaw, described as a case of broken access control, impacts versions 3.11.6 and earlier. It was addressed by the plugin maintainers in version 3.11.7 released on March 22. "Improved code security enforcement in WooCommerce components," the

Automatic Updates Deliver Malicious 3CX 'Upgrades' to Enterprises

In a Solar Winds-like attack, compromised, digitally signed versions of 3CX DesktopApp are landing on user systems via the vendor's update mechanism.

Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor

A Chinese state-sponsored threat activity group tracked as RedGolf has been attributed to the use of a custom Windows and Linux backdoor called KEYPLUG. "RedGolf is a particularly prolific Chinese state-sponsored threat actor group that has likely been active for many years against a wide range of industries globally," Recorded Future told The Hacker News. "The group has shown the ability to

3CX desktop app used in a supply chain attack

Categories: News Tags: 3CX Tags: supply-chain Tags: sideload Researchers have found that the 3CX desktop app may be compromised and used in supply chain attacks. (Read more...) The post 3CX desktop app used in a supply chain attack appeared first on Malwarebytes Labs.

Mélofée: The Latest Malware Targeting Linux Servers

By Deeba Ahmed An unidentified Chinese APT group is suspected of operating the Mélofée malware. This is a post from HackRead.com Read the original post: Mélofée: The Latest Malware Targeting Linux Servers

Beware of MacStealer: A New Malware Targeting macOS Catalina Devices

By Deeba Ahmed The new MacStealer malware is being advertised on a notorious Russian hacker and cybercrime forum. This is a post from HackRead.com Read the original post: Beware of MacStealer: A New Malware Targeting macOS Catalina Devices

Mélofée: Researchers Uncover New Linux Malware Linked to Chinese APT Groups

An unknown Chinese state-sponsored hacking group has been linked to a novel piece of malware aimed at Linux servers. French cybersecurity firm ExaTrack, which found three samples of the previously documented malicious software that date back to early 2022, dubbed it Mélofée. One of the artifacts is designed to drop a kernel-mode rootkit that's based on an open source project referred to as