Security
Headlines
HeadlinesLatestCVEs

Tag

#backdoor

CVE-2022-42044: code execution backdoor · Issue #4 · dadadadada111/info

The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0.

CVE
Open in Source
#git#backdoor
CVE-2022-42043: code execution backdoor · Issue #5 · dadadadada111/info

The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0.

BazarCall Callback Phishing Attacks Constantly Evolving Its Social Engineering Tactics

The operators behind the BazaCall call back phishing method have continued to evolve with updated social engineering tactics to deploy malware on targeted networks. The scheme eventually acts as an entry point to conduct financial fraud or the delivery of next-stage payloads such as ransomware, cybersecurity company Trellix said in a report published last week. Primary targets of the latest

Zoom Phishing Scam Steals Microsoft Exchange Credentials

By Deeba Ahmed The phishing email, which was marked as safe by Microsoft, was aimed at 21,000 users of a national healthcare firm. This is a post from HackRead.com Read the original post: Zoom Phishing Scam Steals Microsoft Exchange Credentials

Researchers Detail Malicious Tools Used by Cyberespionage Group Earth Aughisky

A new piece of research has detailed the increasingly sophisticated nature of the malware toolset employed by an advanced persistent threat (APT) group named Earth Aughisky. "Over the last decade, the group has continued to make adjustments in the tools and malware deployments on specific targets located in Taiwan and, more recently, Japan," Trend Micro disclosed in a technical profile last week

Binance Hackers Minted $569M in Crypto—Then It Got Complicated

Plus: The US warns of a mysterious military contractor breach, a "poisoned" version of the Tor Browser is tracking Chinese users, and more.

CVE-2022-42092: Backdrop CMS 1.22.0 — Unrestricted File Upload (Themes)

Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution.

LofyGang Uses 100s of Malicious NPM Packages to Poison Open Source Software

The group has been operating for over a year, promoting their tools in hacking forums, stealing credit card information, and using typosquatting techniques to target open source software flaws.

LofyGang Distributed ~200 Malicious NPM Packages to Steal Credit Card Data

Multiple campaigns that distributed trojanized and typosquatted packages on the NPM open source repository have been identified as the work of a single threat actor dubbed LofyGang. Checkmarx said it discovered 199 rogue packages totaling thousands of installations, with the group operating for over a year with the goal of stealing credit card data as well as user accounts associated with

Hundreds of Microsoft SQL servers found to be backdoored

Categories: News Tags: Microsoft SQL Tags: brute force Tags: Maggie Tags: Extended Stored Procedure Researchers have found a backdoor that specifically targets Microsoft SQL servers. (Read more...) The post Hundreds of Microsoft SQL servers found to be backdoored appeared first on Malwarebytes Labs.