#backdoor

The ProLink PRS1841 home router suffers from having a backdoor account.

Microsoft's decision to block Visual Basic for Applications (VBA) macros by default for Office files downloaded from the internet has led many threat actors to improvise their attack chains in recent months. Now according to Cisco Talos, advanced persistent threat (APT) actors and commodity malware families alike are increasingly using Excel add-in (.XLL) files as an initial intrusion vector.

In December 2022, threat actors impersonated SentinelOne by uploading fake software development kits (SDKs) onto PyPI. The SDKs contain fully functional SentinelOne clients, but the packages also contained malicious backdoors that are only executed when called on programmatically, as opposed to during installation. The packages have since been taken down from PyPI.

BlueNoroff, a subcluster of the notorious Lazarus Group, has been observed adopting new techniques into its playbook that enable it to bypass Windows Mark of the Web (MotW) protections. This includes the use of optical disk image (.ISO extension) and virtual hard disk (.VHD extension) file formats as part of a novel infection chain, Kaspersky disclosed in a report published today. "BlueNoroff

Courier Deprixa version 2.5 has been reported as having a default backdoor account.

Consultine Consulting Business and Finance Website CMS version 1.8 has been reported as having a default backdoor account.

Car Dealer Pro version 2.01 has been reported as having a default backdoor account.

Botble version 5.28.3 has been reported as having a default backdoor account.

Active Ecommerce CMS version 6.4.0 has been reported as having a default backdoor account.

The ProLink PRS1841 home router suffers from having a backdoor account.