Security
Headlines
HeadlinesLatestCVEs

Tag

#backdoor

CVE-2022-30885: code execution backdoor · Issue #39 · esdc-esac-esa-int/pyesasky

** Reserved ** The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.0-1.4.2.

CVE
Open in Source
#backdoor
CVE-2022-32997: code execution backdoor · Issue #206 · miranov25/RootInteractive

The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

CVE-2013-1916: Offensive Security’s Exploit Database Archive

In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved.

Backdoor.Win32.InfecDoor.17.c MVID-2022-0614 Insecure Permissions

Backdoor.Win32.InfecDoor.17.c malware suffers from an insecure permissions vulnerability.

Backdoor.Win32.Shark.btu MVID-2022-0615 Insecure Permissions

Backdoor.Win32.Shark.btu malware suffers from an insecure permissions vulnerability.

Chinese Hackers Distributing Nim language Malware in SMS Bomber Tool

By Deeba Ahmed This newly discovered malware campaign is attributed to a Chinese hacking group called Tropic Trooper. Cybersecurity researchers at… This is a post from HackRead.com Read the original post: Chinese Hackers Distributing Nim language Malware in SMS Bomber Tool

Multiple Backdoored Python Libraries Caught Stealing AWS Secrets and Keys

Researchers have discovered a number of malicious Python packages in the official third-party software repository that are engineered to exfiltrate AWS credentials and environment variables to a publicly exposed endpoint. The list of packages includes loglib-modules, pyg-modules, pygrata, pygrata-utils, and hkg-sol-utils, according to Sonatype security researcher Ax Sharma. The packages and as

New 'Quantum' Builder Lets Attackers Easily Create Malicious Windows Shortcuts

A new malware tool that enables cybercriminal actors to build malicious Windows shortcut (.LNK) files has been spotted for sale on cybercrime forums. Dubbed Quantum Lnk Builder, the software makes it possible to spoof any extension and choose from over 300 icons, not to mention support UAC and Windows SmartScreen bypass as well as "multiple payloads per .LNK" file. Also offered are capabilities

5 Tips for Protecting Your Phone from Malware

By Deeba Ahmed Most people today depend on their phones entirely. Aside from being a portal to our social life, they… This is a post from HackRead.com Read the original post: 5 Tips for Protecting Your Phone from Malware

Chinese Hackers Distributing SMS Bomber Tool with Malware Hidden Inside

A threat cluster with ties to a hacking group called Tropic Trooper has been spotted using a previously undocumented malware coded in Nim language to strike targets as part of a newly discovered campaign. The novel loader, dubbed Nimbda, is "bundled with a Chinese language greyware 'SMS Bomber' tool that is most likely illegally distributed in the Chinese-speaking web," Israeli cybersecurity