The malware takes aim at PostgreSQL database servers with never-before-seen techniques. An innovative Linux-based cryptocurrency mining botnet has been uncovered, which exploits a disputed PostgreSQL remote code-execution (RCE) vulnerability to compromise database servers. The malware is unusual and completely novel in a host of ways, researchers said. According to researchers . . . Read more
A new “TrickBoot” module scans for vulnerable firmware and has the ability to read, write and erase it on devices. The TrickBot malware has morphed once again, this time implementing functionality designed to inspect the UEFI/BIOS firmware of targeted systems. It marks a serious resurgence following an October takedown of . . . Read more
A raft of obfuscation techniques turn the heat up for the hacking-for-hire operation. The DeathStalker advanced persistent threat (APT) group has a hot new weapon: A highly stealthy backdoor that researchers have dubbed PowerPepper, used to spy on targeted systems. DeathStalker offers mercenary, espionage-for-hire services targeting the financial and legal . . . Read more
A strain of the 13-year old backdoor Bandook trojan has been spotted in an espionage campaign. A wave of targeted cyberattack campaigns bent on espionage is cresting around the globe, using a strain of a 13-year old backdoor trojan named Bandook. According to Check Point Research, Bandook was last spotted . . . Read more
The TA416 APT has returned in spear phishing attacks against a range of victims – from the Vatican to diplomats in Africa – with a new Golang version of its PlugX malware loader.
The modular malware is highly sophisticated but may not be able to capture credit-card info. ModPipe, a previously unknown backdoor, has been purpose-built to attack restaurant point-of-sale (PoS) solutions from Oracle. It’s notable for its unusual sophistication, according to researchers, evidenced by its multiple modules. The code is specifically taking . . . Read more
Turla has outfitted a trio of backdoors with new C2 tricks and increased interop, as seen in an attack on a European government.