Revealed: Daxin—‘China-Linked’ Advanced Stealth Backdoor

Revealed: Daxin—‘China-Linked’ Advanced Stealth Backdoor

Researchers unveil espionage malware from China: Daxin “is without doubt the most advanced piece of malware” they’ve seen from that country ...
Security Boulevard

Invisible rat: how Sentry, Datadog, and others used by XSS and JavaScript malware

We all know how it’s convenient to use tools like Sentry or Datadogs for JavaScript events monitoring. It allows to catch errors in real-time, organize and manage issues resolution process, and genuinely ...
SEC-T 0x0D: Erik Hjelmvik - Hiding in Plain Sight - How the SolarWinds Hack Went Undetected

How the SolarWinds Hack (almost) went Undetected

My lightning talk from the SEC-T 0x0D conference has now been published on YouTube. This 13 minute talk covers tactics and techniques that the SolarWinds hackers used in order to avoid being ...

Secret backdoor allegedly lets the REvil ransomware gang scam its own affiliates

REvil is one of the most notorious ransomware groups in the world. Also known as Sodin and Sodinokibi, REvil has made a name for itself extorting large amounts of money from businesses, ...
SolarWinds

Patch Management in the Post-SolarWinds Era

The SolarWinds breach, in which hackers inserted malware into software updates sent to thousands of customers and created a backdoor to their IT systems, suggests organizations need to seriously rethink patch management ...
Security Boulevard
SolarWinds Backdoor State Diagram

Targeting Process for the SolarWinds Backdoor

The SolarWinds Orion backdoor, known as SUNBURST or Solorigate, has been analyzed by numerous experts from Microsoft, FireEye and several anti-virus vendors. However, we have noticed that many of the published reports ...
Zyxel

Zyxel’s Ridiculous Backdoor: Happy New Year, Now Patch Your Gear

| | backdoor, SB Blogwatch, ZyXel
Zyxel, maker of networking gear, “accidentally” introduced a backdoor into its latest firmware, giving hackers access to the networks of businesses and government agencies ...
Security Boulevard
Huawei Linux

Best of 2020: Was This Huawei’s Failed Attempt at a Linux Backdoor?

A Huawei employee submitted a large, buggy patch to the Linux kernel—apparently it contained a “trivially exploitable” security hole ...
Security Boulevard
SolarWinds/SUNBURST Backdoor, Third-Party and Supply Chain Security

SolarWinds/SUNBURST Backdoor, Third-Party and Supply Chain Security

In episode 152 for December 21st 2020: A discussion about the SolarWinds Orion backdoor, third-party security, and the threat of supply chain attacks with co-host Kevin Johnson. ** Links mentioned on the ...
SunburstDomainDecoder.exe output showing int.lukoil-international.uz tr.technion.ac.il rst.atlantis-pak.ru ci.dublin.ca.us and mutualofomahabank.com

Reassembling Victim Domain Fragments from SUNBURST DNS

We are releasing a free tool called SunburstDomainDecoder today, which is created in order to help CERT organizations identify victims of the trojanized SolarWinds software update, known as SUNBURST or Solorigate. SunburstDomainDecoder ...