backdoor

Revealed: Daxin—‘China-Linked’ Advanced Stealth Backdoor
Researchers unveil espionage malware from China: Daxin “is without doubt the most advanced piece of malware” they’ve seen from that country ...
Invisible rat: how Sentry, Datadog, and others used by XSS and JavaScript malware
We all know how it’s convenient to use tools like Sentry or Datadogs for JavaScript events monitoring. It allows to catch errors in real-time, organize and manage issues resolution process, and genuinely ...

How the SolarWinds Hack (almost) went Undetected
My lightning talk from the SEC-T 0x0D conference has now been published on YouTube. This 13 minute talk covers tactics and techniques that the SolarWinds hackers used in order to avoid being ...
Secret backdoor allegedly lets the REvil ransomware gang scam its own affiliates
REvil is one of the most notorious ransomware groups in the world. Also known as Sodin and Sodinokibi, REvil has made a name for itself extorting large amounts of money from businesses, ...

Patch Management in the Post-SolarWinds Era
The SolarWinds breach, in which hackers inserted malware into software updates sent to thousands of customers and created a backdoor to their IT systems, suggests organizations need to seriously rethink patch management ...

Targeting Process for the SolarWinds Backdoor
The SolarWinds Orion backdoor, known as SUNBURST or Solorigate, has been analyzed by numerous experts from Microsoft, FireEye and several anti-virus vendors. However, we have noticed that many of the published reports ...

Zyxel’s Ridiculous Backdoor: Happy New Year, Now Patch Your Gear
Zyxel, maker of networking gear, “accidentally” introduced a backdoor into its latest firmware, giving hackers access to the networks of businesses and government agencies ...

Best of 2020: Was This Huawei’s Failed Attempt at a Linux Backdoor?
A Huawei employee submitted a large, buggy patch to the Linux kernel—apparently it contained a “trivially exploitable” security hole ...

SolarWinds/SUNBURST Backdoor, Third-Party and Supply Chain Security
In episode 152 for December 21st 2020: A discussion about the SolarWinds Orion backdoor, third-party security, and the threat of supply chain attacks with co-host Kevin Johnson. ** Links mentioned on the ...

Reassembling Victim Domain Fragments from SUNBURST DNS
We are releasing a free tool called SunburstDomainDecoder today, which is created in order to help CERT organizations identify victims of the trojanized SolarWinds software update, known as SUNBURST or Solorigate. SunburstDomainDecoder ...