Crowdstrike researchers have documented Sunspot, a piece of malware used by the SolarWinds attackers to insert the Sunburst malware into the company’s Orion software. SolarWinds has also revealed a new timeline for the incident and the discovery of two customer support incidents that they believe may be related to the Sunburst malware being deployed on…

Web-phishing targeting various online services almost doubled during the COVID-19 pandemic: it accounted for 46 percent of the total number of fake web pages, Group-IB reveals. Ransomware, the headliner of the previous half-year, walked off stage: only 1 percent of emails analyzed contained this kind of malware. Every third email, meanwhile, contained spyware, which is…

Backdoors inevitably create vulnerabilities that can be exploited by malicious actors

73 percent of IT security professionals believe countries with government-mandated encryption backdoors are more susceptible to nation-state attacks. The Venafi survey on government-mandated encryption backdoors evaluated the opinions of 517 IT security professionals attending the RSA Conference 2019. “This is a tense moment for industry professionals because they know backdoors make our critical infrastructure more…

USA and China identified as top cyber attack sources

NSFOCUS released its H1 Cybersecurity Insights report, which analyzed traffic from January 1, 2018 to June 30, 2018. Crypto miners Since the end of March, the number of crypto mining activities has risen sharply compared to the beginning of 2018. Among all crypto miners, WannaMine was the most active, responsible for more than 70 percent…

New Mac backdoor using antiquated code

The first Mac malware of 2017 was brought to my attention by an IT admin, who spotted some strange outgoing network traffic from a particular Mac. This led to the discovery of a piece of malware unlike anything I’ve seen before, which appears to have actually been in existence, undetected, for some time, and which seems to…

Backdoor Uploaded to WordPress Sites via eCommerce Plugin Zero-Day

A zero-day vulnerability in an ecommerce plugin for WordPress has been exploited by cybercriminals to upload backdoors to affected websites, researchers warned. The ideal scenario for profit-driven hackers is to find and exploit security holes in plugins installed on hundreds of thousands or millions of websites. However, targeting a large number of less popular applications…