Threat Actor Impersonates USPS to Deliver Backdoor Malware

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. Source: www.threatpost.com

November 14, 2019
Read More >>

Platinum APT Shines Up New Titanium Backdoor

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. Source: https://threatpost.com

November 9, 2019
Read More >>

Titanium: the Platinum group strikes again

Platinum is one of the most technologically advanced APT actors with a traditional focus on the APAC region. During recent analysis we discovered Platinum using a new backdoor that we call Titanium (named after a password to one of the self-executable archives). Titanium is the final result of a sequence of dropping, downloading and installing stages. The malware hides at every step by mimicking common software (protection related, sound drivers…

November 8, 2019
Read More >>

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Security experts have a new malware, dubbed skip-2.0 used by the China-linked APT group to establish a backdoor in Microsoft SQL Server systems. Security experts at ESET have discovered a new malware, dubbed skip-2.0, used by the Chinese Winnti cyberespionage group to gain persistence on Microsoft SQL Server systems. The Winnti group was first spotted by […]

The post Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers appeared first on Security Affairs.

October 21, 2019
Read More >>

Fake UpdraftPlus WordPress Plugins used to backdoor sites

Threat actors leverage malicious plugins that hide in plain sight to backdoor WordPress websites and to use them for brute-forcing other sites. The use of fake WordPress plugins installed by hackers is not a novelty, recently at Sucuri observed multiple infections aimed at installing fake plugins with backdoor capabilities. Attackers use automated tools to create malicious WordPress […]

The post Fake UpdraftPlus WordPress Plugins used to backdoor sites appeared first on Security Affairs.

October 20, 2019
Read More >>