News • Insights • Analysis
The U.K has dropped its demand for special access to Apple’s cloud systems, or a “backdoor,” following negotiations with the Trump administration, according to U.S. National Intelligence Director Tulsi Gabbard. “As a result, the U.K. has agreed to drop its Read More …
Hundreds of ecommerce websites, including at least one major player, behemoth, have been compromised after poisoned Magento extensions woke up from a six-year slumber. Cybersecurity researchers Sansec discovered the supply chain attack after one of its clients was targeted, ultimately Read More …
Apple is challenging a U.K. Government data access order in the Investigatory Powers Tribunal (IPT), the Financial Times reports. The order targeted iCloud backups that are protected by end-to-end encryption. Aple responded by announcing it would end U.K. users’ access Read More …
Security officials in the United Kingdom have demanded that Apple create a back door allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud, people familiar with the matter told The Washington Post. The Read More …
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a medical product advisory for the Contec Health CMS8000 Patient Monitor to address one critical and two high severity vulnerabilities. The Contec CMS8000 is a patient monitor used to display Read More …
While investigating incidents related to Cleo software exploitation, Rapid7 Labs and MDR observed a novel, multi-stage attack that deploys an encoded Java Archive (JAR) payload. Our investigation revealed that the JAR file was part of a modular, Java-based Remote Access Read More …
European law enforcement agencies have taken down yet another encrypted messaging service mainly used by criminals. The Matrix encrypted messaging service was an invite-only service which was also marketed under the names Mactrix, Totalsec, X-quantum, or Q-safe. Dutch and French Read More …
Unit 42 researchers have been tracking the activity of an ongoing poisoned Python packages campaign delivering Linux and macOS backdoors via infected Python software packages. Unit 42 researchers named these infected software packages PondRAT. They’ve also found Linux variants of Read More …
In their first article on the XZ backdoor, Kaspersky researchers analyzed its code from initial infection to the function hooking it performs. As they mentioned then, its initial goal was to successfully hook one of the functions related to RSA Read More …
Since 2022, Trend Micro researchers have been investigating numerous targeted attacks in the Asia-Pacific region that used the same ELF backdoor. Most vendors identify this backdoor as a variant of existing malware such as Gh0st RAT or Rekoobe. However, Trend Read More …