Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
med-mastodon.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
Medical community on Mastodon

Administered by:

Server stats:

416
active users

med-mastodon.com: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#backdoor

3 posts3 participants0 posts today
Replied to cryptrz :opensource:
Public *
Kevin Karhan :verified:

@cryptrz add to that the fact that the #CryptoAPI is #backdoored and that said #backdoor can be triggered with a simple #HTTPS request in any #Browser [except #Firefox & #TorBrowser as they use #NSS instead!] (or #PowerShell's horrible wget implementation)...

And we have sufficient proof thaf #Windows is a #Govware that noone should use and that should be banned across the globe.

github.com/kkarhan/windows-ca-

Fixes a critical backdoor in Windows' CryptoAPI, which allows to unconsenting Update of CA Certificates in the background. See https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefae...
GitHubGitHub - kkarhan/windows-ca-backdoor-fix: Fixes a critical backdoor in Windows' CryptoAPI, which allows to unconsenting Update of CA Certificates in the background. See https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefaehrden-SSL-Verschluesselung-2317589.htmlFixes a critical backdoor in Windows' CryptoAPI, which allows to unconsenting Update of CA Certificates in the background. See https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefae...
Public
cryptrz :opensource:

#Windows #RDP lets you log in using revoked passwords. #Microsoft is OK with that.

Researchers say the behavior amounts to a persistent #backdoor.

In response, Microsoft said the behavior is a “a design decision (...) As such, Microsoft said the behavior doesn’t meet the definition of a #security #vulnerability, and company engineers have no plans to change it.

arstechnica.com/security/2025/

RDP
Public
OTX Bot

Earth Kasha Updates TTPs in Latest Campaign Targeting Taiwan and Japan

Earth Kasha, an APT group believed to be part of APT10, has launched a new campaign in March 2025 targeting government agencies and public institutions in Taiwan and Japan. The campaign uses spear-phishing to deliver an updated version of the ANEL backdoor, potentially for espionage purposes. Key updates include a new command to support BOF execution in memory and the use of SharpHide for persistence. The second-stage backdoor, NOOPDOOR, now supports DNS over HTTPS for C&C communications. The attack chain involves compromised email accounts, malicious Excel files, and various evasion techniques. This campaign demonstrates Earth Kasha's continued evolution and poses significant geopolitical implications.

Pulse ID: 6813da43537c3d86e6ba3ca2
Pulse Link: otx.alienvault.com/pulse/6813d
Pulse Author: AlienVault
Created: 2025-05-01 20:32:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#APT10#BackDoor#CandC
Public
#cryptohagen

#Telegram founder and CEO Pavel Durov has taken a page out of #Signal book and says he'll pull the app out of France if officials demand an encryption #backdoor
t.me/durov/410 (on Telegram)

TelegramDu Rove's Channel😲 Last month, France nearly banned encryption. A law requiring messaging apps to implement a backdoor for police access to private messages was passed by the Senate. Luckily, it was shot down by the National Assembly. Yet 3 days ago the Paris Police Prefect advocated for it again. 🤦‍♂️ The members of the National Assembly were wise to reject a law that would have made France the first country in the world to strip its citizens of their right to privacy. Even countries that many Europeans view as lacking in freedoms have never banned encryption. Why? Because it’s technically impossible to guarantee that only the police can access a backdoor. Once introduced, a backdoor can be exploited by other parties — from foreign agents to hackers. As a result, the private messages of all law abiding citizens can get compromised. Aimed at preventing drug trafficking, the law wouldn’t have helped fight crime anyway. Even if mainstream encrypted apps had been weakened by a backdoor, criminals could still communicate securely…
Public
OTX Bot

Sophisticated backdoor mimicking secure networking software updates

A sophisticated backdoor targeting Russian organizations in government, finance, and industrial sectors has been discovered. The malware masquerades as updates for ViPNet, a secure networking software suite. It is distributed via LZH archives containing legitimate and malicious files. The backdoor exploits a path substitution technique to execute a malicious loader, which then decrypts and loads a versatile payload capable of connecting to a C2 server, stealing files, and launching additional malicious components. The complexity of this attack highlights the need for multi-layered security measures to protect against advanced persistent threats.

Pulse ID: 6807bc7e44edbbe6afa50132
Pulse Link: otx.alienvault.com/pulse/6807b
Pulse Author: AlienVault
Created: 2025-04-22 15:57:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#BackDoor#CyberSecurity#Government
Public
OTX Bot

New version of MysterySnail RAT and lightweight MysteryMonoSnail backdoor

A new version of the MysterySnail RAT, attributed to the Chinese-speaking IronHusky APT group, has been detected targeting government organizations in Mongolia and Russia. The malware, which hadn't been publicly reported since 2021, now features a modular architecture with five additional DLL modules for command execution. A lightweight version dubbed MysteryMonoSnail was also observed. The infection chain involves a malicious MMC script, an intermediary backdoor, and the main MysterySnail RAT payload. The attackers use public file storage and the piping-server project for command and control. This case highlights the importance of maintaining vigilance against seemingly obsolete malware families, as they may continue operating undetected for extended periods.

Pulse ID: 6800fcd0995e011520970651
Pulse Link: otx.alienvault.com/pulse/6800f
Pulse Author: AlienVault
Created: 2025-04-17 13:06:24

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#BackDoor#Chinese#CyberSecurity
Replied in thread
Public
Kevin Karhan :verified:

@adisonverlice it's not just re: #Governments (tho #Project2025 explicitly endorses unsactioned comms to twart attempts at #FIOA or any #accountability for that matter), but individuals or any organization:

And if #EncroChat got pwned, who's gonna guarantee @signalapp won't if it's actually secure or isn't an #InsideJob like #ANØM.

After all, both #Signal's Organization and key people like @Mer__edith are known to the authorities by more than just their legal name.

  • What's gonna prevent #Trump from doing a "bag&drag" on her or getting his goons to put a gun on,the developers' heads and force them to,#d0x all users and #backdoor everything (if they didn't already got forced to have some "#LafwulInterception" gear in a closet like #Room641A...

After all, Signal can't pull the 5th and refuse to comply!

Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
Public
OTX Bot

BPFDoor Malware Uses BPF to Evade Detection and Control Linux Servers

BPFDoor is a stealthy, advanced backdoor malware that targets Linux systems by
abusing a powerful technology known as BPF (Berkeley Packet Filter). BPF is
normally used in cybersecurity tools for monitoring and filtering network traffic
efficiently, especially in cloud, telecom, finance, and container based
environments. It's also used by tools like Cilium, Falco, and Tracee for visibility
and threat detection. However, when used maliciously, BPF gives attackers the
ability to bypass firewalls and hide inside systems, making BPFDoor very hard
to detect.

Pulse ID: 67ff166c04a6a92ca5ef55f5
Pulse Link: otx.alienvault.com/pulse/67ff1
Pulse Author: cryptocti
Created: 2025-04-16 02:31:08

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#BackDoor#Cloud#CyberSecurity
Continued thread
Public
Nonilex

While NPR was unable to recover the code for that project, the name itself suggests that Wick could have been designing a #backdoor, or "Bdoor," to extract files from #NLRB's internal case management system, known as NxGen, acc/to several #cybersecurity experts who reviewed Berulis' conclusions.

…NxGen is an internal system that was designed specifically for the NLRB in-house, acc/to several of the engineers who created the tool….

#criminal#law#Trump
Public *
Frascote

Brasil precisa urgentemente regulamentar a entrada de robôs domésticos e criar uma equipe especial para INSPECIONAR esses dispositivos em busca de backdoors ocultos de fábrica, que não são informados pelos fabricantes.

Esses robôs irão habitar várias casas daqui a alguns anos e, caso venham com backdoor não-divulgado, poderão ser controlados em massa por atores mal-intencionados, que podem usar os robôs para atacarem pessoas, casas, edifícios, veículos, postes de luz, além de provocar intencionalmente acidentes e incêndios, enfim, causar a maior destruição dentro do país.

Robô com backdoor oculto pelo fabricante é como infiltrar inimigos no país e, depois de um tempo, ordenar esses inimigos a destruirem o país por dentro. É algo extremamente grave, uma questão séria de soberania nacional!

#backdoor#malware#robots
ExploreLive feeds
About