Posts Tagged ‘backdoor’

ESET LogoESET Company has recently published a 69 page report containing the detailed analysis of an ongoing large-scale attack on servers running on Linux, FreeBSD and other Unix-like systems since 2011.

During the attack (the codename ‘Operation Windigo’) a group of cyber criminals has obtained control of more than 25,000 of servers in three years, 10,000 of which were brought down by tones of malware. (more…)

BackdoorHetzner technicians discovered a backdoor in one of our computer system.

Information security experts recommend that users change their password immediately.

Evening of June 6 German hosting company Hetzner has sent a letter to its customers with a notice of the incident safety. The notification host representatives reported that information security experts found a backdoor into one of the internal monitoring systems (Nagios).

“What started the investigation revealed that the administration interface for dedicated servers (Robot) was also compromised. Available on our current information suggests that part of our customer database has been copied from the outside, “ – says the letter. (more…)

Backdoor in TP-Link devices

Backdoor in TP-Link devices

Vulnerability: Backdoor in TP-Link devices

Danger level: Avarage
Patch: None
Number of vulnerabilities: 1

Vector of operation: Local Network
Impact: System Compromise

Be exploited: PoC code
Affected products:  TL-WR743ND, TL-DR4300.

Affected versions:  TL-WDR4300, TL-WR743ND (v1.2 v2.0). (more…)

Barracuda networksThe SEC Consult company found undocumented accounts in solutions of Barracuda Networks.

According to SEC Consult, in different software company Barracuda Networks was discovered backdoor. The notice referred to the existence of undocumented accounts, remote which can be accessed remotely via SSH.

Undocumented accounts associated with the “backend support mechanisms.” Support page for the manufacturer stated that he is not aware of operating accounts described SEC Consult, for malicious purposes.

“Our study confirms that an attacker with specific knowledge about the internal structure of the solutions Barracuda, to connect to an account that does not have the privileges of a small area of ​​IP addresses”, – stated in the notification producer. (more…)

Trend MicroAntivirus company Trend Micro today announced the discovery of a new class of malicious software backdoor aimed at infection HTTP-server implemented to work with Java.

Code allows attackers to execute malicious commands directed to the system in which the server is running. Threat, known as BKDR_JAVAWAR.JG, implemented as JSP (Java Server Page), that allows you to initially run malicious code on the Java-server and directly access the Java-servlet containers such as Apache Tomcat.

After the attacking code is started, a potential attacker can remotely access the server, view the files on it, edit, download or delete a common Web-based console. Something similar earlier appeared to PHP, but PHP-backdoors could not work with anything other than PHP interpreter.

“Besides the fact that the attacker can gain access to sensitive information, it can also infect the server by other malicious code and gain unauthorized access to other data,” – said in Trend Micro. (more…)

HackersBackdoor allowed hackers to gain administrative access to the SCADA-systems, owning only the IP-address of the device.

Industrial Company of New Jersey, USA, was the victim of hackers who broke into its automated control system (Industrial control system, ICS). Hackers gained access to the system through the backdoor, which was introduced by producer ICS.

According to the memorandum the FBI, hackers gained access to the control of heating and ventilation. Hackers are systematically unauthorized access to the ICS during February and March of this year, after a Twitter user under the alias @ ntisec, which is linked to organized burglary, posted a message on the need to strengthen the protection of SCADA systems.

Hackers used Shodan search engine to find systems Tridium Niagara, directly connected to the Internet. It was at issue was discovered Shodan IP-address of the company in New Jersey, which eventually affected. (more…)

Vulnerability

Backdoor in web-statistics Piwik

According to the developers, the malicious code has been available for download for 8 hours.

Unknown hackers managed to introduce a backdoor in the source code of the latest version of the popular web-analytics open source Piwik, pre-cracking official web-site of the project (http://piwik.org/). About this report the program developers.

Piwik is used to track and generate statistics about visitors to online resources, traffic, etc. Functionality of the system is much like the service Google Analytics, but it requires that the owners of the web-sites have installed it on their own servers.

Thus, users who downloaded and installed the update version 1.9.2 vechrom on Monday, November 26, from 18:43 UTC to 02:59 UTC, infect their system backdoor.

The malicious code was embedded in the file «piwik / core / Loader.php» and masked by base64-encryption for obfuscation traces.

“Users who have suffered from hackers, you need to make a backup copy of the file piwik / config / config.ini.php, delete the entire directory Piwik, download a new copy of the software from the official site and reinstalled it,” – is recommended. (more…)

Vulnerability

Backdoor in firmware

According to experts of the incident affects products Samsung and Dell.

As found in information security expert Neil Smith, a number of printer models, manufactured by Samsung, with a built a program that allows the manufacturer to support service to remotely connect to the device and to manage its settings, as well as diagnostics.

This functionality is hidden and, apparently, the developers did not intend to disclose the fact of his presence. However, at the time the information about the ‘backdoor’ went public, which, according to security experts, necessarily interested intruders.

It should be noted that the same problem found in some printers, manufactured by Dell. This is due to the fact that some products are produced according to the manufacturer signed a contract with Samsung.

According to Smith, the access to the system via SNMP-ID, open for writing and reading. But he did not see the list of SNMP-variables, but remains active even when the SNMP in the device settings. (more…)

phpMyAdminIn the latest version of phpMyAdmin is on SourceForge.net found backdoor.

PhpMyAdmin on the site published a report that the latest version of SQL-client phpMyAdmin, distributed resource SourceForge.net, contains backdoor.

Until recently, the mirror cdnetworks-kr-1 at SourceForge.net distribute modified versions of the client, the file contains a backdoor server_sync.php, as well as changes to the file js / cross_framing_protection.js. Discovered backdoor allows an attacker to remotely execute arbitrary PHP code.

At the time of publication of news producer knew only that a compromised version of phpMyAdmin-3.5.2.2-all-languages.zip. (more…)

phpMyAdminBackdoor in phpMyAdmin

Severity Rating: Critical
Number of vulnerabilities: 1
Impact: System Compromise
Affected products: phpMyAdmin 3.x
Affected versions: phpMyAdmin 3.5.2.2 (more…)