@cR0w too many.

• Jist like there are way too many applications suceptible to the #CryptoAPI #backdoor of #Windows.

http://github.com/kkarhan/windows-ca-backdoor-fix

So far testing by @ct_Magazin / @heiseonline (and myseof later on) revealed only few #Apps not vulnerable to this specifics #Govware:

• #Firefox (uses @Mozilla / @mozilla_support / #Mozilla #NSS & has it's own #SSL certificate storage)
• @thunderbird (Mozilla NSS)
• @torproject / #TorBrowser (Mozilla NSS; custom certificates)
• #curl (uses @bagder #WolfSSL and manages it's own certs)

Anything else that uses the CryptoAPI is, espechally *all #Chromium-Forks (aka. All Browsers except Firefox, Tor Browser, #dillo, #LynxBrowser…)

@yura #Intel's #ManagementEngine & #AMT is a botched #BMC & #firmware-#backdoor...

Check out Nick's New Toy
https://medium.com/keeping-it-kinky/jills-first-time-butt-slut-db5a719b090d?utm_source=mastodon&utm_medium=social&utm_campaign=fedica-Medium
#ShortStory #Backdoor #Erotica

Check out Nick's New Toy
https://medium.com/keeping-it-kinky/jills-first-time-butt-slut-db5a719b090d?utm_source=mastodon&utm_medium=social&utm_campaign=fedica-Medium
#ShortStory #Backdoor #Erotica

@Tutanota what has a #backdoor to do with the #signalmessenger ?

Politicians around the world want to #backdoor #encryption. But #Signalgate 2.0 shows the danger would be HUGE.

We're saying #NoToBackdoors 💪

Read Hanna's opinion: Signalgate 2.0 proves it - there’s no such thing as a “Backdoor for the Good Guys Only”
👉 https://tuta.com/blog/opinion-signalgate

South African man imprisoned after ransom demand against his former employer - Lucky Erasmus and a company insider installed software without authorisation on Ecentric'... https://www.bitdefender.com/en-us/blog/hotforsecurity/south-african-man-imprisoned-after-ransom-demand-against-his-former-employer #securitythreats #insiderthreat #databreach #guestblog #lawℴ #backdoor

Great Britain: WhatsApp jumps to Apple's side in the crypto war

The UK wants to make iOS less secure by law, which also affects users in other countries. Meta subsidiary WhatsApp is taking legal action against this.

https://www.heise.de/en/news/Great-Britain-WhatsApp-jumps-to-Apple-s-side-in-the-crypto-war-10443884.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Apple #Backdoor #iOS #Verschlüsselung #Facebook #Mobiles #WhatsApp #news

Beware of AI Pickpockets: Pickai Backdoor Spreading Through ComfyUI Vulnerability

A new backdoor named Pickai is exploiting ComfyUI vulnerabilities to spread and steal sensitive AI data. Developed in C++, Pickai offers remote command execution and reverse shell capabilities with strong persistence and evasion techniques. It uses multiple C2 servers for redundancy and has infected nearly 700 devices globally. The malware is hosted on Rubick.ai, an AI e-commerce platform serving major brands, posing significant supply chain risks. Pickai employs various obfuscation methods, including string encryption, process disguise, and multiple persistence mechanisms. Its network communication uses a three-tier timing strategy for C2 communication and device information reporting.

Pulse ID: 684bd7d3b9ea8f2eadcc407c
Pulse Link: https://otx.alienvault.com/pulse/684bd7d3b9ea8f2eadcc407c
Pulse Author: AlienVault
Created: 2025-06-13 07:48:35

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #Encryption #InfoSec #Malware #OTX #OpenThreatExchange #PoC #RAT #RCE #RemoteCommandExecution #SMS #SupplyChain #Vulnerability #bot #AlienVault

Großbritanien: WhatsApp springt Apple im Kryptokrieg zur Seite

Großbritannien will iOS per Gesetz unsicherer machen, was auch Nutzer in anderen Ländern betrifft. Die Meta-Tochter WhatsApp geht juristisch dagegen vor.

https://www.heise.de/news/Grossbritanien-WhatsApp-springt-Apple-im-Kryptokrieg-zur-Seite-10443507.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Apple #Backdoor #iOS #Verschlüsselung #Facebook #Mobiles #WhatsApp #news

Falha grave no Windows foi explorada durante meses para atacar governos
🔗 https://tugatech.com.pt/t68027-falha-grave-no-windows-foi-explorada-durante-meses-para-atacar-governos

#ataque #backdoor #computador #governos #grave #internet #microsoft #segurança #servidor #vulnerabilidade #windows 

Eggs in a Cloudy Basket: Skeleton Spider's Trusted Cloud Malware Delivery

Skeleton Spider, also known as FIN6, is a financially motivated cybercrime group that has evolved from POS breaches to broader enterprise threats. They employ social engineering tactics, posing as job seekers on platforms like LinkedIn to deliver phishing messages. Their preferred payload is more_eggs, a JavaScript-based backdoor. The group uses trusted cloud services like AWS to host malicious infrastructure, evading detection. Their phishing emails impersonate job applicants, with domains mimicking real names. FIN6 employs sophisticated filtering techniques to ensure malware delivery only to intended targets. The more_eggs malware, developed by Venom Spider, allows for command execution and credential theft. Defense strategies include cautious handling of resume links, blocking execution of suspicious files, and implementing EDR policies.

Pulse ID: 68494c3a4501d98c52a609e9
Pulse Link: https://otx.alienvault.com/pulse/68494c3a4501d98c52a609e9
Pulse Author: AlienVault
Created: 2025-06-11 09:28:26

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AWS #BackDoor #Cloud #CyberCrime #CyberSecurity #EDR #Email #ICS #InfoSec #Java #JavaScript #LinkedIn #Malware #Mimic #OTX #OpenThreatExchange #Phishing #RAT #Rust #SocialEngineering #Venom #bot #AlienVault

Whispering in the dark

ESET researchers uncovered a cyberespionage campaign by BladedFeline, an Iran-aligned APT group likely tied to OilRig. The group has targeted Kurdish and Iraqi government officials since at least 2017, using various malicious tools including the Whisper backdoor, PrimeCache IIS module, and reverse tunnels. BladedFeline maintains persistent access to high-ranking officials in both the Kurdistan Regional Government and Iraqi government, likely for espionage purposes. The group's toolset includes sophisticated backdoors, webshells, and custom tunneling applications. ESET assesses with medium confidence that BladedFeline is a subgroup of OilRig, based on shared code, targets, and tactics. The campaign also extended to a telecommunications provider in Uzbekistan.

Pulse ID: 684874c7cbe4dbef4d0ff749
Pulse Link: https://otx.alienvault.com/pulse/684874c7cbe4dbef4d0ff749
Pulse Author: AlienVault
Created: 2025-06-10 18:09:11

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #Cyberespionage #ESET #Espionage #Government #ICS #InfoSec #Iran #OTX #OilRig #OpenThreatExchange #Telecom #Telecommunication #bot #AlienVault

More than 80 civil society groups, technologists, and companies—including @eff — have a message for the EU: There’s no encryption backdoor that only “good guys” can use. :everythingsfineparrot:

@EUCommission @EUCouncil https://www.eff.org/deeplinks/2025/06/eus-encryption-roadmap-makes-everyone-less-safe
#Privacy #Encryption #EU #Europeancommission #backdoor

Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets

The research outlines China-nexus threat actors targeting SentinelOne and other organizations between 2024 and 2025. It details intrusions into an IT services company managing SentinelOne's hardware logistics and reconnaissance of SentinelOne's servers. The attacks involved ShadowPad malware and a cluster of activities dubbed PurpleHaze, which included the use of GOREshell backdoors and exploitation of vulnerabilities. Over 70 organizations worldwide were compromised in a broad ShadowPad operation. The threat actors employed sophisticated techniques like operational relay box networks and custom obfuscation methods. The research emphasizes the persistent threat posed by Chinese cyberespionage to various sectors, including cybersecurity vendors.

Pulse ID: 6847eb4c4b4f501a31f255cd
Pulse Link: https://otx.alienvault.com/pulse/6847eb4c4b4f501a31f255cd
Pulse Author: AlienVault
Created: 2025-06-10 08:22:36

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #China #Chinese #CyberSecurity #Cyberespionage #Espionage #ICS #InfoSec #Malware #OTX #OpenThreatExchange #RAT #RESHELL #SentinelOne #ShadowPad #bot #AlienVault

🚨 Hidden backdoors found in npm packages allow attackers to remotely wipe entire systems, raising serious supply chain security concerns.

Read: https://hackread.com/backdoors-npm-packages-attackers-wipe-systems/

#CyberSecurity #NPM #Malware #Backdoor #DevOps

"Everyone knows all the apps on your phone."

Read, be disgusted.

https://peabee.substack.com/p/everyone-knows-what-apps-you-use

#privacy #android #backdoor #infosec

Threat Intelligence Disruption: BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes

HUMAN's Satori team uncovered and partially disrupted BADBOX 2.0, a complex fraud operation targeting over 1 million low-cost consumer devices worldwide. The scheme involves a backdoor pre-installed on devices or distributed through unofficial app marketplaces, allowing threat actors to conduct various fraudulent activities. These include selling residential proxy services, ad fraud through hidden ads and WebViews, and click fraud. Four main threat actor groups were identified: SalesTracker, MoYu, Lemon, and LongTV. The operation affects Android Open Source Project devices in 222 countries, with Brazil being the most impacted. Disruption efforts involved collaboration with Google and other partners to mitigate the threat's impact.

Pulse ID: 68434df5a7a61c7583cdec3f
Pulse Link: https://otx.alienvault.com/pulse/68434df5a7a61c7583cdec3f
Pulse Author: AlienVault
Created: 2025-06-06 20:22:13

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #BADBOX #BackDoor #Brazil #CyberSecurity #Google #InfoSec #OTX #OpenThreatExchange #Proxy #RAT #RCE #bot #AlienVault

BladedFeline: Whispering in the dark

ESET researchers have uncovered a cyberespionage campaign conducted by BladedFeline, an Iran-aligned APT group likely tied to OilRig. The group has been targeting Kurdish and Iraqi government officials since at least 2017, using various malicious tools including reverse tunnels, backdoors, and a malicious IIS module. Key malware includes the Whisper backdoor, which communicates via compromised email accounts, and PrimeCache, a malicious IIS module with similarities to OilRig's RDAT backdoor. The campaign also targeted a telecommunications provider in Uzbekistan. BladedFeline's sophisticated tactics and tools indicate a focus on maintaining strategic access to high-ranking officials for espionage purposes.

Pulse ID: 6842cae058bebf5552345481
Pulse Link: https://otx.alienvault.com/pulse/6842cae058bebf5552345481
Pulse Author: AlienVault
Created: 2025-06-06 11:02:56

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #Cyberespionage #ESET #Email #Espionage #Government #ICS #InfoSec #Iran #Malware #OTX #OilRig #OpenThreatExchange #RAT #Telecom #Telecommunication #bot #AlienVault