While some countries have found ways to detect and block traditional Tor connections, the Tor Project has developed WebTunnel to make it harder for censors to block connections by blending the traffic with HTTPS-encrypted web traffic.
The proxy trojan connects to a command and control server via DNS-over-HTTPS and supports creating TCP or UDP connections, indicating a sophisticated and wide-ranging campaign targeting multiple systems.
Certain devices’ SSH connections can be snooped on, allowing attackers to impersonate the equipment and observe users’ login details and activities. The vulnerability is caused by errors in signature generation.
ReversingLabs has identified connections between a malicious campaign that was recently discovered and reported by the firm Phylum and several hundred malicious packages published to the NuGet package manager since the beginning of August. The latest discoveries are evidence of what seems to be an ongoing and coordinated campaign. Furthermore, ReversingLabs research shows how malicious […]
In Q2 2023, 95% of malware now arrives over encrypted connections, endpoint malware volumes are decreasing despite campaigns growing more widespread, ransomware detections are declining amid a rise in double-extortion attacks, and older software vulnerabilities persist as popular targets for exploitation among modern threat actors, among other trends, according to WatchGuard. “The data analyzed by […]
Oct 04, 2023THNMobile Security / Spyware New findings have identified connections between an Android spyware called DragonEgg and another sophisticated modular iOS surveillanceware tool named LightSpy. DragonEgg, alongside WyrmSpy (aka AndroidControl), was first disclosed by Lookout in July 2023 as a strain of malware capable of gathering sensitive data from Android devices. It was attributed […]