- 8 More Chrome Extensions Hijacked to Target 4.8 Million Users
- Chrometana (1.1.3)
- Infinity New Tab (3.12.3)
- CopyFish (2.8.5)
- Web Paint (1.2.1)
- Social Fixer (20.1.1)
Cyber Security Tips: Users are strongly recommended that avoid uninstalled the listed chrome extensions from your browser, change your passwords, clear your browsing data and avoid to open any malicious links and document.
- Backdoor Found in Popular Server Management Software used by Hundreds of Companies
Server management software’s are used by various organization to manage their servers. According to a latest report backdoor has been found in popular server management software. Dubbed ShadowPad is the secret backdoor which allows attackers complete control over networks hidden behind legit cryptographically signed software sold by NetSarang—used by hundreds of banks, media firms, energy companies, and pharmaceutical firms, telecommunication providers, transportation and logistics and other industries for 17 days starting last month. According to researchers at Kaspersky Labs, who discovered this well-hidden backdoor, someone managed to hijack the NetSarang’s update mechanism and silently insert the backdoor in the software update, so that the malicious code would silently deliver to all of its clients with NetSarang’s legitimate signed certificate. The activation of the backdoor was eventually triggered by a specially crafted DNS TXT record for a specific domain name. Once triggered, the command and control DNS server in return sends back the decryption key which is downloaded by the software for the next stage of the code, effectively activating the backdoor. Once activated, the ShadowPad backdoor provides a full backdoor for an attacker to download and run arbitrary code, create processes, and maintain a virtual file system (VFS) in the registry, which is encrypted and stored in locations unique to each victim. The affected NetSarang’s software packages are:
- Xmanager Enterprise 5.0 Build 1232
- Xmanager 5.0 Build 1045
- Xshell 5.0 Build 1322
- Xftp 5.0 Build 1218
- Xlpd 5.0 Build 1220
Cyber Security Tips: Users are strongly recommended that stop using this product until you update them. Make sure that the following domains should be blocked.