BellaCPP: Discovering a new BellaCiao variant written in C++

Introduction BellaCiao is a .NET-based malware family that adds a unique twist to an intrusion, combining the stealthy persistence of a webshell with the power to establish covert tunnels. It surfaced for the first time in late April 2023 and has since been publicly attributed to the APT actor...

PT-2024-12430 · Apache · Apache Rocketmq

Name of the Vulnerable Software and Affected Versions: Apache RocketMQ affected versions not specified Description: The issue concerns a stealthy malware named perfctl, which targets millions of Linux servers. It exploits over 20,000 common misconfigurations and a critical vulnerability in Apache...

Glupteba Botnet Evades Detection with Undocumented UEFI Bootkit

The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface UEFI bootkit feature, adding another layer of sophistication and stealth to the malware. "This bootkit can intervene and control the operating system boot process, enabling Glupteba t...

SolarMarker Malware Uses Novel Techniques to Persist on Hacked Systems

In a sign that threat actors continuously shift tactics and update their defensive measures, the operators of the SolarMarker information stealer and backdoor have been found leveraging stealthy Windows Registry tricks to establish long-term persistence on compromised systems. Cybersecurity firm...

Slack: Relative Path Vulnerability Results in Arbitrary Command Execution/Privilege Escalation

Overview The Nebula clients for Darwin and Windows call relative paths in "exec.Command" to "ifconfig" and "route" executables on Darwin, and to "netsh" on Windows. These commands are entered using relative paths, not absolute paths such as /sbin/ifconfig. When a binary is run with a relative pat...