Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor | allinfosecnews.com

June 17, 2024, 6:28 a.m. | info@thehackernews.com (The Hacker News)

The Hacker News thehackernews.com

Legitimate-but-compromised websites are being used as a conduit to deliver a Windows backdoor dubbed BadSpace under the guise of fake browser updates.
"The threat actor employs a multi-stage attack chain involving an infected website, a command-and-control (C2) server, in some cases a fake browser update, and a JScript downloader to deploy a backdoor into the victim's system," German

actor attack attack chain backdoor browser cases command compromised control deploy downloader exploit fake fake browser hackers hackers exploit jscript server stage threat threat actor under update updates website websites windows

More from thehackernews.com / The Hacker News

Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware 3 hours ago | thehackernews.com

attacks china chinese cluster +20

Practical Guidance For Securing Your Software Supply Chain 4 hours ago | thehackernews.com

attackers attacks guidance integrity +15

Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping 4 hours ago | thehackernews.com

access actor apple apple patches +15

New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites 5 hours ago | thehackernews.com

caesar called card cipher +23

New Medusa Android Trojan Targets Banking Users Across 7 Countries 6 hours ago | thehackernews.com

android android banking trojan android trojan banking +20

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack 9 hours ago | thehackernews.com

ads attack block chinese +16

New Attack Technique Exploits Microsoft Management Console Files 1 day, 3 hours ago | thehackernews.com

artifact attack code code execution +20

How to Cut Costs with a Browser Security Platform 1 day, 4 hours ago | thehackernews.com

browser browser extensions browser security data +23

New Cyberthreat 'Boolka' Deploying BMANAGER Trojan via SQLi Attacks 1 day, 4 hours ago | thehackernews.com

actor attacks campaign countries +17

Information Technology Specialist I: Windows Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, California

View on infosec-jobs.com

Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA

View on infosec-jobs.com

Vice President, Controls Design & Development-7

@ State Street | Quincy, Massachusetts

View on infosec-jobs.com

Vice President, Controls Design & Development-5

@ State Street | Quincy, Massachusetts

View on infosec-jobs.com

Data Scientist & AI Prompt Engineer

@ Varonis | Israel

View on infosec-jobs.com

Contractor

@ Birlasoft | INDIA - MUMBAI - BIRLASOFT OFFICE, IN

View on infosec-jobs.com